I have done both and have not encountered too many problems. The one thing that you might want to consider removing plugin management in the Fortify profiles. Otherwise you have to declare the sca plugin in every module during an aggregate scan
On Wed, Apr 28, 2010 at 11:09 AM, Anders Hammar <and...@hammar.net> wrote: > I was asked to look into this and is basically wondering about any gotchas. > Any issues you've encountered? > > Have you used it integrated in the build process through a profile, or have > you just used the plugin from command line (mvn sca:scan and similar)? > > /Anders > > On Wed, Apr 28, 2010 at 19:24, Larry Suto <larry.s...@gmail.com> wrote: > > > Hi I have integrated that plugin into many projects. What are you trying > to > > do? > > > > On Wed, Apr 28, 2010 at 2:11 AM, Anders Hammar <and...@hammar.net> > wrote: > > > > > To follow up on my own thread. It turns out that the actually do have > > their > > > own plugin (maven-sca-plugin). Anyone with experience of that? > > > > > > /Anders > > > > > > On Wed, Apr 28, 2010 at 09:32, Anders Hammar <and...@hammar.net> > wrote: > > > > > > > I was asked about integrating Fortify (Fortify 360) in the Maven > build > > > > process. Anyone here with any experience of that? > > > > A found an open source Maven plugin, but someone said that Fortify > has > > > one > > > > of their own... > > > > > > > > /Anders > > > > > > > > > >
