Running fortify scan on .cs files

c# .net fortify
saurav picture saurav · Mar 3, 2015 · Viewed 7.6k times · Source

Is it possible to run Fortify scan on .cs files ? have searched on net and SF but did not get any concrete answer. The project structure is exactly like this https://pnppubsub.codeplex.com/SourceControl/latest

Some of the projects are portable class libraries

Answer

James Nix picture James Nix · Mar 12, 2015

This is not really correct. Fortify doe not NEED to compile the code so that it can perform the scan. It can accept pre-compiled .Net Assemblies if they are build in a Debug configuration and the .pdb files are present.

For example a VS2012 project (typical VS folder structure):

MyProject\MyProject\bin\Debug\MyProject.dll
MyProject\MyProject\bin\Debug\MyProject.pdb
MyProject\MyProject\MyProject.csproj
MyProject\MyProject\MyProject.cs
MyProject\MyProject.sln

Your Translate step command would be something like:

sourceanalyzer -b MyProjectScan -vsversion 11.0 MyProject

Sourceanalyzer will look at the MyProject folder and all subfolders for Assemblies and .pdb files. The -vsversion 11.0 parameter tells Sourceanalyzer what .Net framework the Assemblies were built with.

Related questions

How to make an HTTP POST web request

Canonical How can I make an HTTP request and send some data using the POST method? I can do a GET request, but I have no idea of how to make a POST request.

Read More
How can I convert String to Int?

I have a TextBoxD1.Text and I want to convert it to an int to store it in a database. How can I do this?

Read More
What is a NullReferenceException, and how do I fix it?

I have some code and when it executes, it throws a NullReferenceException, saying: Object reference not set to an instance of an object. What does this mean, and what can I do to fix this error?

Read More