Maven Project는 Fortify SCA에서 Maven 플러그인을 통해 분석이 가능하다. 1. Maven 플러그인 설치 방법 mkdir /tmp/maven-plugins cd <$FORTIFY_HOME>/plugins/maven tar -C /tmp/maven-plugins -xvzf maven-plugin-bin.tar.gz cd /tmp/maven-plugins mvn install:install-file -Dfile=pom.xml -DpomFile=pom.xml mvn install:install-file -Dfile=xcodebuild/pom.xml -DpomFile=xcodebuild/pom.xml mvn install:install-file -Dfile=sca-maven-plugin/sca-maven-plugin-20.1.1.jar -DpomFile=sca-maven-plugin/pom.xml 2. 설치 테스트 cd <$FORTIFY_HOME>/plugins/maven/samples/EightBall # Clean mvn com.fortify.sca.plugins.maven:sca-maven-plugin:clean \ -Dfortify.sca.buildId=test # Translate mvn -f ./pom.xml clean compile com.fortify.sca.plugins.maven:sca-maven-plugin:translate \ -Dfortify.sca.buildId=test \ -Dfortify.sca.verbose=true \ -Dfortify.sca.translateLogfile="/tmp/t.log" \ -Dfortify.sca.Xmx=16G \ -Dfortify.sca.Xss=16M # Export BuildSession sourceanalyzer -b test -export-build-session "/tmp/t.mbs" 3. Plug-in 설치 위치 <Home Directory>/.m2/repository/com/fortify/sca/plugins/maven