-
Notifications
You must be signed in to change notification settings - Fork 8
/
README.TXT
executable file
·106 lines (84 loc) · 4.35 KB
/
README.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
================================================================
Sofware Name: sca-maven-plugin - ver. 4.20
================================================================
[ Software Name ] sca-maven-plugin
[ Version ] 4.20
[ Organization ] HP Enterprise Security Products
[ Organization URL ] http://www.hpenterprisesecurity.com
[ Build Environment ] JDK 1.6.0_37, Maven 3.0.5
[ Operation Environment ] Same as HP Fortify v4.20
[ Last Modified ] 2014-04-01
----------------------------------------------------------------
<< Introduction >>
sca-maven-plugin is a maven-plugin for providing sca's clean, translation, scan and upload functionality.
<< System Operating Environment >>
sca-maven-plugin supports Maven 2.0.11, 2.2.1 and 3.0.5.
<< Preparation >>
For Maven 2.0.11 or 2.2.1, you need to modify TranslationMojo.java as follows.
16: import org.apache.maven.plugin.PluginManager: // For Maven 2.0 and 2.2
17: //import org.apache.maven.plugin.BuildPluginManager; // For Maven 3.0
242: private PluginManager pluginManager; // For Maven 2.0 and 2.2
243: // private BuildPluginManager pluginManager; // For Maven 3.0
For Maven 3.0.5, you don't need to modify the source file.
<< Installation >>
To install the package into the local repository, for use as a dependency in other projects locally:
1. If you already have the package
$mvn install
2. If you don't have the package
$mvn clean package install
<< Uninstallation >>
To unisntall the package from the local repository, please delete sca-maven-plugin from the local repository manually.
<< Usage >>
There are two usages. For detail, please refer to javadoc in target/site.
<< Usage 1>>
Use as maven-plugin.
Install target application in the local repository:
$mvn install
Clean:
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:<ver>:clean
or
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:clean
or
$mvn sca:clean
Translate:
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:<ver>:translate
or
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:translate
or
$mvn sca:translate
Scan:
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:<ver>:scan
or
$mvn com.fortify.ps.maven.plugin:sca-maven-plugin:scan
or
$mvn sca:scan
Note1: If you don't specify <ver>, maven always call the latest version of sca-maven-plugin in the local repository.
Note2: sca-maven-plugin searchs jar file from the local repository and try to resolve classes in your application.
So if maven project is multiple project, please install your project before executing sca-maven-plugin.
Note3: If you want to use short goal name, please put setting.xml in the local repository.
So you can execute sca-maven-plugin as follows.
$mvn sca:translate
<< Usage 2>>
Use Maven Integration feature like Ant Integration.
SCA provides various build integration such as Ant Integration, make Integration, devenv integration and so on.
You can also use sca-maven-plugin as follows.
Install target application in the local repository:
$mvn install
Clean:
$sourceanalyzer -b <build id> -clean
Translate:
$sourceanalyzer -b <build id> [sca build options] mvn
or
$sourceanalyzer -b <build id> [sca build options] mvn com.fortify.ps.maven.plugin:sca-maven-plugin:<ver>:translate
or
$sourceanalyzer -b <build id> [sca build options] mvn com.fortify.ps.maven.plugin:sca-maven-plugin:translate
or
$sourceanalyzer -b <build id> [sca build options] mvn sca:translate
Scan:
$sourceanalyzer -b <build id> [sca scan options] -scan -f result.fpr
Note1: In this usage, Maven Integration only supports translation.
Note2: sca-maven-plugin searchs jar file from the local repository and try to resolve classes.
So if maven project is multiple project, please install your project before executing sca-maven-plugin.
<< Samples >>
The tests can be run on any projects that use Maven.
(For instance those included in the samples directory, or WebGoat 5.3: http://code.google.com/p/webgoat/)