Highlighted
Frequent Visitor.
225 views

Fortify SCA MSBuild Touchless logger removes quotes

We use Fortify SCA 19.1.2, MSBuild icm the touchless logger. The touchless logger removes the quotes in the msbuild arguments creating errors.

From our Build pipeline (Azure DevOps / Visual Studio build task). Command is triggered on the build agent, with the Fortify Touchless logger:

"C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\Curencrent\Bin\amd64\msbuild.exe" "C:\DATA\Agent2\_work\90\s\Test.AspNet.sln" /nologo /logger:"C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.1.2\Core\lib\FortifyMSBuildTouchless.dll" /p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:PackageLocation="C:\DATA\Agent2\_work\90\a\Test.AspNet-1.0.0.zip" /p:SignAssembly=false /p:DebugSymbols=true /p:DebugType=pdbonly /p:FileAlignment=512 /p:Optimize=true /p:platform="Any CPU" /p:configuration="Release"

Now the touchless logger kicks-off the msbuild.exe provided by Fortify. It picks up the msbuild arguments as follows:

"C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.1.2\Core/private-bin/sca/msbuild/msbuild.exe" /p:deployonbuild=true /p:webpublishmethod=package /p:packageassinglefile=true /p:skipinvalidconfigurations=true /p:packagelocation=c:\data\agent\_work\1\a\test.aspnet-1.0.0.zip /p:signassembly=false /p:debugsymbols=true /p:debugtype=pdbonly /p:filealignment=512 /p:optimize=true /p:platform=any cpu /p:configuration=release

As you can see, all quotes are removed. This leads in an error in msbuild error 'MSB1008: Only one project can be specified. Switch: CPU'. Because the quotes are missing in the platform argument, CPU is considered as a new project.

Why is the touchless logger removing quotes? How can we solve this? This was working correctly in Fortify SCA 17.* but broke in 18.* and 19.*

Tags (3)
0 Likes
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.