Absent Member.
Absent Member.
4314 views

Opensource Fortify SCA Maven plugin

Put the code on github and allow ppl to do pull requests

0 Likes
6 Replies
Commodore
Commodore

In addition to the Maven plugin, the Ant task, wsclient, and fortify annotations should be open sourced as well and published to an artifact repository (i.e. Maven Central, bintray, etc).

0 Likes
Absent Member.
Absent Member.

This is a great idea, we have had problems with the Maven plugin and had to make modifications.  It would be great if we could upstream the fixes.

0 Likes
Absent Member.
Absent Member.

Hi guys, for the Maven plugin you can find the source itself within the SCA install. It's tucked away in:
<SCA install dir>\Samples\advanced\maven-plugin

Similarly the source for the wsclient comes with the SSC bundle under:

<SSC zip>\HP-Fortify-Server-WAR\Samples\WSClient


I will follow up with our Product Manager as to whether there's any plans to release the source for any of the other pieces mentioned by Steve and also whether there's plans to publish these to an external repository.

0 Likes
Absent Member.
Absent Member.

Hi Steve, absolutly!. Could you add those as seperate ideas so ppl can vote for them?

0 Likes
Commodore
Commodore

One of the issues a lot of users have is that they end up making customizations to the Maven plugin and there's not way to provide those changes upstream so others can benefit.

For users just getting started with Fortify, it would be ideal if not only the plugin was open sourced, but the official binary available in Maven Central.

Absent Member.
Absent Member.

On a slightly unrelated general security tip, be careful when building your projects with open source compiled jars. :-). A nice addition to your fortify SLC 🙂

http://www.slideshare.net/davidjorm/tracking-vulnerable-jars

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.