Last post Feb 23, 2016 05:44 PM by bbcompent1
Feb 23, 2016 05:44 PM|bbcompent1|LINK
If you encounter pre-compilation errors during your attempt to scan an ASP.NET project for vulnerabilities, you can try these commands at the Visual Studio Developer Command Prompt.
1. Open the Visual Studio Command Prompt. (The Visual Studio Command Prompt loads the necessary environment variables required for the proper functioning of the Visual Studio command line tools.) You can open the VS command prompt by navigating to Start --> All Programs --> Microsoft Visual Studio 2010 --> Visual Studio Tools --> Visual Studio 2xxx Developer Command Prompt.
2. Please make sure you are able to build your solution successfully by running the following command:
devenv Sample.sln /Rebuild Debug
(Sample.sln is for demo use only, your project name will be different)
If you are able to build the solution successfully, proceed to the next step. If not, fix any build errors first.
3. Now please run the following Fortify SCA commands:
[Step 1: Clean]
sourceanalyzer -b Solution1 -clean
[Step 2: Translation/Build]
sourceanalyzer -b Solution1 -Xmx1280M -Xss8M -debug -logfile trans.log devenv Sample.sln /Rebuild Debug
[Step 3: Analysis]
sourceanalyzer -b Solution1 -Xmx1280M -Xss8M -debug -logfile scan.log -scan -f Results.fpr
(The build ID, i.e., the argument to the "-b" option, can be anything, but it must be the same for all three commands.)
If you see the ASP.NET Precompilation error while running Step 2 for the Translation/Build step, then examine the trans.log file produced by specifying the –logfile option. More details about the error should be available in the log file, to help you debug what is happening.