Do you have Team Foundation Server (TFS) and Fortify and wish they can work together automatically. This article will show one way of making fortify run every time you run a build on the Team Build server. After your build is completed a list of people will receive emails containing the fortify reports. Fortify reports will contain an fpr file that can be opened with the Audit work bench, an html file that can be opened with Internet explorer in addition to a log file.
Let's look at how we will do this.
Using Team Build we will override the "AfterComplie" target to add one Task this task will simply be an exec task. the exec task will run a batch file. This batch file will do all the fortify things. It will run fortify and email the files.
Let's see how we will do that in a step by step way.
Step 1:
-----------
Override the AfterComplie Target.
To do that, Check out your TFSBuild.Proj and just before the closing your Project element add the code highlighted in the screen shot above. in a nutshell what you need is an exec task as follows
The exec task will run fortify in from a batch file.
there are more than that in the screen shot above to use the ASPNetComplier task to combine your website dll's into one.
Step 2
---------------
Create runfortify.bat
Typically this file should look as follows
Rem 1. [CLEAN] Must clean first to clean C:\Documents and Settings\C649318\Local Settings\Application Data\Fortify\sca5.7\build
"E:\Program Files\Fortify Software\Fortify 360 v2.1.0\bin\sourceanalyzer" -b mybuild -clean
Rem 2. [TRANSLATE] Must translate second to create the intermediary Fortify Files. Must build solution first and use the Dll's folder of the solution. use -libdirs to reference any external dll's
"E:\Program Files\Fortify Software\Fortify 360 v2.1.0\bin\sourceanalyzer" -b mybuild -vsversion 8.0 -libdirs "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\KPHC.Integration.WebUI\Bin" "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\KPHC.Integration.WebUI\Bin" -debug -logfile "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\fortifyTranslate.log"
REM [SCAN] and create an fpr and xml file in addition to logs
"E:\Program Files\Fortify Software\Fortify 360 v2.1.0\bin\sourceanalyzer" -b mybuild -scan -f "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\FortifyIssues.fpr" -html-report -debug -logfile "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\fortifyScan.log"
RunFortify.exe "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\FortifyIssues.fpr" "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\FortifyIssues.html" "C:\Documents and Settings\tfsservice\Local Settings\Temp\[ProjectName]\fortify\Sources\Main\Source\fortifyScan.log" "myemail@mydomain.com"
you will notice that the batch file also runs a program called RunFortify.exe this is a program that I created, all it does is to email the fpr, html and log files to a specific email address. I am not going to discuss this exe in this post. you can create your own exe that does that or use TFS to email the files.
9 comments:
Hey guys,
I'm new here.
Btw, I happen to be a [url=http://crimeshots.com/forums/member.php?u=38474 ]lawyer[/url], too. :D
Hopefully I can contribute here!
LAS VEGAS, Nov. 15, 2012 -- /PRNewswire/ -- Caesars Entertainment Corporation (NASDAQ: CZR) today announced that Donald Colvin will join the company as Executive Vice President and Chief Financial Officer, subject to required regulatory approvals. In this role, Colvin will be responsible for Caesars' finance functions and report to Gary Loveman, Chairman, President and Chief Executive Officer. [url=http://SWEDEN-ONLINE-CASINO.COM/]SWEDEN-ONLINE-CASINO.COM
[url=http://sneakersonline.webs.com]isabel marant bags[/url] 锘縩tributes to the overall value of a used golf club.Ask Around [url=http://sacsonline4u.webnode.fr]sacsonline4u.webnode.fr[/url]
[url=http://sacsonline4u.webnode.fr]sacs longchamp[/url] 锘縩s pr茅f猫rent le style de r茅conforter porte monnaie longchamps tandis que pour les autres, c'est l'inverse.Votre chair en d茅composition est li茅 脿 attirer un zombie ou deux.Toutes les esp猫ces tech-savvy masculins s茅lectionnez l'option qui est la plus pratique pour eux, ce qui est des achats sac 脿 main lonchamp en ligne.ons de magasiner les derniers parfums, des pantoufles, des produits cosm茅tiques, des appareils 茅lectrom茅nagers et autres produits, de fa.Longes personnalis茅s 脿 eux seuls ne sont gu猫re l'锚tre-ensemble, une fin en soi r茅ponse 脿 la question de la s茅curit茅 脿 l'茅cole.Souvent, les gens les plus classiques sont inexp茅riment茅s avec elle vient 脿 la photographie.tre et sac longcham de s'adapter 脿 l'environnement.Le costume marin a commenc茅 脿 锚tre p.
