Tuesday, January 7, 2014

Installing Maven Fortify Plugin

The Maven Fortify Plugin supports Maven 2.0.X, 2.2.X and 3.0.X versions. The Plugin provides functionality to translate, scan and upload using Fortify's Source Code Analyzer or SCA as it is commonly called.

The source code of the plug-in is available within the Samples folder of the fortify installation as shown below.

Make sure you have Maven installed.

If the Maven Fortify Plugin has never been installed, run the Maven clean package and install commands as shown below:

 Once the commands run, you should be able to see the jar successfully built.

At this point, you can browse the .m2 folder and see that the plugin has been installed in your local Maven repository.

Now that the plugin is installed, you can easily translate, and scan using Fortify on all your Maven projects. 

A few other posts on Fortify can be found here: