Code Monkey home page Code Monkey logo

gradle-fortify-plugin's Introduction

gradle-fortify-plugin

A Gradle plugin for building and publishing of Fortify artifacts for a static security analysis.

This is a rewrite of https://github.com/sw-samuraj/gradle-fortify-plugin

Applying the plugin

Gradle 2.1+

plugins {
    id "com.github.fortify-gradle" version "0.1.0-SNAPSHOT"
}

All Gradle versions (or local repository)

buildscript {
    repositories {
        maven {
            url "https://plugins.gradle.org/m2/"
        }
    }
    dependencies {
        classpath "com.github.bschramke:gradle-fortify-plugin:0.1.0-SNAPSHOT"
    }
}

apply plugin: "com.github.fortify-gradle"

Using the plugin

Prerequisities

Java plugin

The plugin is meant for analysis of Java source code. Therefore expects an application of the Java plugin and by default is processing Java source sets, excluding test source code.

Moreover, it re-uses sourceCompatibility property inherited from the Java plugin.

sourceanalyzer

The plugin requires that you have a local installation of the sourceanalyzer tool and that this command is available on $PATH.

Tasks

fortify

fortify task runs the following commands:

sourceanalyzer -b <Fortify build ID> -clean
sourceanalyzer -b <Fortify build ID> -source <source compatibility> -cp <project compile classpath> src/**/*.java -exclude src/test/**/*.java
sourceanalyzer -b <Fortify build ID> -build-label <project version> -export-build-session build/fortify/<Fortify build ID>@<project version>.mbs
sourceanalyzer -b <Fortify build ID> -scan -f build/fortify/<project-name>-<project-version>.fpr

Result of this task will be a <project-name>-<project-version>.fpr file, located in the build/fortify directory. The <project-name>-<project-version>.fpr file can be then uploaded to Fortify Security Center via scp, or Jenkins.

If you want to see exact sourceanalyzer commands, you can run Gradle with -i, or --info switch:

$ gradle clean fortify --info

Config options

fortifyBuildID

There must be a fortify part in the build.gradle file which defines a mandatory parameter fortifyBuildID.

fortify {
    fortifyBuildID = 'my-fort-proj'
}

sourceCompatibility

The sourceCompatibility property is inherited from the Java plugin. It can be explicitly set via standard Java plugin configuration:

plugins {
    id 'java'
}

sourceCompatibility = 1.8

Example

Usage of the plugin and example project can be found in the example directory.

License

The gradle-fortify-plugin is published under BSD 3-Clause license.

gradle-fortify-plugin's People

Contributors

sw-samuraj avatar bschramke avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.