Fortify的命令行用法 [英] Fortify command line usage
问题描述
有没有人使用命令行运行设防?
我试着融入设防跑在我的CI构建和我不知道如何做到这一点。
Has anyone used command line to run fortify? I tryin to incorporate fortify run in my CI build and I dont know how to do it.
推荐答案
由于我不能添加评论,我会提供这个作为回答。本公司已整合了扫描过程到我们的TFS构建环境,它工作得很好。
Since I can't add a comment, I'll have to offer this as an answer. Our company has integrated the scan process into our TFS build environment and it works pretty well.
我们采用了一系列的调用过程共建活动,以实现这一目标。整个安全扫描序列被包裹在被公开的参数生成定义条件。这允许根据需要我们来启用或禁用扫描。我们也暴露出了一些其他的东西像Fortify的项目,Fortify的项目版本,另一个条件上传的FPR文件
We use a series of "Invoke Process" build activities to make this happen. The entire security scan sequence is wrapped in a conditional which is exposed as an argument to the build definition. This allows us to enable or disable scans as needed. We also expose a few other things like Fortify Project, Fortify Project Version, and another conditional for uploading the FPR file.
它的要点是这样的:
清除
sourceanalyzer -b构建ID-clean
建立
sourceanalyzer -b构建IDdevenv的BuildID.sln /重建调试/出C:\SSCLogs\SSCBuild.log
扫描
sourceanalyzer -b构建ID型扫描-format FPR -f BuildID.fpr
sourceanalyzer -b "Build ID" -scan -format fpr -f BuildID.fpr
上传到SSC
fortifyclient.bat -url SSCServerUrl -authtoken XXXXXXXX-XXXX-XXXX- XXXX-XXXXXXXXXXXX uploadFPR -file BuildID.fpr - 项目MyProject的-versionMyProject的V1.0.0
如果你想要一个全破败和/或一些屏幕截图,我很乐意为你提供的东西。
If you'd like a full rundown and/or some screen captures, I'd be happy to provide something for you.
这篇关于Fortify的命令行用法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!