My project uses Fortify for security testing. It need to be run in the build time. How can use this tool with gradle. Do we have any plugin available for it?
A Google search didn’t turn up anything. If Fortify offers an Ant task or command-line utility, it should be straightforward to integrate. Another option might be to use Fortify together with Sonar and Gradle’s Sonar integration.
Fortify provides ant task.
I am trying to execute ant task from gradle as follows
configurations {
sourceanalyzer //
classpath compile
} dependencies {
sourceanalyzer group: ‘sourceanalyzer’, name: ‘sourceanalyzer’
sourceanalyzer fileTree(dir: ‘c:/sun/local-repo’, include: ‘sourceanalyzer.jar’) } repositories {
flatDir(dirs: ‘c:/sun/local-repo’) }
task sourceanalyzer {
def buildid = “mybuild”
println buildid
println configurations.compile.asPath
ant.typedef(name: ‘sourceanalyzer’, classname: ‘com.fortify.dev.ant.SourceanalyzerTask’, classpath: configurations.sourceanalyzer.asPath)
ant.sourceanalyzer(buildid: buildid , jdk: “1.5”) {
fileset(dir: ‘src’) {
include(name: ‘**.*’)
}
//
classpath(refid: “c:/sun/local-repo”)
} // ant.sourceanalyzer(buildid: buildid , jdk: “1.5” , scan: “true”, findbugs: “true” , javaBuildDir: $buildDir, resultsfile:"$fortify_reports"+"/issues.fpr", htmlReport: “true” )
}
But I see the error below. And sourceanalyzer.jar is in local repository. Its not executing ant task. The errors follows as
-
What went wrong: A problem occurred evaluating root project ‘OnBoardingWeb’. > Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on your PATH.
-
Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.
Please let me know what am I missing in executing the task?
Can you please post again and format source code and build output appropriately (HTML code tags). Thanks.
|
configurations { sourceanalyzer // classpath compile } dependencies { sourceanalyzer group: ‘sourceanalyzer’, name: ‘sourceanalyzer’ sourceanalyzer fileTree(dir: ‘c:/sun/local-repo’, include: ‘sourceanalyzer.jar’) } repositories { flatDir(dirs: ‘c:/sun/local-repo’) } task sourceanalyzer { def buildid = “mybuild” println buildid println configurations.compile.asPath ant.typedef(name: ‘sourceanalyzer’, classname: ‘com.fortify.dev.ant.SourceanalyzerTask’, classpath: configurations.sourceanalyzer.asPath) ant.sourceanalyzer(buildid: buildid , jdk: “1.5”) { fileset(dir: ‘src’) { include(name: ‘*.’) } // classpath(refid: “c:/sun/local-repo”) } // ant.sourceanalyzer(buildid: buildid , jdk: “1.5” , scan: “true”, findbugs: “true” , javaBuildDir: $buildDir, resultsfile:"$fortify_reports"+"/issues.fpr", htmlReport: “true” ) } |
Error as follows
A problem occurred evaluating root project ‘OnBoardingWeb’. Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on yourPATH.
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. |
That’s still not formatted. Anyway, the whole body of the ‘sourceanalyzer’ task needs to be wrapped with ‘doLast { … }’. Not sure if it solves the problem, but it’s a step forward.
This is not working. I am using gradle 1.7. When I use doLast I get the same error
Unable to execute sourceanalyzer. Please make sure sourceanalyzer is on your PATH.
After creatin taskdef its not finding the task. Please let me know if I need to set any path or classpath specifically anywhere in for this ant task jar file.
I don’t think the dependency can be resolved. It might be easier to get started with a dependency on Maven Central or an internal in-house repository. Is this the correct one by any chance?