Ounce Maven Plugin

Ounce Labs' solutions enable organizations to identify, prioritize, and eliminate business risk to enterprises caused by software security vulnerabilities. Ounce analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources in resolving the most critical issues.

The Ounce/Maven Plugin makes it easy to integrate static source code analysis into your Maven build framework. Specialized goals allow you to extend the Maven framework to generate:

Ounce Project and Application files
Source code security scans
Comprehensive security reports

For more information about Ounce Labs' solution, see www.ouncelabs.com.

Goals Overview

The Ounce plugin has several goals:

ounce:project creates an Ounce project File from the Command Line.
ounce:project-only creates an Ounce project File as part of the build.
ounce:application creates an Ounce application file.
ounce:scan performs an on demand scan.
ounce:report performs an on demand scan and publishes the results to the site.

Usage

Instructions on how to use the ounce plugin goals:

Examples

The following examples show how to use the ounce plugin in more advanced use-cases:

Configuring Compiler Settings

Resources

OunceLabs

Overview

Usage

Examples

Resources

Project Documentation