[url=http://lvhandbagstore.blinkweb.com]louis vuitton wallets[/url] ?otbed louis vuitton sunglasses comes with a reinforced arch cookie for added support.With a layer of thick, vulcanized rubber sole, they ensure your louis vuitton wallet for men stability is kept firmly in check at all times.There louis vuitton bags for sale are various type and variety of hogans on sale, so you need to be very careful when you are making a watch.Your child Is no different and should be informed of this process.And when it comes to sneakers it has a good lot of high points.Certainly one of which is the layout your individual hogan promo in which a single could decide how one's hogan would seem like by deciding colour schemes as well as art that would be integrated into one's sneakers.A good way to save money is to buy the hogan on clearance.Featuring BioMoGo full.
[url=http://sacssolde.webnode.fr]longchamp sac[/url] 锘縠 et de sacoche longchamp pas cher la cheville.Il ya des livres qui porte monnaie longchamp sont consacr茅s 脿 nous aider 脿 atteindre ce nouveau look.Il ya beaucoup d'autres l脿-bas qui sont pr锚ts 脿 partager leurs id茅es de mode en ligne gratuitement.Quelles strat茅gies longchamp sac soldes sont disponibles.Il ya une chance pour r茅galer vos papilles apr猫s r茅galant vos sens.ont eu une touche moderne aux motifs ethniques des pays du Moyen-Orient, mais avec ce qu'ils ont aussi adopt茅 les tendances modernes.Il ya beaucoup de filles, il ya beaucoup de beaux corps, mais il ya tr猫s peu de belles filles avec de beaux corps.Ils sont 脿 l'aise sur des chemises ou t-shirts, mais il n'ya rien comme la sensation de cachemire sur votre peau.Une robe de bal 脿 prix abordable ne va pas 脿 assimiler 脿 un 茅l茅ment de.
[url=http://sacssolde.webnode.fr]sacssolde.webnode.fr[/url]
[url=http://forums.project.net/member.php?u=197404]sneakersshop.blinkweb.com/Kn5[/url]
[url=http://seapowers.com/board/index.php?action=profile;u=22142]sacsonline4u.webnode.fr/Eq0[/url]
[url=http://www.tewkster.com/forum/viewtopic.php?f=20&t=36&p=435#p435]lvhandbagstore.blinkweb.com/Ad9[/url]
Touche. Solid arguments. Keep up the amazing effort.
Feel free to surf to my site; how to buy followers on social media service twitter
Perfectly, no matter whether you wish to build that fantastic human body shape or enhance your total power and exercise, you are able to realize each promptly and
easily by performing out with dumbbells.
my web blog - http://www.getfitnstrong.com/bowflex-dumbbells/3-reasons-bowflex-selecttech-552-dumbbells/
This text seeks to distinct up some of the confusion and elaborate on several
of the benefits and drawbacks of each and every procedure.
Here is my blog - bowflex selecttech 552
Oh and overlook about physique fat exercise routines or the
Bowflex or Total Health club.
my page; free weights for sale
A screenshot of the code? Seriously? Couldn't have just copied and pasted it as text?
ESPECIALLY WHEN THE SCREENSHOT DOESN'T EVEN CAPTURE ALL OF IT?
Learn to be helpful.
converse outlet
balenciaga sneakers
kyrie 6
golden goose
outlet golden goose
golden goose
yeezys
lebron 14
vans
curry 6
Post a Comment