How can I use Fortify 360 wtih gradle


(Suneetha Yanala) #1

My project uses Fortify for security testing. It need to be run in the build time. How can use this tool with gradle. Do we have any plugin available for it?


(Peter Niederwieser) #2

A Google search didn’t turn up anything. If Fortify offers an Ant task or command-line utility, it should be straightforward to integrate. Another option might be to use Fortify together with Sonar and Gradle’s Sonar integration.


(Suneetha Yanala) #3

Fortify provides ant task.

I am trying to execute ant task from gradle as follows

configurations {

sourceanalyzer //

classpath compile

} dependencies {

sourceanalyzer group: ‘sourceanalyzer’, name: ‘sourceanalyzer’

sourceanalyzer fileTree(dir: ‘c:/sun/local-repo’, include: ‘sourceanalyzer.jar’) } repositories {

flatDir(dirs: ‘c:/sun/local-repo’) }

task sourceanalyzer {

def buildid = “mybuild”

println buildid

println configurations.compile.asPath

ant.typedef(name: ‘sourceanalyzer’, classname: ‘com.fortify.dev.ant.SourceanalyzerTask’, classpath: configurations.sourceanalyzer.asPath)

ant.sourceanalyzer(buildid: buildid , jdk: “1.5”) {

fileset(dir: ‘src’) {

include(name: ‘**.*’)

}

//

classpath(refid: “c:/sun/local-repo”)

} // ant.sourceanalyzer(buildid: buildid , jdk: “1.5” , scan: “true”, findbugs: “true” , javaBuildDir: $buildDir, resultsfile:"$fortify_reports"+"/issues.fpr", htmlReport: “true” )

}

But I see the error below. And sourceanalyzer.jar is in local repository. Its not executing ant task. The errors follows as

  • What went wrong: A problem occurred evaluating root project ‘OnBoardingWeb’. > Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on your PATH.

  • Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

Please let me know what am I missing in executing the task?


(Peter Niederwieser) #4

Can you please post again and format source code and build output appropriately (HTML code tags). Thanks.


(Suneetha Yanala) #5

configurations {

sourceanalyzer

// classpath

compile

}

dependencies {

sourceanalyzer group: ‘sourceanalyzer’, name: ‘sourceanalyzer’

sourceanalyzer fileTree(dir: ‘c:/sun/local-repo’, include: ‘sourceanalyzer.jar’)

}

repositories {

flatDir(dirs: ‘c:/sun/local-repo’)

}

task sourceanalyzer {

def buildid = “mybuild”

println buildid

println configurations.compile.asPath

ant.typedef(name: ‘sourceanalyzer’, classname: ‘com.fortify.dev.ant.SourceanalyzerTask’, classpath: configurations.sourceanalyzer.asPath)

ant.sourceanalyzer(buildid: buildid , jdk: “1.5”) {

fileset(dir: ‘src’) {

include(name: ‘*.’)

}

// classpath(refid: “c:/sun/local-repo”)

}

// ant.sourceanalyzer(buildid: buildid , jdk: “1.5” , scan: “true”, findbugs: “true” , javaBuildDir: $buildDir, resultsfile:"$fortify_reports"+"/issues.fpr", htmlReport: “true” )

}

Error as follows

  • What went wrong:

A problem occurred evaluating root project ‘OnBoardingWeb’.

Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on your

PATH.

  • Try:

Run with --stacktrace option to get the stack trace. Run with --info or --debug

option to get more log output.


(Peter Niederwieser) #6

That’s still not formatted. Anyway, the whole body of the ‘sourceanalyzer’ task needs to be wrapped with ‘doLast { … }’. Not sure if it solves the problem, but it’s a step forward.


(Suneetha Yanala) #7

This is not working. I am using gradle 1.7. When I use doLast I get the same error

Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on your PATH.


(Suneetha Yanala) #8

After creatin taskdef its not finding the task. Please let me know if I need to set any path or classpath specifically anywhere in for this ant task jar file.


(Benjamin Muschko) #9

I don’t think the dependency can be resolved. It might be easier to get started with a dependency on Maven Central or an internal in-house repository. Is this the correct one by any chance?