{"id":23624768,"url":"https://github.com/hcl-tech-software/ounce-maven-plugin","last_synced_at":"2026-03-09T08:31:27.192Z","repository":{"id":39485563,"uuid":"84146558","full_name":"HCL-TECH-SOFTWARE/ounce-maven-plugin","owner":"HCL-TECH-SOFTWARE","description":"Maven plugin for integrating with HCL AppScan Source","archived":false,"fork":false,"pushed_at":"2023-09-26T19:43:15.000Z","size":249,"stargazers_count":9,"open_issues_count":8,"forks_count":11,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-02-16T23:30:06.980Z","etag":null,"topics":["appscan","appscan-source"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HCL-TECH-SOFTWARE.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-07T02:46:52.000Z","updated_at":"2022-02-03T13:58:25.000Z","dependencies_parsed_at":"2022-07-29T09:08:55.122Z","dependency_job_id":null,"html_url":"https://github.com/HCL-TECH-SOFTWARE/ounce-maven-plugin","commit_stats":null,"previous_names":["hclproducts/ounce-maven-plugin"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Founce-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Founce-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Founce-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HCL-TECH-SOFTWARE%2Founce-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HCL-TECH-SOFTWARE","download_url":"https://codeload.github.com/HCL-TECH-SOFTWARE/ounce-maven-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239525578,"owners_count":19653360,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appscan","appscan-source"],"created_at":"2024-12-27T21:16:25.512Z","updated_at":"2026-03-09T08:31:27.122Z","avatar_url":"https://github.com/HCL-TECH-SOFTWARE.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HCL AppScan Source Maven Plug-in\n\nEasily integrate security testing into your Maven builds using the ounce-maven-plugin and AppScan Source.\n\n# Prerequisites\n\n- Java 1.7 or higher.\n- Maven 3.0 or higher\n\n# Usage\n\nThe ounce-maven-plugin supports 7 goals:\n\n1. \u003cb\u003eounce:application\u003c/b\u003e\n2. \u003cb\u003eounce:project\u003c/b\u003e\n3. \u003cb\u003eounce:help\u003c/b\u003e\n4. \u003cb\u003eounce:report\u003c/b\u003e\n5. \u003cb\u003eounce:scan\u003c/b\u003e\n6. \u003cb\u003eounce:publishASE\u003c/b\u003e\n7. \u003cb\u003eounce:project-only\u003c/b\u003e\n\nounce:application\u003cbr\u003e\n  This mojo generates an Ounce application file. It will automatically include\n  all child modules as projects. This list make be modified using the includes\n  and excludes patterns. Projects that are external to this build may be\n  included directly using the externalProjects list. External Applications may\n  also be included. All of their modules will be inherted as part of this\n  application file. Those projects may also be filtered upon import.\n\n  Available parameters:\n\n    appDir (Default: ${basedir})\n      Specifies the directory where to create the paf file\n      Expression: ${ounce.appDir}\n\n    appName (Default: ${project.artifactId})\n      Specifies the directory where to create the paf file\n      Expression: ${ounce.appName}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    excludes\n      An array of directories containing the pom file of any projects to\n      exclude. Excludes can contain standard Ant-style wildcards.\n      Excludes only apply to inherited modules, not external projects. The\n      current project is not filtered.\n\n    externalApplications\n      Allows you to include projects from multiple applications. The external\n      application properties are not inherited, and the external application\n      must already exist.\n      externalApplications is a list of directories containing top-level pom\n      files.\n      The format for externalApplications is:\n      pathname,[includes|includes],[excludes|excludes]\n      Where:\n      \n      - pathname, includes, and excludes are comma delimited; if you have\n        excludes, but no includes, use two commas.\n      - Multiple includes or excludes are separated by pipes (\\x7c).\n      - Excludes can contain standard Ant style wildcards.\n\n    externalProjects\n      List of external projects to include. These projects are included after\n      any other projects have been included or excluded.\n      The format is: name,path\n      Where:\n      \n      - name is the artifact ID of the project to include.