Fortify build for .NET Core Projects

Created April 10, 2019 17:34

I'm trying to run following PowerShell script for scan my solution(.NET Core 2.0) with Fortify:

$SolutionFilePath = "C:\Repositories\MyProject"
$SolutionFileName = "MyProjectToTest"
$SSCFPRFileName = "MyProjectToTest.fpr"
$BuildIdName = "MyProjectToTest"


$path = "D:\Fortify"
If(!(test-path $path))
{
   New-Item -ItemType Directory -Force -Path $path
}

cd \
cd "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Current\Bin"

sourceanalyzer -b $BuildIdName -clean
sourceanalyzer -b $BuildIdName msbuild "$SolutionFilePath\$SolutionFileName.sln" 
sourceanalyzer -b $BuildIdName -scan -f "$path\$SSCFPRFileName"

exit 0

Every things works fine in my local machine.

But when I tried to run it in the server as a build step in TeamCity (TeamCity Enterprise 2018.2.1 (build 61078)) I got an error:

Microsoft (R) Build Engine version 16.0.461+g6ff56ef63c for .NET Framework
Copyright (C) Microsoft Corporation. All rights reserved.

MSBUILD : error MSB1021: Cannot create an instance of the logger. Could not load file or assembly 'Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
Switch: C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.20\Core\lib\FortifyMSBuildTouchless.dll

I'm using same version of Fortify in my local and the server (Fortify Static Code Analyzer 17.20.0183 (using JRE 1.8.0_144) ).

In both server and local machine I installed Build Tools for Visual Studio 2019 and .Net core SDK.

I tried with different version of MsBuild(14, 15, 16) and dotnet.exe and devenv.exe and I installed PowerShell Core. I got the same error.

I also could run the script in the same server for .NETFramework projects successfully, the only change is I used different path:

cd "C:\Windows\Microsoft.NET\Framework64\v4.0.30319"

It seems Fortify 17.20 does not support the .NETCore 2.X, When I add the

-dotnet-core-version 2.0

I got an error (in both local and server):

[error]: Invalid parameter 2.0 for command line argument -dotnet-core-version

but with 1.X is OK, so how is possible the same version of fortify works fine in local but not in the server?

What is the problem with .NETCore projects? any idea?

1 comment

Saeid

Created April 11, 2019 16:21

After some searching I found this one and it works fine for me:

$SolutionFilePath = "C:\Repositories\MyProject"
$SolutionFileName = "MyProjectToTest"
$SSCFPRFileName = "MyProjectToTest.fpr"
$BuildIdName = "MyProjectToTest"


$path = "D:\Fortify"
If(!(test-path $path))
{
   New-Item -ItemType Directory -Force -Path $path
}

cd \
cd "$SolutionFilePath"

sourceanalyzer -b $BuildIdName -clean
sourceanalyzer -b $BuildIdName -libdirs **/* **/* 
sourceanalyzer -b $BuildIdName -scan -f "$path\$SSCFPRFileName"

exit 0

No msbuild no other commands just navigate to solution folder and run it without any extra command.

Please sign in to leave a comment.