Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Running Fortify scan over multiple maven projects

Tags:

fortify

I have multiple projects bound by a single parent pom.

If i run fortify scan on parent pom using Maven fortify plugin, fpr files for each project is generated. I would like to have a single fpr file being generated for all the projects. Is it possible ?

Thanks and Regards, Saurav

like image 768
saurav Avatar asked Apr 22 '15 17:04

saurav

1 Answers

What you want to do is an aggregate build. Try setting the same build ID for each module and then pass the -Dfortify.sca.toplevel.artifactId as the artifactID of the parent POM. This should give you a single FPR file. It should look like:

mvn clean
mvn -Dfortify.sca.buildId=ACMEPortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:clean
mvn -Dfortify.sca.buildId=ACMEPortal package com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:translate
mvn -Dfortify.sca.Xmx=800M -Dfortify.sca.buildId=ACMEPortal -Dfortify.sca.toplevel.artifactId=AcmePortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:scan
like image 60
Eric Avatar answered Oct 13 '22 01:10

Eric
Sign in to Comment

Related questions

Is Visual Studio required to run Fortify on .net sources?
How to fix Fortify Race Condition: Singleton Member Field issue

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!