dnraikes
Reputation: 335
Fortify running a scan spanning several code repositories but generating a single report
I am working with a project that consists of several (3 or 4) git repositories. Each repository uses maven to build it.
I need to run fortify against all the repositories, but I want just a single fpr report containing the results for all the repositories not one per repository.
Is there a recommended way to do this? Note: there is no overarching pom.xml that builds the entire application just individual pom.xml files for each repository.
Any tips would be appreciated. We are using Fortify 16.11 on a Linux server.
Upvotes: 1
Views: 768
Answers (1)
SBurris
Reputation: 7448
Translate all the repositories into the same build id (-b <build_id>).
Once they are all translated, run the -scan command on that <build_id>
Upvotes: 1
Related Questions
- Running Fortify scan over multiple maven projects
- Excluding Test Projects from Fortify Scan in Azure DevOps
- Fortify Scan Engine Version effect on results
- HP Fortify - How to re-scan a project using analysis results from a previous scan on a different machine
- preventing false positives in fortify scan
- HP Fortify scan on Multiple branch
- Running fortify scan without losing previous analysis
- How do I generate a report that has all the issues?
- Combine cobertura code coverage reports of three separate projects
- How to skip selected error reported by fortify source code analyzer?