\n      - path is the pathname to the project.\n\n    includes\n      An array of directories containing the pom file of any projects to\n      include. If an include pattern is specified, projects not specifed by\n      include patterns are excluded.\n      Include only applies to inherited modules, not external projects. The\n      current project is not filtered.\n      The include pattern may contain the following wildcard characters:\n      *: Zero or more characters\n      **: Any folders\n      ?: One and only one character\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n    projectDir (Default: ${basedir})\n      Specifies the directory where to create the ppf file\n      Expression: ${ounce.projectDir}\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\nounce:help\u003cbr\u003e\n  Display help information on ounce-maven-plugin.\n  Call\n    mvn ounce:help -Ddetail=true -Dgoal=\u003cgoal-name\u003e\n  to display parameter details.\n\n  Available parameters:\n\n    detail (Default: false)\n      If true, display all settable properties for each goal.\n      Expression: ${detail}\n\n    goal\n      The name of the goal for which to show help. If unspecified, all goals\n      will be displayed.\n      Expression: ${goal}\n\n    indentSize (Default: 2)\n      The number of spaces per indentation level, should be positive.\n      Expression: ${indentSize}\n\n    lineLength (Default: 80)\n      The maximum length of a display line, should be positive.\n      Expression: ${lineLength}\n\nounce:project\u003cbr\u003e\n  This mojo generates an Ounce project file. It forks the build and executes the\n  process-sources phase so that any plugins that may generate sources and attach\n  new source folders to the project will execute and those source folders will\n  be automatically included in the generated project. This mojo is intended to\n  be executed from the command line. If you would rather have the project built\n  automatically during your build, use the project-only goal instead.\n\n  Available parameters:\n\n    analyzeStrutsFramework (Default: false)\n      Whether to analyze the framework for a Struts application\n      Expression: ${ounce.analyzeStrutsFramework}\n\n    appDir (Default: ${basedir})\n      Specifies the directory where to create the paf file\n      Expression: ${ounce.appDir}\n\n    classpathScope (Default: compile)\n      The scope of the classpath used to analyze this project.\n      Valid choices are: compile, test, runtime, or system. If\n      includeTestSources is true, then the classpathScope reverts to test.\n      Otherwise, the default is compile.\n      Expression: ${ounce.classpathScope}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    createVariables (Default: true)\n      Whether the plugin should use the Ounce Automation Server to create any\n      necessary variables (such as M2_REPO). Requires that the Ounce Automation\n      Server be installed.\n      Expression: ${ounce.createVariables}\n\n    externalJars (Default: ${basedir})\n      Specifies external jars to be added to the project classpath. These are\n      typically jar files that are part of the application server installation.\n      Comma separated list of files with absolute path.\n      Expression: ${ounce.externalJars}\n\n    importStrutsValidation (Default: false)\n      Whether to import Struts validation routines\n      Expression: ${ounce.importStrutsValidation}\n\n    includeTestSources (Default: false)\n      If TestSources should be included in the compilable sources. If set, adds\n      project.getTestSourceRoot() to the path and defaults the classpathScope to\n      test.\n      Expression: ${ounce.includeTestSources}\n\n    installDir\n      The location of the Ounce client installation directory. Required if\n      ounceauto is not on the path.\n      NOTE: As of version 10.0.7, AppScan Source has an updated installation path.\n      AppScan Source Ounce/Maven plugin has been updated to handle both the old and new installation paths by default.\n      Expression: ${ounce.installDir}\n\n    javaCompilerOptions\n      Options to pass to the javac compiler.\n      Expression: ${ounce.javaCompilerOptions}\n\n    jdkName\n      JDK configuration known to Ounce Core.\n      Expression: ${ounce.jdkName}\n\n    jspCompilerName (Default: Tomcat 8)\n      JSP compiler type name / application server.