Create a 2nd Contrast CodeSec script for scanning source code, and move

original to its clear that one scans the WAR. Fix the mvnFortifyScan.bat
so it works on Windows, but it has to be run in a gitbash shell.

Author: Dave Wichers

scripts/mvnFortifyScan.bat

@@ -0,0 +1,9 @@
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+FortifySCA_version=$(sourceanalyzer -v | grep 'Fortify Static' | cut -d" " -f5)
+FortifyRulePack_version=$(fortifyupdate.cmd -showInstalledRules | grep "Core, Java v" | cut -d" " -f7)
+
+results_file="results/Benchmark_${benchmark_version}-Fortify${FortifySCA_version}_${FortifyRulePack_version}.fpr"
+
+sourceanalyzer -b benchmark -Xmx10G -scan -f $results_file
+echo "Results written to: $results_file"
+

scripts/mvnFortifyScan_OnWindows.sh

@@ -0,0 +1,13 @@
+# To use Contrast CodeSec you have to install it first.
+# See the install instructions at: https://www.contrastsecurity.com/developer/codesec/ 
+
+# For example, on Mac:
+# brew tap contrastsecurity/tap
+# brew install contrast
+
+# Note: you have to do 'contrast auth' first, and successfully authenticate before you can run this.
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+
+contrast scan -f src --save
+mv results.sarif results/Benchmark_$benchmark_version-ContrastCodeSec_OnSrc.sarif
+

scripts/runContrastCodeSec_OnSource.sh

@@ -1,6 +1,13 @@
+# To use Contrast CodeSec you have to install it first.
+# See the install instructions at: https://www.contrastsecurity.com/developer/codesec/ 
+
+# For example, on Mac:
+# brew tap contrastsecurity/tap
+# brew install contrast
+
 # Note: you have to do 'contrast auth' first, and successfully authenticate before you can run this.
 benchmark_version=$(scripts/getBenchmarkVersion.sh)
 
 contrast scan -f target/benchmark.war --save
-mv results.sarif results/Benchmark_$benchmark_version-ContrastCodeSec.sarif
+mv results.sarif results/Benchmark_$benchmark_version-ContrastCodeSec_OnWAR.sarif