3
我試圖在Visual Studio 2008項目上運行Fortify。該項目自行成功建設。當我嘗試使用Visual Studio集成控件與Fortify分析項目時,項目成功構建,但會引發錯誤消息。下面是來自Fortify的控制檯輸出:Fortify在掃描Visual Studio項目時拋出錯誤
Fortify SCA...
Running: "-show-runtime-properties"
Running: "-b" "ProjectName" "-clean"
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed:
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
當我從獨立審計工作臺運行Fortify的,我得到了以下錯誤消息:
SCA Commandline invocation failed
[error]: Build ID "ProjectName" doesn't exist.
我把大部分的默認掃描選項,只是改變「是這是一個J2EE Web應用程序'到'否'(我也試過把它留到'是',但這也不起作用
搜索關於錯誤消息的任何信息只產生了Stack Overflow的另一個question,但項目設置似乎相當不同nt從我的Visual Studio項目。無論如何,我也嘗試使用Visual Studio提供的參數從命令行運行掃描,但我得到相同的錯誤消息。
Fortify文檔提到,構建ID用於跟蹤哪些文件作爲構建的一部分進行編譯和鏈接,並在以後對這些文件進行掃描,並且通常是項目名稱。我嘗試了幾個不同的字符串作爲構建ID,但似乎沒有任何工作。
任何人有任何想法我要去哪裏錯了?提前致謝。
更新:問題發生在分析的轉換階段,因爲根本沒有創建編號ID。以下是來自源分析器日誌的日誌:
[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)