In addition to the Maven plugin, the Ant task, wsclient, and fortify annotations should be open sourced as well and published to an artifact repository (i.e. Maven Central, bintray, etc).

This is a great idea, we have had problems with the Maven plugin and had to make modifications.  It would be great if we could upstream the fixes.

Hi guys, for the Maven plugin you can find the source itself within the SCA install. It's tucked away in:
<SCA install dir>\Samples\advanced\maven-plugin

Similarly the source for the wsclient comes with the SSC bundle under:

<SSC zip>\HP-Fortify-Server-WAR\Samples\WSClient

I will follow up with our Product Manager as to whether there's any plans to release the source for any of the other pieces mentioned by Steve and also whether there's plans to publish these to an external repository.

Hi Steve, absolutly!. Could you add those as seperate ideas so ppl can vote for them?

One of the issues a lot of users have is that they end up making customizations to the Maven plugin and there's not way to provide those changes upstream so others can benefit.

For users just getting started with Fortify, it would be ideal if not only the plugin was open sourced, but the official binary available in Maven Central.

On a slightly unrelated general security tip, be careful when building your projects with open source compiled jars. :-). A nice addition to your fortify SLC 🙂

http://www.slideshare.net/davidjorm/tracking-vulnerable-jars