Fortify 在扫描 Visual Studio 项目时抛出错误
我正在尝试在 Visual Studio 2008 项目上运行 Fortify。该项目自行构建成功。当我尝试使用 Visual Studio 集成控件通过 Fortify 分析项目时,项目构建成功,但抛出错误消息。以下是 Fortify 控制台的输出:
Fortify SCA...
Running: "-show-runtime-properties"
Running: "-b" "ProjectName" "-clean"
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed:
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
当我从独立的 Audit Workbench 运行 Fortify 时,收到以下错误消息:
SCA Commandline invocation failed
[error]: Build ID "ProjectName" doesn't exist.
我保留了大多数默认扫描选项,除了将“这是 J2EE Web 应用程序”更改为“否”(我也尝试过将其保留为“yes”,但这也不起作用,
搜索有关错误消息的任何信息只会产生另一个 Stack Overflow 上的问题,但项目设置似乎与我的 Visual Studio 项目有很大不同。无论如何,我也尝试使用 Visual Studio 提供的参数从命令行运行扫描,但出现相同的错误 Fortify文档
提到构建 ID 用于跟踪哪些文件作为构建的一部分进行编译和链接,然后扫描这些文件,并且它通常是项目名称,但我尝试了一些不同的字符串作为构建 ID。似乎没有任何作用。
有人知道我哪里出错了吗?提前致谢。
更新:问题发生在分析的转换阶段,因为根本没有创建构建 ID。这是来自源分析器日志的日志:
[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)
I'm trying to run Fortify on a Visual Studio 2008 project. The project builds successfully on its own. When I try to analyze the project with Fortify using the Visual Studio integrated controls, the project builds successfully but an error message is thrown. Here's the output from Fortify console:
Fortify SCA...
Running: "-show-runtime-properties"
Running: "-b" "ProjectName" "-clean"
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed:
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
When I run Fortify from the standalone Audit Workbench, I get the following error message:
SCA Commandline invocation failed
[error]: Build ID "ProjectName" doesn't exist.
I keep most of the default scan options except changing 'Is this a J2EE web application' to 'No' (I also tried leaving this to 'yes' but that didn't work either.
Searching for any info on the error messages only produced another question on Stack Overflow but the project setup seems quite different from my Visual Studio project. Anyways, I also tried running the scan from command line with the arguments provided by Visual Studio but I get the same error message.
Fortify documentation mentions that the build ID is used to track which files are compiled and linked as part of a build and later to scan those files and that it is usually the project name. I tried a few different strings as the build ID but nothing seems to work.
Anyone has any idea where I'm going wrong? Thanks in advance.
Update: The problem occurs during the translate phase of the analysis due to which the build ID is not created at all. Here's the log from the sourceanalyzer log:
[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好的,我认为这是 VS2010 上 C/C++ 翻译的一个已知问题。我找到的解决方法是:
sourceanalyzer -b kindleexport devenv KindleExport.sln /REBUILD
源分析器-b kindleexport -扫描-f KindleExport.fpr
OK, I think this is a known issue with C/C++ translation on VS2010. The workaround I found is:
sourceanalyzer -b kindleexport devenv KindleExport.sln /REBUILD
sourceanalyzer -b kindleexport -scan -f KindleExport.fpr