\n      Expression: ${ounce.jspCompilerName}\n\n    jspCompilerType (Default: 13)\n      JSP compiler type name / application server.\n      Expression: ${ounce.jspCompilerType}\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n\tprecompileScan (Default: false)\n      Defaults to false, which means compile the java source files part of scanning \n\t  the project. If set to true, then the compiled class files that were generated \n\t  as part of the build shall be scanned and the java source files shall not be \n\t  compiled again while scanning the project.\n      Note, this option shall not have any effect with JSP files. If the web application \n\t  contains precompiled JSPs, then the tool shall automatically recognize them and \n\t  not recompile the jsps. No additional switch/option is needed. This automatic behavior \n\t  is only present in AppScan Source 9.0.3.7 iFix001 onwards.\n      Expression: ${ounce.preCompileScan}\n\n    projectDir (Default: ${basedir})\n      Specifies the directory where to create the ppf file\n      Expression: ${ounce.projectDir}\n\n    projectFile (Default: ${basedir}/${project.artifactId}.ppf)\n      Specifies the location to create the ppf file\n      Expression: ${ounce.projectFile}\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\n    srcRoots\n      Specifies the location of the source root\n      Expression: ${ounce.srcRoots}\n\n    webappDirectory (Default: ${basedir}/src/main/webapp)\n      The location of the web context root, if needed.\n      Expression: ${ounce.webappDir}\n\nounce:project-only\u003cbr\u003e\n  This mojo generates an Ounce project file. It does not fork the build like the\n  'project' mojo and is instead intended to be bound in a pom for automatic\n  execution. If you would rather have the project generated on demand via the\n  command line, use the project goal instead.\n\n  Available parameters:\n\n    analyzeStrutsFramework (Default: false)\n      Whether to analyze the framework for a Struts application\n      Expression: ${ounce.analyzeStrutsFramework}\n\n    appDir (Default: ${basedir})\n      Specifies the directory where to create the paf file\n      Expression: ${ounce.appDir}\n\n    classpathScope (Default: compile)\n      The scope of the classpath used to analyze this project.\n      Valid choices are: compile, test, runtime, or system. If\n      includeTestSources is true, then the classpathScope reverts to test.\n      Otherwise, the default is compile.\n      Expression: ${ounce.classpathScope}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    createVariables (Default: true)\n      Whether the plugin should use the Ounce Automation Server to create any\n      necessary variables (such as M2_REPO). Requires that the Ounce Automation\n      Server be installed.\n      Expression: ${ounce.createVariables}\n\n    externalJars (Default: ${basedir})\n      Specifies external jars to be added to the project classpath. These are\n      typically jar files that are part of the application server installation.\n      Comma separated list of files with absolute path.\n      Expression: ${ounce.externalJars}\n\n    importStrutsValidation (Default: false)\n      Whether to import Struts validation routines\n      Expression: ${ounce.importStrutsValidation}\n\n    includeTestSources (Default: false)\n      If TestSources should be included in the compilable sources. If set, adds\n      project.getTestSourceRoot() to the path and defaults the classpathScope to\n      test.\n      Expression: ${ounce.includeTestSources}\n\n    installDir\n      The location of the Ounce client installation directory. Required if\n      ounceauto is not on the path.\n      NOTE: As of version 10.0.7, AppScan Source has an updated installation path.\n      AppScan Source Ounce/Maven plugin has been updated to handle both the old and new installation paths by default.\n      Expression: ${ounce.installDir}\n\n\n    javaCompilerOptions\n      Options to pass to the javac compiler.\n      Expression: ${ounce.javaCompilerOptions}\n\n    jdkName\n      JDK configuration known to Ounce Core.\n      Expression: ${ounce.jdkName}\n\n    jspCompilerName (Default: Tomcat 8)\n      JSP compiler type name / application server.\n      Expression: ${ounce.jspCompilerName}\n\n    jspCompilerType (Default: 13)\n      JSP compiler type name / application server.