The source code of the plug-in is available within the Samples folder of the fortify installation as shown below.
Make sure you have Maven installed.
Once the commands run, you should be able to see the jar successfully built.
At this point, you can browse the .m2 folder and see that the plugin has been installed in your local Maven repository.
Now that the plugin is installed, you can easily translate, and scan using Fortify on all your Maven projects.
A few other posts on Fortify can be found here: