Cadet 3rd Class
Cadet 3rd Class
3980 views

Developer Workbook missing code snippets

I'm running a translate using MSBUILD, then a scan, then generating a Developer Workbook report of the findings. The report never includes any code snippets - after referencing the line number it just says "No snippet available", for all findings.

Any suggestions on how to cause the snippets to be included in the report?

Engine Version: 17.10.0156

Commands issued:

sourceanalyzer -debug -b Build_4349 -Xmx18431M -Xms400M -Xss24M -verbose -clean

sourceanalyzer -debug -verbose -b Build_4349 -Xmx18431M -Xms400M -Xss24M "C:\Program Files (x86)\MSBuild\14.0\Bin\MSBuild.exe" "D:\source\Application\All Projects.sln" /p:Configuration="Release" /p:Platform="Any CPU" /target:"rebuild"

sourceanalyzer -debug -b Build_4349 -Xmx18431M -Xms400M -Xss24M -logfile D:\fortifyprojects\Build_4349.log -f D:\fortifyprojects\Build_4349.fpr -scan

BIRTReportGenerator -format PDF -source D:\fortifyprojects\Build_4349.fpr -output D:\fortifyprojects\Build_4349_devw.pdf -template "Developer Workbook" --IncludeDescOfKeyTerminology

 

 

Tags (1)
0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Could it be that you have code snippets disabled in the fortify-sca.properties file to save time on large scans?  Normally these are enabled (com.fortify.sca.FVDLDisableSnippets=false).  You can either disable all snippets inclusions within this properties file (set it to true), or you may leave it enabled in the properties file and only disable it on a per-scan basis using the sourceanalyzer {-fvdl-no-snippets} option.  There is an additional SnippetContextLines option for the properties file where you can specify the quantity of lines to code to be included (default = 2)


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Cadet 3rd Class
Cadet 3rd Class

Thanks for the suggestion - I checked the properties file and it contains the line com.fortify.sca.FVDLDisableSnippets=false, so that doesn't appear to be the problem. I'm also not using the command-line option to disable them.

The problem seems to be related to the msbuild translation (just guessing), because if I scan the C# code statically, without doing a build, I can get snippets in the workbook.

 

0 Likes
Lieutenant Commander
Lieutenant Commander

I face the same isue with version 18.10.

How do you scan the code statically? Are the results the same?
I thought the build steps was mandatory.

0 Likes
Captain
Captain

Hi, Just to know if your issue has been resolved? What was the resolution? Thanks, Nathan Pitero
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.