CODEWITHSUNDEEP
asp.netfortify
user3323436
user3323436

Reputation: 71

Dot net fortify Scanning

Can I run fortify scan on my machine without Visual Studio Installation? I mean by fulfilling the basic requirements. Currently when scanning the code via fortify there are errors like cannot locate ildasm.exe

MSBuild: [error]: Unable to locate the Microsoft .NET disassembler tool (ildasm). Please make sure you have Visual Studio .NET version 7.1 or greater installed along with the SDK. MSBuild: If ildasm is installed in a non-standard location, please provide the full path to ildasm in the fortify-sca.properties file as com.fortify.sca.IldasmPath.

Upvotes: 4

Views: 6462

Answers (2)

techho MCSE
techho MCSE

Reputation: 16

If you want to exercise GUI option, you can use Audit workbench.

Open the project that you want to scan, it will show up all files that you want to include in scan.

Upvotes: 0

James Nix
James Nix

Reputation: 935

Yes, you can. You will need the Windows .Net SDK or a copy of the files from a development box. These files are typically located at C:\Program Files(x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools or similar. I've set up automation on machines that do not have Visual Studio installed and I just copy these files to a suitable location.

Next, you need to alter [FortifyInstallRoot]\Core\config\fortify-sca.properties and add com.fortify.sca.IldasmPath=[Path to the SDK files] using forward slashes (/) and NOT back slashes (\).

Finally, you will need to add some registry keys so that Fortify knows where to look for .Net Framework assemblies:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\7.1]
"CLR Version"="v2.0.50727"
"InstallDir"="C:\\Program Files (x86)\\Microsoft Visual Studio 7.1\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\8.0]
"CLR Version"="v2.0.50727"
"InstallDir"="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\9.0]
"CLR Version"="v2.0.50727"
"InstallDir"="c:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0]
"InstallDir"="c:\\Program Files (x86)\\Microsoft Visual Studio 10.0\\Common7\\IDE\\"
"CLR Version"="v4.0.30319"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\11.0]
"InstallDir"="C:\\Program Files (x86)\\Microsoft Visual Studio 11.0\\Common7\\IDE\\"
"CLR Version"="v4.0.30319"

Upvotes: 4

Related Questions