Fortify Software Security Center Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

Scan C# and C/C++ Files

Occasional Contributor

Scan C# and C/C++ Files

How do I scan C# and C++ files within the Fortify Workbench without going through a MS Visual Studio Solution (sln) file.  That is the only way I can find to do it through the documentation.  When I launch an advanced scan on a directory with these types of files in them they don't show in the directory tree.  It's as if Fortify can't see .cs or .cpp files.  Did I miss a step in configuring Fortify or is there another way to get these files scanned?  It works fine with Java but most of my projects are in C# or C++ and I was under the impression Fortify could scan thoes as well.

 

Thanks,

 

Ed

11 REPLIES
Occasional Visitor

Re: Scan C# and C/C++ Files

Hi were you able to find a solution to this problem ??? I'm experiencing the same situation...
Occasional Advisor

Re: Scan C# and C/C++ Files

Hi all, the AWB scan wizard supports translatation and scanning of JavaScript, PHP, ASP, .NET, and SQL projects.

As C++ requires a compiler and build system such as make, you'll need to enter additional commands.

 

ALso, keep in mind that you'll need to have VS or MSBuild installed to build VS projects.

 

Frequent Advisor

Re: Scan C# and C/C++ Files

Hi,

 

I'm pretty new to Fortify SCA, but my understanding is that to do a directory based scan on a .NET App it needs to first be compiled. For ASP.NET Apps this means that ASPX must also be compiled.

 

We are currently building our solutions one a build server and then moving the output to a SCA Machine with VS2008-2012 installed for the scanning process.

 

Cheers,

 

Dan

 

Occasional Visitor

Re: Scan C# and C/C++ Files

knowing it should work is good...a pointer to where in docs on how to configure for the compile would be better....

Thanks and wish all luck as the search continues

Occasional Visitor

Re: Scan C# and C/C++ Files

Hi,

I'm struggling to scan C++ code using HP Fortify SCA.

Can anybody help me in understanding the prerequisites for scanning C++ files?

Is it possible to scan it through Audit Workbench or Scan Wizard?

Does it require a build before scanning.

 

Any help would be highly appreciated

Occasional Advisor

Re: Scan C# and C/C++ Files

Hi
I'm having the same problem
you managed to solve it?
need help

Occasional Visitor

Re: Scan C# and C/C++ Files

Yes, it requires a build and can be scanned through Fortify SCA for linux.You can find the installer in HP's website.

Occasional Advisor

Re: Scan C# and C/C++ Files

it would be possible to inform the link to this solution?

Occasional Advisor

Re: Scan C# and C/C++ Files

Would not have a solution to the windows environment?
I have no problems with Linux, but need to know if have a solution for both operating systems.

Occasional Visitor

Re: Scan C# and C/C++ Files

There no particular link for the solution.I connected with support team and they send the installer for linux environment, which was used in a linux box to scan the files.

 

In windows machine you can try and import the files in Visual Studio and then scan using HP Fortify's visual studio plugin which comes with the package.

Occasional Advisor

Re: Scan C# and C/C++ Files

anyone have the link plugin for visual studio?