\n      Expression: ${ounce.jspCompilerType}\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n\tprecompileScan (Default: false)\n      Defaults to false, which means compile the java source files part of scanning \n\t  the project. If set to true, then the compiled class files that were generated \n\t  as part of the build shall be scanned and the java source files shall not be \n\t  compiled again while scanning the project.\n      Note, this option shall not have any effect with JSP files. If the web application \n\t  contains precompiled JSPs, then the tool shall automatically recognize them and \n\t  not recompile the jsps. No additional switch/option is needed. This automatic behavior \n\t  is only present in AppScan Source 9.0.3.7 iFix001 onwards.\n      Expression: ${ounce.preCompileScan}\n\n    projectDir (Default: ${basedir})\n      Specifies the directory where to create the ppf file\n      Expression: ${ounce.projectDir}\n\n    projectFile (Default: ${basedir}/${project.artifactId}.ppf)\n      Specifies the location to create the ppf file\n      Expression: ${ounce.projectFile}\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\n    srcRoots\n      Specifies the location of the source root\n      Expression: ${ounce.srcRoots}\n\n    webappDirectory (Default: ${basedir}/src/main/webapp)\n      The location of the web context root, if needed.\n      Expression: ${ounce.webappDir}\n\nounce:publishASE\u003cbr\u003e\n  This mojo provides the ability to publish an AppScan Source assessment to\n  AppScan Enterprise\n\n  Available parameters:\n\n    aseApplication\n      Optional. Name of the AppScan Enterprise application to associate the assessment with.\n      Expression: ${ounce.aseApplication}\n\n    assessmentOutput (Default: ${basedir}/${project.artifactId}.ozasmt)\n      This is the assessment file that will be published to AppScan Enterprise\n      Expression: ${ounce.assessmentOutput}\n\n    caller\n      Optional. Assign a caller to the report generation operation. The caller\n      can be the name of an actual user, but this is not required. The caller\n      name is written to the ounceauto log file\n      Expression: ${ounce.caller}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    folderID\n      Optional. Enterprise Console folder to publish to. If this argument is not\n      used, the assessment will be published to your default Enterprise Console\n      folder.\n      Expression: ${ounce.folderID}\n\n    installDir\n      The location of the Ounce client installation directory if the Ounce\n      client is not on the path\n      Expression: ${ounce.installDir}\n\n    name\n      This is the name that the assessment will be saved as in the Enterprise Console.\n      Expression: ${ounce.name}\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\n    waitForScan (Default: false)\n      Forces the goal to wait until the scan finishes, thus blocking the Maven\n      build. This is useful if the scan is being performed from the report mojo\n      as part of integration with the site target and the site is getting\n      deployed.\n      Expression: ${ounce.wait}\n\nounce:report\u003cbr\u003e\n  Generate the scan results as part of the site.\n\n  Available parameters:\n\n    applicationFile (Default: ${ounce.appDir}/${project.artifactId}.paf)\n      The location of the application file (.paf) to scan.\n      DO NOT USE\n      Expression: ${ounce.applicationFile}\n\n    appserver_type\n      If the application that you are opening includes JavaServer Pages (for\n      example, a WAR or EAR file), use this setting to specify the application\n      server to use for JSP compilation. Specify one of these, in double\n      quotation marks: Tomcat 5, Tomcat 6, Tomcat 7, Tomcat 8, WebSphere 6.1,\n      WebSphere 7.0, WebSphere 8.0, WebSphere 8.5, WebLogic 8, WebLogic 9,\n      WebLogic 11g or WebLogic 12c Command line variable: -Dounce.appserver_type\n      Example: -Dounce.appserver_type='WebSphere 8.5'\n      Expression: ${ounce.appserver_type}\n\n    assessmentName\n      A name to help identify the assessment.\n      Expression: ${ounce.assessmentName}\n\n    assessmentOutput\n      A filename to which to save the assessment.\n      If filename is not specified, Ounce/Maven generates a name based on the\n      application name and timestamp and saves it to the applications working\n      directory.