05-15-2013 12:38 PM
How do I scan C# and C++ files within the Fortify Workbench without going through a MS Visual Studio Solution (sln) file. That is the only way I can find to do it through the documentation. When I launch an advanced scan on a directory with these types of files in them they don't show in the directory tree. It's as if Fortify can't see .cs or .cpp files. Did I miss a step in configuring Fortify or is there another way to get these files scanned? It works fine with Java but most of my projects are in C# or C++ and I was under the impression Fortify could scan thoes as well.
01-16-2014 08:31 PM
As C++ requires a compiler and build system such as make, you'll need to enter additional commands.
ALso, keep in mind that you'll need to have VS or MSBuild installed to build VS projects.
03-03-2014 08:42 PM
I'm pretty new to Fortify SCA, but my understanding is that to do a directory based scan on a .NET App it needs to first be compiled. For ASP.NET Apps this means that ASPX must also be compiled.
We are currently building our solutions one a build server and then moving the output to a SCA Machine with VS2008-2012 installed for the scanning process.