Fortify提供了maven插件的源代码.您需要构建它

Fortify provides source code for maven plugin. You need to build it

第1步构建强化插件

打开命令提示符

cd %FORTIFY_INSTALLATION_DIRECTORY%\HP_FORTIFY\HP_Fortify_SCA_and_Apps_3.90\Samples\advanced\maven-plugin

mvn clean install

构建成功后，强化插件将出现在您的本地存储库中

After sucessful build fortify plugin will be present into your local repository

步骤2将强化源代码分析器依赖项添加到项目pom文件中

Step # 2 Add fortify source code analyzer dependency to your project pom file

<build>
        <plugins>
            <plugin>
                <groupId>com.fortify.ps.maven.plugin</groupId>
                <artifactId>sca-maven-plugin</artifactId>
                <version>3.90</version>

            </plugin>

        </plugins>

    </build>

注意-确保您确认强化扫描插件的版本

Note - Make sure you verify fortify scan plugin version

FORTIFY_INSTALLATION_DIRECTORY%\HP_FORTIFY\HP_Fortify_SCA_and_Apps_3.90\Samples\advanced\maven-plugin\pom.xml

步骤3创建.frp/报告文件

Step # 3 Create .frp / report file

mvn sca:translate
mvn sca:scan

这将在目标目录中生成强化扫描报告文件

This will generate fortify scan report file in the target directory