Fortify在扫描Visual Studio项目时抛出错误
问题描述:
我试图在Visual Studio 2008项目上运行Fortify。该项目自行成功建设。当我尝试使用Visual Studio集成控件与Fortify分析项目时,项目成功构建,但会引发错误消息。下面是来自Fortify的控制台输出:Fortify在扫描Visual Studio项目时抛出错误
Fortify SCA...
Running: "-show-runtime-properties"
Running: "-b" "ProjectName" "-clean"
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed:
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
当我从独立审计工作台运行Fortify的,我得到了以下错误消息:
SCA Commandline invocation failed
[error]: Build ID "ProjectName" doesn't exist.
我把大部分的默认扫描选项,只是改变“是这是一个J2EE Web应用程序'到'否'(我也试过把它留到'是',但这也不起作用
搜索关于错误消息的任何信息只产生了Stack Overflow的另一个question,但项目设置似乎相当不同nt从我的Visual Studio项目。无论如何,我也尝试使用Visual Studio提供的参数从命令行运行扫描,但我得到相同的错误消息。
Fortify文档提到,构建ID用于跟踪哪些文件作为构建的一部分进行编译和链接,并在以后对这些文件进行扫描,并且通常是项目名称。我尝试了几个不同的字符串作为构建ID,但似乎没有任何工作。
任何人有任何想法我要去哪里错了?提前致谢。
更新:问题发生在分析的转换阶段,因为根本没有创建编号ID。以下是来自源分析器日志的日志:
[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)
答
好的,我认为这是VS2010上C/C++翻译的一个已知问题。我找到了解决方法是:
- 打开一个Visual Studio 86命令提示符
- 切换到KindleExport.sln目录
- 运行: sourceanalyzer -b kindleexport devenv的KindleExport.sln/REBUILD
- 运行: sourceanalyzer -b kindleexport -scan -f KindleExport.fpr