Fortify的命令行用法 [英] Fortify command line usage

问题描述

有没有人使用命令行运行设防？
我试着融入设防跑在我的CI构建和我不知道如何做到这一点。

Has anyone used command line to run fortify? I tryin to incorporate fortify run in my CI build and I dont know how to do it.

推荐答案

由于我不能添加评论，我会提供这个作为回答。本公司已整合了扫描过程到我们的TFS构建环境，它工作得很好。

Since I can't add a comment, I'll have to offer this as an answer. Our company has integrated the scan process into our TFS build environment and it works pretty well.

我们采用了一系列的调用过程共建活动，以实现这一目标。整个安全扫描序列被包裹在被公开的参数生成定义条件。这允许根据需要我们来启用或禁用扫描。我们也暴露出了一些其他的东西像Fortify的项目，Fortify的项目版本，另一个条件上传的FPR文件

We use a series of "Invoke Process" build activities to make this happen. The entire security scan sequence is wrapped in a conditional which is exposed as an argument to the build definition. This allows us to enable or disable scans as needed. We also expose a few other things like Fortify Project, Fortify Project Version, and another conditional for uploading the FPR file.

它的要点是这样的：

清除

sourceanalyzer -b构建ID-clean

建立

sourceanalyzer -b构建IDdevenv的BuildID.sln /重建调试/出C：\SSCLogs\SSCBuild.log

扫描

sourceanalyzer -b构建ID型扫描-format FPR -f BuildID.fpr

sourceanalyzer -b "Build ID" -scan -format fpr -f BuildID.fpr

上传到SSC

fortifyclient.bat -url SSCServerUrl -authtoken XXXXXXXX-XXXX-XXXX- XXXX-XXXXXXXXXXXX uploadFPR -file BuildID.fpr - 项目MyProject的-versionMyProject的V1.0.0

如果你想要一个全破败和/或一些屏幕截图，我很乐意为你提供的东西。

If you'd like a full rundown and/or some screen captures, I'd be happy to provide something for you.

这篇关于Fortify的命令行用法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！