\n      Command line variable: -Dounce.assessmentOutput\n      Example: -Dounce.assessmentOutput='MyAssessment.ozasmt'\n      Expression: ${ounce.assessmentOutput}\n\n    caller\n      A short string to help identify the corresponding entries in the ounceauto\n      log file.\n      Command line variable: -Dounce.caller\n      Expression: ${ounce.caller}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    existingAssessmentFile\n      Specify the name of an existing assessment for which to generate a report.\n      If not specified, Ounce/Maven scans the application and generates the\n      report from that assessment.\n      Expression: ${ounce.existingAssessmentFile}\n\n    includeSrcAfter\n      Number of lines of source code to include in the report after each\n      finding.\n      Command line variable: -Dounce.includeSrcAfter\n      Example: -Dounce.includeSrcAfter=5\n      Expression: ${ounce.includeSrcAfter}\n\n    includeSrcBefore\n      Number of lines of source code to include in the report before each\n      finding.\n      Command line variable: -Dounce.includeSrcBefore\n      Example: -Dounce.includeSrcBefore=5\n      Expression: ${ounce.includeSrcBefore}\n\n    includeTraceCoverage\n      Include trace information in the report for scan coverage findings.\n      Command line variable: -Dounce.includeTraceCoverage Example:\n      -Dounce.includeTraceCoverage=true\n      Expression: ${ounce.includeTraceCoverage}\n\n    includeTraceDefinitive\n      Include trace information in the report for definitive findings.\n      Command line variable: -Dounce.includeTraceDefinitive\n      Example: -Dounce.includeTraceDefinitive=true\n      Expression: ${ounce.includeTraceDefinitive}\n\n    includeTraceSuspect\n      Include trace information in the report for suspect findings.\n      Command line variable: -Dounce.includeTraceSuspect\n      Example: -Dounce.includeTraceSuspect=true\n      Expression: ${ounce.includeTraceSuspect}\n\t\n\tincludeHowToFix\n\t   Include How To Fix information in the report for remediation of findings. (AppScan Source version 10.0.5 and above)\n      Command line variable: -Dounce.includeHowToFix\n      Example: -Dounce.includeHowToFix=true\n      Expression: ${ounce.includeHowToFix}\n      \n\tinstallDir\n      The location of the Ounce client installation directory if the Ounce\n      client is not on the path.\n      NOTE: As of version 10.0.7, AppScan Source has an updated installation path.\n      AppScan Source Ounce/Maven plugin has been updated to handle both the old and new installation paths by default.\n      Command line variable: -Dounce.installDir\n      Example: Dounce.installDir='C:\\Program Files (x86)\\IBM\\AppScanSource'\n      Expression: ${ounce.installDir}\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n    projectFile\n      (no description available)\n      Expression: ${ounce.projectFile}\n\n    publish (Default: false)\n      Automatically publish the assessment following the completion of the scan.\n      Command line variable: -Dounce.publish\n      Example: -Dounce.publish=true\n      Expression: ${ounce.publish}\n\n    reportOutputPath\n      The path to which to write the report specified in reportType. Required\n      with reportType.\n      Command line variable: -Dounce.reportOutputPath\n      Example: -Dounce.reportOutputPath='C:\\MyReports'\n      Expression: ${ounce.reportOutputPath}\n\n    reportOutputType\n      The output to generate for the report specified in reportType. Required\n      with reportType. Output type may be html, zip, pdf-summary, pdf-detailed,\n      pdf-comprehensive, or pdf-annotated.\n      Command line variable: -Dounce.reportOutputType\n      Example: -Dounce.reportOutputType='html'\n      Expression: ${ounce.reportOutputType}\n\n    reportType\n      Generates an Ounce report of the specified type, including findings\n      reports, SmartAudit Reports, and, if available, custom reports.\n      Ounce/Maven generates a report for this assessment after the scan\n      completes.\n      The following report types are included: Findings, Findings By CWE,\n      Findings By API, Findings By Classification, Findings By File, Findings By\n      Type, Findings By Bundle, OWASP Top Ten, PCI Data Security Standard, Ounce\n      Software Security Profile, or OWASP Top Ten 2007. If you specify\n      reportType, then reportOutputType and reportOutputPath are required.