Lieutenant
Lieutenant
4086 views

Maven Plugin not scanning Native C code

I am trying to execute a scan using the the maven plugin for 16.20.

The maven command calls out what is to be built, but the scan results are empty.

Example mvn command:

mvn -Dgoal=blah -Pxyz,native -Dfortify.sca.BuildID=BLAH-native com.hpe.security.fortify.maven.plugin:sca-maven-plugin:clean com.hpe.security.fortify.maven.plugin:sca-maven-plugin:translate com.hpe.security.fortify.maven.plugin:sca-maven-plugin:scan

Any assistance would be GREATLY appreciated.

I NEVER seem to get any feedback on here.

Joe

0 Likes
1 Reply
Vice Admiral
Vice Admiral

Only certain packaging types are supported by the plugin.
As of version 17.10, the maven plugin supports these packaging types:

  • apk
  • bundle
  • content-package
  • ear
  • eclipse-plugin
  • ejb
  • jar
  • maven-plugin
  • pom
  • rar
  • war
  • xcode
  • xcode-app
  • xcode-application
  • xcode-framework
  • xcode-lib
  • xcode-library
  • xcode-static-framework

I guess that your project is using some other packaging type?

If so, it isn't supported out of the box unfortunately. As the source for the maven plugin is shipped with SCA installations, it is possible to add support yourself for other packaging types, or you can submit an enhancement request to support (https://support.fortify.com or email fortifytechsupport@hpe.com); though there's no guarantee it'll be accepted.

-Josh

Fortify L3 Support engineer

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.