HP Fortify SCA skipping few ASP.Net dlls in static analysis
My company has recently bought the HP Fortify static code analysis product. We have scanned two projects using the tool. We are haveing two ASP.Net Webform application (ASP.Net 4.0).
The tool is skipping few dlls in its scan for one project and considers the same for other project. Both the projects are referring to these dlls and its projects and are copied to bin directory of the website after successful build. Both the projects has dlls with their pdb files preset. Still I don't see any reason why its not scanning and displaying security issue within few of these dlls for one web apps but displaying it for other web apps.
Is there any pointer I can look to find out the issue?
I had tried going to user specific folder in AppDarta\Local\Fortify and found some Build.txt files for both the projects. As dlls are copied and referred in multiple projects, I found that these dlls are under "excludes" text. In case of one project where it does not skip these dlls, it has exclude it from 3 locations while for other project its listed out 5 times and thus excluding all the locations. Does this indicate any issue?
Your help is appreciated.
Re: HP Fortify SCA skipping few ASP.Net dlls in static analysis
This is an older post, but we are having the same issue. Different team members are getting different results. I would be interested in knowing if you got past this issue and how.