Fortify Audit Workbench是否有任何命令行选项可以让我把它放在一个cron作业中并每天运行它?
扫描需要两个多小时,我希望它能在一夜之间运行并在早上看到结果。
杰森
答案 0 :(得分:3)
Audit Workbench是底层SCA引擎(sourceanalyzer)
如果您知道如何通过命令行扫描代码,则可以创建一个Windows批处理文件或bash脚本来执行它。
最难的部分是提出翻译命令。这将是语言和项目特定的。
您的脚本应至少有3个步骤
将扫描结果上传到您的SSC实例有第四个可选步骤。此步骤使用fortifyclient命令。
参考文献:
sourceanalyzer -h fortifyclient工具与SSC进行通信。如果没有任何进一步的信息,我们无法帮助您处理实际的命令。
答案 1 :(得分:2)
sourceanalyzer是命令行工具
我将此(作为Windows批处理文件)作为
运行sourceanalyzer -b 1234 devenv "VsSolution.sln" /REBUILD release
答案 2 :(得分:2)
The other answers are correct, but there's an easier way. There's a Scan Wizard that creates a batch script for you. You point it at your project, answer some questions, and it creates a script. Check a box and it'll also upload to SSC.
Scan Wizard is located in /bin. It may also be in your Start menu, next to Audit Workbench.
Note: Sometimes I have to modify the script. But if you're able to scan using the Fortify button in Visual Studio, then the default script usually works.