Skip to content

Instantly share code, notes, and snippets.

@bennybauer

bennybauer/build.gradle

Forked from ran488/build.gradle
Last active September 15, 2016 21:15
Show Gist options
  • Save bennybauer/cce6dec12f9c55ec27d4 to your computer and use it in GitHub Desktop.
Save bennybauer/cce6dec12f9c55ec27d4 to your computer and use it in GitHub Desktop.
Download ZIP
Running Fortify from Gradle build. These are the snippets of code you can add to your build.gradle to run the analyzer and spit out a Fortify *.fpr file. Fortify is not F/OSS, so you (your company) will need a license, so the dependencies won't be out in public repo's. You will have to add it to your company's private repo (e.g. Artifactory).
Raw
build.gradle
// Fortify configuration
configurations {
fortify { extendsFrom compile }
}
// pull in the fortify libs for the new configuration
dependencies {
fortify 'com.fortify:sourceanalyzer:3.90'
}
task fortifyReport(dependsOn: compileJava) << {
ant.properties['build.compiler']='com.fortify.dev.ant.SCACompiler'
ant.typedef(name: 'sca', classname: 'com.fortify.dev.ant.SourceanalyzerTask', classpath: configurations.fortify.asPath)
ant.sca(jdk:"1.7",
debug:true ,
verbose:true ,
failonerror:true ,
scan:true ,
logFile:file("$buildDir/reports/fortify/Fortify.log"),
resultsFile:file("$buildDir/reports/fortify/${project.name}.fpr")
){
fileset(dir:'src/main') {
include(name:'**/*.java')
}
}
}
@jaumard
Copy link

jaumard commented Apr 13, 2016

This is not working with last version of gradle any idea about this ?
Here is my config :

configurations {
    deployerJars
    fortify { extendsFrom JavaCompile }
}
dependencies {
    deployerJars "org.apache.maven.wagon:wagon-ssh:2.2"
    fortify fileTree(dir: '/home/devuser/HP_Fortify/HP_Fortify_SCA_and_Apps_4.42/Core/lib', include: '*.jar')
}

buildscript {
    repositories {
        maven { url 'https://maven.fabric.io/public' }
        maven {
            url "http://compil001.dev.gen01.ke.p.fti.net:8081/nexus/content/repositories/central/"
        }
        maven {
            credentials {
                username 'deploymentMail'
                password 'dopmail'
            }
            url "http://compil001.dev.gen01.ke.p.fti.net:8081/nexus/content/repositories/OrangeDopMailContrib/"
        }
        mavenCentral()
    }
dependencies {
        classpath 'io.fabric.tools:gradle:1.20.1'
        classpath 'com.android.tools.build:gradle:1.5.0'
        classpath 'net.researchgate:gradle-release:2.1.2'
        classpath fileTree(dir: '/home/devuser/HP_Fortify/HP_Fortify_SCA_and_Apps_4.42/Core/lib', include: '*.jar')
    }
}

task fortifyReport(dependsOn: compileJava) << {
    ant.properties['build.compiler']='com.fortify.dev.ant.SCACompiler'
    ant.typedef(name: 'sca', classname: 'com.fortify.dev.ant.SourceanalyzerTask', classpath: configurations.fortify.asPath)
    ant.sca(jdk:"1.7",
       debug:true ,
       verbose:true ,
       failonerror:true ,
       scan:true ,
       logFile:file("$buildDir/reports/fortify/Fortify.log"),
       resultsFile:file("$buildDir/reports/fortify/${project.name}.fpr")
    ){
       fileset(dir:'src/') {
          include(name:'**/*.java')
       }
    }
}

I have the following error :

 What went wrong:
A problem occurred evaluating root project 'myproject'.
> Could not find method fortify() for arguments [build_9004c278o0gn1fbty5maawuap$_run_closure1_closure11@3a196f27] on root project 'myproject'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment