Integrating with Ant

Fortify Static Code Analyzer provides an easy way to translate Java source files for projects that use an Ant build file. You can apply this integration on the command line without modifying the Ant build.xml file. When the build runs, Fortify Static Code Analyzer intercepts all javac task invocations and translates the Java source files as they are compiled. Make sure that you pass any properties to Ant by adding them to the ANT_OPTS environment variable. Do not include them in the sourceanalyzer command.

Note: You must translate any JSP files, configuration files, or any other non-Java source files that are part of the application in a separate step.

To use the Ant integration, make sure that the sourceanalyzer executable is on the system PATH.

Prepend your Ant command-line with the sourceanalyzer command as follows:

sourceanalyzer -b <build_id> ant [<ant_options>]