05-15-2013 12:38 PM
How do I scan C# and C++ files within the Fortify Workbench without going through a MS Visual Studio Solution (sln) file. That is the only way I can find to do it through the documentation. When I launch an advanced scan on a directory with these types of files in them they don't show in the directory tree. It's as if Fortify can't see .cs or .cpp files. Did I miss a step in configuring Fortify or is there another way to get these files scanned? It works fine with Java but most of my projects are in C# or C++ and I was under the impression Fortify could scan thoes as well.
01-16-2014 08:31 PM
As C++ requires a compiler and build system such as make, you'll need to enter additional commands.
ALso, keep in mind that you'll need to have VS or MSBuild installed to build VS projects.
a week ago
I'm pretty new to Fortify SCA, but my understanding is that to do a directory based scan on a .NET App it needs to first be compiled. For ASP.NET Apps this means that ASPX must also be compiled.
We are currently building our solutions one a build server and then moving the output to a SCA Machine with VS2008-2012 installed for the scanning process.