Maven Plugin not scanning Native C code
I am trying to execute a scan using the the maven plugin for 16.20.
The maven command calls out what is to be built, but the scan results are empty.
Example mvn command:
mvn -Dgoal=blah -Pxyz,native -Dfortify.sca.BuildID=BLAH-native com.hpe.security.fortify.maven.plugin:sca-maven-plugin:clean com.hpe.security.fortify.maven.plugin:sca-maven-plugin:translate com.hpe.security.fortify.maven.plugin:sca-maven-plugin:scan
Any assistance would be GREATLY appreciated.
I NEVER seem to get any feedback on here.
Only certain packaging types are supported by the plugin.
As of version 17.10, the maven plugin supports these packaging types:
I guess that your project is using some other packaging type?
If so, it isn't supported out of the box unfortunately. As the source for the maven plugin is shipped with SCA installations, it is possible to add support yourself for other packaging types, or you can submit an enhancement request to support (https://support.fortify.com or email firstname.lastname@example.org); though there's no guarantee it'll be accepted.
Fortify L3 Support engineer