I have multiple projects bound by a single parent pom.
If i run fortify scan on parent pom using Maven fortify plugin, fpr files for each project is generated. I would like to have a single fpr file being generated for all the projects. Is it possible ?
Thanks and Regards, Saurav
What you want to do is an aggregate build. Try setting the same build ID for each module and then pass the -Dfortify.sca.toplevel.artifactId as the artifactID of the parent POM. This should give you a single FPR file. It should look like:
mvn clean
mvn -Dfortify.sca.buildId=ACMEPortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:clean
mvn -Dfortify.sca.buildId=ACMEPortal package com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:translate
mvn -Dfortify.sca.Xmx=800M -Dfortify.sca.buildId=ACMEPortal -Dfortify.sca.toplevel.artifactId=AcmePortal com.fortify.ps.maven.plugin:sca-maven-plugin:<version>:scan
来源:https://stackoverflow.com/questions/29804335/running-fortify-scan-over-multiple-maven-projects