Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
EmpWW Absent Member.
Absent Member.
5229 views

HP Fortify SCA skipping few ASP.Net dlls in static analysis

Dear Friends,

 

My company has recently bought the HP Fortify static code analysis product. We have scanned two projects using the tool. We are haveing two ASP.Net Webform application (ASP.Net 4.0).

 

The tool is skipping few dlls in its scan for one project and considers the same for other project. Both the projects are referring to these dlls and its projects and are copied to bin directory of the website after successful build. Both the projects has dlls with their pdb files preset. Still I don't see any reason why its not scanning and displaying security issue within few of these dlls for one web apps but displaying it for other web apps.

 

Is there any pointer I can look to find out the issue? 

 

I had tried going to user specific folder in AppDarta\Local\Fortify and found some Build.txt files for both the projects. As dlls are copied and referred in multiple projects, I found that these dlls are under "excludes" text. In case of one project where it does not skip these dlls, it has exclude it from 3 locations while for other project its listed out 5 times and thus excluding all the locations. Does this indicate any issue?

 

Your help is appreciated.

 

Thanks,

Jitendra

Labels (1)
Tags (2)
0 Likes
1 Reply
NancyR Absent Member.
Absent Member.

Re: HP Fortify SCA skipping few ASP.Net dlls in static analysis

This is an older post, but we are having the same issue.  Different team members are getting different results.  I would be interested in knowing if you got past this issue and how.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.