\n      Command line variable: -Dounce.reportType\n      Example: -Dounce.reportType='Findings'\n      Expression: ${ounce.reportType}\n\n    scanConfig\n      Allows a scan configuration to be specified for the scan\n      Command line variable: -Dounce.scanconfig\n      Example: -Dounce.scanconfig='Normal scan'\n      Expression: ${ounce.scanconfig}\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\n    waitForScan (Default: false)\n      Forces the goal to wait until the scan finishes, thus blocking the Maven\n      build. This is useful if the scan is being performed from the report mojo\n      as part of integration with the site target and the site is getting\n      deployed.\n      Command line variable: -Dounce.wait\n      Example: -Dounce.wait=true\n      Expression: ${ounce.wait}\n\nounce:scan\u003cbr\u003e\n  This mojo allows an on demand scan of an application and the optional\n  publishing of the results.\n\n  Available parameters:\n\n    applicationFile (Default: ${ounce.appDir}/${project.artifactId}.paf)\n      The location of the application file (.paf) to scan.\n      DO NOT USE\n      Expression: ${ounce.applicationFile}\n\n    appserver_type\n      If the application that you are opening includes JavaServer Pages (for\n      example, a WAR or EAR file), use this setting to specify the application\n      server to use for JSP compilation. Specify one of these, in double\n      quotation marks: Tomcat 5, Tomcat 6, Tomcat 7, Tomcat 8, WebSphere 6.1,\n      WebSphere 7.0, WebSphere 8.0, WebSphere 8.5, WebLogic 8, WebLogic 9,\n      WebLogic 11g or WebLogic 12c Command line variable: -Dounce.appserver_type\n      Example: -Dounce.appserver_type='WebSphere 8.5'\n      Expression: ${ounce.appserver_type}\n\n    assessmentName\n      A name to help identify the assessment.\n      Expression: ${ounce.assessmentName}\n\n    assessmentOutput\n      A filename to which to save the assessment.\n      If filename is not specified, Ounce/Maven generates a name based on the\n      application name and timestamp and saves it to the applications working\n      directory.\n      Command line variable: -Dounce.assessmentOutput\n      Example: -Dounce.assessmentOutput='MyAssessment.ozasmt'\n      Expression: ${ounce.assessmentOutput}\n\n    caller\n      A short string to help identify the corresponding entries in the ounceauto\n      log file.\n      Command line variable: -Dounce.caller\n      Expression: ${ounce.caller}\n\n    coreHint (Default: ouncexml)\n      This hint provides a way to switch the core implementation. Consult Ounce\n      support for details, most users should leave this set to the default. Use\n      -Dounce.core=console to have have the output displayed instead of written\n      to the file for debugging purposes.\n      Expression: ${ounce.core}\n\n    includeSrcAfter\n      Number of lines of source code to include in the report after each\n      finding.\n      Command line variable: -Dounce.includeSrcAfter\n      Example: -Dounce.includeSrcAfter=5\n      Expression: ${ounce.includeSrcAfter}\n\n    includeSrcBefore\n      Number of lines of source code to include in the report before each\n      finding.\n      Command line variable: -Dounce.includeSrcBefore\n      Example: -Dounce.includeSrcBefore=5\n      Expression: ${ounce.includeSrcBefore}\n\n    includeTraceCoverage\n      Include trace information in the report for scan coverage findings.\n      Command line variable: -Dounce.includeTraceCoverage Example:\n      -Dounce.includeTraceCoverage=true\n      Expression: ${ounce.includeTraceCoverage}\n\n    includeTraceDefinitive\n      Include trace information in the report for definitive findings.\n      Command line variable: -Dounce.includeTraceDefinitive\n      Example: -Dounce.includeTraceDefinitive=true\n      Expression: ${ounce.includeTraceDefinitive}\n\n    includeTraceSuspect\n      Include trace information in the report for suspect findings.\n      Command line variable: -Dounce.includeTraceSuspect\n      Example: -Dounce.includeTraceSuspect=true\n      Expression: ${ounce.includeTraceSuspect}\n      \n\t includeHowToFix\n\t   Include How To Fix information in the report for remediation of findings.(AppScan Source version 10.0.5 and above)\n      Command line variable: -Dounce.includeHowToFix\n      Example: -Dounce.includeHowToFix=true\n      Expression: ${ounce.includeHowToFix}\n      \n    installDir\n      The location of the Ounce client installation directory if the Ounce\n      client is not on the path.