Launch Fortify to scan multiple maven projects

Question

Launch Fortify to scan multiple maven projects

I have several projects connected by one parent pom.

If I run a fortification check on my parent pump using the Maven fortify plugin, fpr files are generated for each project. I would like to create one fpr file for all projects. Is it possible?

Thanks and Regards, Saurav

+4

fortify

saurav Apr 22 '15 at 17:02

source share

1 answer

Eric · Accepted Answer · 2015-04-22T20:39:55+0000

What you want to do is aggregate assembly. Try setting the same assembly identifier for each module, and then pass the value -Dfortify.sca.toplevel.artifactId as the artifactID of the parent POM. This should give you one FPR file. It should look like this:

mvn clean
mvn -Dfortify.sca.buildId=ACMEPortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:clean
mvn -Dfortify.sca.buildId=ACMEPortal package com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:translate
mvn -Dfortify.sca.Xmx=800M -Dfortify.sca.buildId=ACMEPortal -Dfortify.sca.toplevel.artifactId=AcmePortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:scan

Launch Fortify to scan multiple maven projects

More articles: