How to scan exe file??

Hello All,

Hope everyone is doing good.

I was trying to scan exe file through Fortify Audit workbench and I keep getting below error

DOTNET-DEBUG: Unhandled exception: Could not find a part of the path '{some_path}\-CppImplementationDetails-\$ArrayType$$$BY0BJ@V-$queue@V-$basic_string@DU-$char_traits@D@std@@V-$allocator@D@2@@std@@V-$deque@V-$basic_string@DU-$char_traits@D@std@@V-$allocator@D@2@@std@@V-$allocator@V-$basic_string@DU-$char_traits@D@std@@V-$allocator@D@2@@std@@@2@@2@@std@@.cs'.

Kindly suggest how to scan exe files.

  • Fortify Auditworkbench allows you to view the results of a Fortify scan.

    To scan you use the Fortify Static Code Analyzer.

    There is a big clue in the name of the client .. code ... it doesnt look at executables.

    Why you should do it so let SCA look at the build - and review the code that contributes to the build - not the executable.

    If libraries are involved then SCA will try to use any models it has - but for the most part libraries are not themselves scanned.

    To scan an executable you would use a virus checker to check for known signatures and a binary scanner like Synopsys Protecode or other such tools.

    Perhaps Micro Focus has one - we dont use it they do.

    My 2 cents

    Above though you seem to be takling about .NET. Now this is fully opensource these days - so likely you code scan that code. Also check if the .NET library / framework is compatible with your SCA ... I believe we had to move to 21.x to support .NET 5?

  • Thank you, 

    So even if i were to use fortify scan wizard i would still have to scan code and not executables?