Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
sri.pulla@veriz Absent Member.
Absent Member.
4793 views

Warning related to third party dll location when running the SCA

When I run the bat file generated from the Scan Wizard, all the system dll's and similar other dll's load successfully but also see warnings for some of the third party dlls which are loaded in to the .Net solution using NuGet packaging and are located in the Packages folder.

Attached is the screen shot of the warning. Could any of you please help resolve this issue?

FortifyScreenshot-thirdparty.PNG

Labels (1)
0 Likes
3 Replies
Trusted Contributor.. stephen.b.burri Trusted Contributor..
Trusted Contributor..

Re: Warning related to third party dll location when running the SCA

I personally do not like using the scan wizard.  There are several ways to scan .Net applications (through Visual Studio/msbuild/and scanning of the compiled .dlls.

Can you tells us how you configured the Scan Wizard to generate that .bat file you are using?

Maybe we can help you come up with a better way of scanning your code.  Can you answer these questions?

- Is Visual Studio 2012-2015 installed on the build machine (and can you install the Fortify plug-in into it)?

- Is this an ASP.Net application?

- Do you have all the source including .sln file or do you just have the complied code (hopefully compiled in debug mode).

0 Likes
sri.pulla@veriz Absent Member.
Absent Member.

Re: Warning related to third party dll location when running the SCA

Hi Stephen,

Yup, I am using the scan wizard as it seems easier to automate using the bat file instead of manually running it scan from the VS IDE.

- Is Visual Studio 2012-2015 installed on the build machine (and can you install the Fortify plug-in into it)? - We have a separate machine for scans and yes it has VS 2015. I do not plan to run the scans manually from VS as mentioned earlier.

- Is this an ASP.Net application? - YES

- Do you have all the source including .sln file or do you just have the complied code (hopefully compiled in debug mode). All the source including .sln

Let me know the best way to address this issue.

Thanks,

Sri.

0 Likes
Trusted Contributor.. stephen.b.burri Trusted Contributor..
Trusted Contributor..

Re: Warning related to third party dll location when running the SCA

The best option for you would be to setup a scan script to run through Visual Studio.  The first step that is needed to install the VS Plugin on the build machine (you can rerun the installer and select VS 2015 complete plugin).

Now to setup a batch file of your own to scan.  Here is a sample batch file that scans.

sourceanalyzer -b test -clean

sourceanalyzer -b test "D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" /REBUILD Debug Sample1.sln

sourceanalyzer -b test -Xmx8G -scan -f scan.fpr

Things to note, the this contains the full path to the Visual Studio exe (devenv.exe).  This script is assumed to be in the same directory as the .sln (Sample1.sln) but does not have to be.

The most common problems I see when scanning through VS, is Visual Studio not compiling.  This is either becuase there are missing dependences (Nuget downloading), an ASP.Net Precompilation error, or when Visual Studio is opened up there is a dialog box blocking the way (normally source control).  If it is the dialog box, opening Visual Studio and setting the appropriate settings does the trick.

When testing this out, first try a complication not involving Fortify SCA/sourceanalzyer.  Run ["D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" /REBUILD Debug Sample1.sln] from the command line.  If this errors out, that means the current machine cannot build the project, opeing up VS and the project normally help ["D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" Sample1.sln]

Once VS is squared away, using the script should work from then on out.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.