Fortify scanning in Eclipse over maven projects

Question

I have the Eclipse plugin for Fortify. But it only runs on the Java projects.

We have some Java projects but they are Maven based non-Java projects. I can edit the .project file of the projects and change their type to Java to enable Fortify scanning. But is there a better way to run Fortify scans on Maven based projects?

EDIT Had to do following steps as mentioned in some of the posts below

• Install the Maven Fortify plugin
• Added Maven fortify Plugin details in my application pom
• Ran translate and scan commands. It generated fpr files under the projects
• Follow this helpful blog too http://fortify-maven.blogspot.in/

The only Question which I still have is:

I have multiple projects where an fpr file for each project is created. Can I have a consolidated fpr file being created for all the projects in one place?

Cheers, Saurav

Answer 1

Fortify has a plugin for Maven that you should be able to use. Check in this directory:

<Fortify Installation Folder>\Samples\advanced\maven-plugin

You compile the plugin into maven and then you can run the translate and scan commands from within Maven. That directory has sample code and the documentation is compiled when you build the plugin.