fortify eclipse plugin not scans coldfusion project

Question

I installed Fortify s/w and added fortify plugins to eclipse, then I got 'HP Fortify' menu, but the option 'Analyze Project' is disabled while I select coldfusion project(Test) in project explorer. where as this option is enabled for java project and scans successfully for java project. Please suggest me how to scan coldfusion project using eclipse with fortify plugin support

Answer 1

You can only scan Java projects with the Eclipse plugin.

If you scanned the ColdFusion another way (commandline, Scan Wizard, etc.) you can load the results into eclipse.

If you wanted to scan using commandline, here are the three commands you would need to run:

:: Clean work space
sourceanalyzer -b mybuild -clean

:: Translate source code
sourceanalyzer -b mybuild -source-base-dir /www/app "/www/app/**/*.cfm"

:: Perform analysis
sourceanalyzer -b mybuild -scan -f results.fpr

These commands are being run from the root folder of the ColdFusion project (relative paths), you can also use absolute paths if you wanted to run from somewhere else.

The option mybuild can be anything, it just needs to be consistent between the three lines.

More information on scanning can be found in the SCA User's Guide and sourceanalyzer -h