Fortify 在扫描 Visual Studio 项目时抛出错误 [英] Fortify throws error while scanning Visual Studio project
问题描述
我正在尝试在 Visual Studio 2008 项目上运行 Fortify.该项目自行成功构建.当我尝试使用 Visual Studio 集成控件通过 Fortify 分析项目时,项目构建成功,但会引发错误消息.这是 Fortify 控制台的输出:
I'm trying to run Fortify on a Visual Studio 2008 project. The project builds successfully on its own. When I try to analyze the project with Fortify using the Visual Studio integrated controls, the project builds successfully but an error message is thrown. Here's the output from Fortify console:
Fortify SCA...
Running: "-show-runtime-properties"
Running: "-b" "ProjectName" "-clean"
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed:
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
当我从独立的 Audit Workbench 运行 Fortify 时,我收到以下错误消息:
When I run Fortify from the standalone Audit Workbench, I get the following error message:
SCA Commandline invocation failed
[error]: Build ID "ProjectName" doesn't exist.
除了将这是一个 J2EE Web 应用程序"更改为否"之外,我保留了大部分默认扫描选项(我也尝试将其保留为是",但这也不起作用.
I keep most of the default scan options except changing 'Is this a J2EE web application' to 'No' (I also tried leaving this to 'yes' but that didn't work either.
搜索有关错误消息的任何信息只会产生另一个问题Stack Overflow 但项目设置似乎与我的 Visual Studio 项目完全不同.无论如何,我也尝试使用 Visual Studio 提供的参数从命令行运行扫描,但我收到相同的错误消息.
Searching for any info on the error messages only produced another question on Stack Overflow but the project setup seems quite different from my Visual Studio project. Anyways, I also tried running the scan from command line with the arguments provided by Visual Studio but I get the same error message.
Fortify 文档提到构建 ID 用于跟踪哪些文件作为构建的一部分被编译和链接,然后用于扫描这些文件,并且它通常是项目名称.我尝试了几个不同的字符串作为构建 ID,但似乎没有任何效果.
Fortify documentation mentions that the build ID is used to track which files are compiled and linked as part of a build and later to scan those files and that it is usually the project name. I tried a few different strings as the build ID but nothing seems to work.
有人知道我哪里出错了吗?提前致谢.
Anyone has any idea where I'm going wrong? Thanks in advance.
更新:问题发生在分析的翻译阶段,因为根本没有创建构建 ID.这是来自 sourceanalyzer 日志的日志:
Update: The problem occurs during the translate phase of the analysis due to which the build ID is not created at all. Here's the log from the sourceanalyzer log:
[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)
推荐答案
好的,我认为这是 VS2010 上 C/C++ 翻译的一个已知问题.我发现的解决方法是:
OK, I think this is a known issue with C/C++ translation on VS2010. The workaround I found is:
- 打开 Visual Studio x86 命令提示符
- 切换到 KindleExport.sln 的目录
- 运行:sourceanalyzer -b kindleexport devenv KindleExport.sln/REBUILD
- 运行:sourceanalyzer -b kindleexport -scan -f KindleExport.fpr
这篇关于Fortify 在扫描 Visual Studio 项目时抛出错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