\n      NOTE: As of version 10.0.7, AppScan Source has an updated installation path.\n      AppScan Source Ounce/Maven plugin has been updated to handle both the old and new installation paths by default.\n      Command line variable: -Dounce.installDir\n      Example: Dounce.installDir='C:\\Program Files (x86)\\IBM\\AppScanSource'\n      Expression: ${ounce.installDir}\n\n    pathVariableMap\n      Map of Ounce variable names and paths.\n      pathVariableMap variables are automatically registered with Ounce by the\n      Ounce/Maven plugin if the Ounce Automation Server is installed.\n\n    projectFile\n      (no description available)\n      Expression: ${ounce.projectFile}\n\n    publish (Default: false)\n      Automatically publish the assessment following the completion of the scan.\n      Command line variable: -Dounce.publish\n      Example: -Dounce.publish=true\n      Expression: ${ounce.publish}\n\n    reportOutputPath\n      The path to which to write the report specified in reportType. Required\n      with reportType.\n      Command line variable: -Dounce.reportOutputPath\n      Example: -Dounce.reportOutputPath='C:\\MyReports'\n      Expression: ${ounce.reportOutputPath}\n\n    reportOutputType\n      The output to generate for the report specified in reportType. Required\n      with reportType. Output type may be html, zip, pdf-summary, pdf-detailed,\n      pdf-comprehensive, or pdf-annotated.\n      Command line variable: -Dounce.reportOutputType\n      Example: -Dounce.reportOutputType='html'\n      Expression: ${ounce.reportOutputType}\n\n    reportType\n      Generates an Ounce report of the specified type, including findings\n      reports, SmartAudit Reports, and, if available, custom reports.\n      Ounce/Maven generates a report for this assessment after the scan\n      completes.\n      The following report types are included: Findings, Findings By CWE,\n      Findings By API, Findings By Classification, Findings By File, Findings By\n      Type, Findings By Bundle, OWASP Top Ten, PCI Data Security Standard, Ounce\n      Software Security Profile, or OWASP Top Ten 2007. If you specify\n      reportType, then reportOutputType and reportOutputPath are required.\n      Command line variable: -Dounce.reportType\n      Example: -Dounce.reportType='Findings'\n      Expression: ${ounce.reportType}\n\n    scanConfig\n      Allows a scan configuration to be specified for the scan\n      Command line variable: -Dounce.scanconfig\n      Example: -Dounce.scanconfig='Normal scan'\n      Expression: ${ounce.scanconfig}\n\n    skipPoms (Default: true)\n      If pom packaging projects should be skipped. Typically these will not have\n      source code and should be excluded. This is true by default because\n      typically the application or projects will be created at a pom level and\n      the poms have no source to be analyzed Only set this if you have source in\n      your 'pom' packaging projects that needs to be scanned.\n      Expression: ${ounce.skipPoms}\n\n    waitForScan (Default: false)\n      Forces the goal to wait until the scan finishes, thus blocking the Maven\n      build. This is useful if the scan is being performed from the report mojo\n      as part of integration with the site target and the site is getting\n      deployed.\n      Command line variable: -Dounce.wait\n      Example: -Dounce.wait=true\n      Expression: ${ounce.wait}\n\n# Examples\n\n\u003cb\u003eHelp\u003c/b\u003e\u003cbr\u003e\n$mvn ounce:help -Ddetail=true\n\n\u003cb\u003eGenerate application and project files\u003c/b\u003e\u003cbr\u003e\n$mvn clean install ounce:application ounce:project\n\n\u003cb\u003eGenerate application and project files in AppScanSource specific folder outside the project root\u003c/b\u003e\u003cbr\u003e\n$mvn clean install -Dounce.appName=MyApp -Dounce.appDir=C:\\Code\\MyApp\\AppScanSource\\Application -Dounce.projectDir=C:\\Code\\MyApp\\AppScanSource ounce:application ounce:project\n\n# License\n\nAll files found in this project are licensed under the [Apache License 2.0](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Founce-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhcl-tech-software%2Founce-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhcl-tech-software%2Founce-maven-plugin/lists"}