-
-
Save bjm243/968db6317aca565a367c to your computer and use it in GitHub Desktop.
Running Fortify from Gradle build. These are the snippets of code you can add to your build.gradle to run the analyzer and spit out a Fortify *.fpr file. Fortify is not F/OSS, so you (your company) will need a license, so the dependencies won't be out in public repo's. You will have to add it to your company's private repo (e.g. Artifactory).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Add a new configuration | |
| configurations { | |
| fortify { extendsFrom compile } | |
| } | |
| // pull in the fortify libs for the new configuration | |
| dependencies { | |
| fortify 'com.fortify:sourceanalyzer:3.90' | |
| } | |
| // the 2 new tasks | |
| task fortifySetup(dependsOn: clean) << { | |
| ant.properties['build.compiler']='com.fortify.dev.ant.SCACompiler' | |
| ant.typedef(name: 'sca', classname: 'com.fortify.dev.ant.SourceanalyzerTask', | |
| classpath: configurations.fortify.asPath) | |
| } | |
| task fortifyReport(dependsOn: compileJava) << { | |
| ant.sca(jdk:"1.7", | |
| debug:true , | |
| verbose:true , | |
| failonerror:true , | |
| scan:true , | |
| logFile:file("$buildDir/reports/fortify/Fortify.log"), | |
| resultsFile:file("$buildDir/reports/fortify/<<name of your FPR file here>>.fpr") | |
| ){ | |
| fileset(dir:'src/main') { | |
| include(name:'**/*.java') | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment