Reputation: 1465
Using HP Fortify on .cs files in static code analysis
Hi I have been trying to use Fortify Scanning Wizard to scan a c# repository which is not built and I am not able to build it. It seems like Fortify is not picking up the cs files / cant even locate them.
I read some posts and saying that, you can only use Fortify on C# project when 1. You can compile it and have a .pdb file; or 2. You have to use fortify plugin in the visual studio and build it.
I just want to do a simple pre-compiled static code analysis on a C# project. I did not expect Fortify cannot do that. It will be great if someone can confirm that.
Upvotes: 3
Views: 1834
Answers (2)
Reputation: 7448
With the latest version of HPE Fortify SCA 16.20 (released Dec 2016), SCA will pick up files directly. You no longer need to either have to have the ability to compile (VS or MSBUILD) or already have the compiled .dll and .pdb files.
You can still use the old methods, but scanning the files directly is in addition.
Upvotes: 4
Reputation: 772
From the SCA Documentation:
SCA works on the Common Intermediate Language (CIL), and therefore supports all of the .NET languages that compile to CIL, including C# and VB .NET.
SCA sourceanalyzer is looking for the DLL's (and corresponding PDB files) so it does not pickup the source files for scanning.
Upvotes: 1
Related Questions
- Fortify Scan Engine Version effect on results
- Import/Export of HP Fortify Audited Results
- Accessing C-Code analyser from within C# code?
- HP Fortify scans get ASP Pre-Compilation error
- HP FORTIFY 360 a
- Running fortify scan on .cs files
- Running Fortify on .dll files as well as .cs
- Can fortify static code analyzer scan visual studio 2013 project?
- Any static code analysis tools for C# 4.0 yet?
- Static source code analysis for C# that operates on source code level