Fatal编程技术网
  • cplusplus/
  • C++ Fortify在扫描Visual Studio项目时引发错误

C++ Fortify在扫描Visual Studio项目时引发错误

c++ visual-studio-2008

C++ Fortify在扫描Visual Studio项目时引发错误,c++,visual-studio-2008,fortify,C++,Visual Studio 2008,Fortify,我正试图在VisualStudio2008项目上运行Fortify。该项目自行成功构建。当我尝试使用Visual Studio集成控件使用Fortify分析项目时,项目成功构建,但抛出错误消息。以下是强化控制台的输出: Fortify SCA... Running: "-show-runtime-properties" Running: "-b" "ProjectName" "-clean" Error setting VCProject Path. Abort VC project rel

我正试图在VisualStudio2008项目上运行Fortify。该项目自行成功构建。当我尝试使用Visual Studio集成控件使用Fortify分析项目时,项目成功构建,但抛出错误消息。以下是强化控制台的输出:

Fortify SCA...
Running: "-show-runtime-properties" 
Running: "-b" "ProjectName" "-clean" 
Error setting VCProject Path. Abort VC project related scan
Scan Failed Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified. 
   at FortifyBase.Scanner.CPPScanUtil.ResetVCProjectExecutableDirectories()
   at FortifyCommon.Scanner.BuildListeners.VSBuildDone(vsBuildScope scope, vsBuildAction action)
Scan Failed: 
Could not load file or assembly 'Microsoft.VisualStudio.VCProjectEngine, Version=8.0.0.0, Culture=neutral, PublicKeyToken=<string here>' or one of its dependencies. The system cannot find the file specified.
我保留了大多数默认扫描选项,只是将“这是一个J2EE web应用程序”更改为“否”(我也尝试将此更改为“是”,但也没有成功

搜索有关错误消息的任何信息只会产生另一个堆栈溢出,但项目设置似乎与我的Visual Studio项目完全不同。无论如何,我也尝试使用Visual Studio提供的参数从命令行运行扫描,但我收到了相同的错误消息

强化文档提到构建ID用于跟踪哪些文件作为构建的一部分被编译和链接,然后扫描这些文件,它通常是项目名称。我尝试了几个不同的字符串作为构建ID,但似乎没有任何效果

有人知道我哪里出错了吗?提前谢谢

更新:问题发生在分析的转换阶段,因此根本没有创建生成ID。以下是sourceanalyzer日志中的日志:

[2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)
好的,我认为这是VS2010上C/C++翻译的一个已知问题。我发现的解决方法是:

  • 打开Visual Studio x86命令提示符
  • 更改为KindleExport.sln的目录
  • 运行: sourceanalyzer-b kindleexport-devenv kindleexport.sln/REBUILD
  • 运行: sourceanalyzer-b kindleexport-scan-f kindleexport.fpr
    • [2010-08-23 21:20:53 INFO]
Fortify Source Code Analyzer 5.1.0.0061
[2010-08-23 21:20:53 INFO]
Args:
["-b", "ProjectName", "-machine-output", "-vsversion", "8.0", "C:\\Program Files (x86)\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe", "ProjectName.sln", "/rebuild", "DEBUG"]
[2010-08-23 21:20:53 INFO]
VM Args:
"-XX:SoftRefLRUPolicyMSPerMB=100 -Xss1M -Xmx600M -Xms16M"
[2010-08-23 21:21:04 INFO 1102]
Compiler execution failed (exit code: 1).
[2010-08-23 21:21:04 WARNING]
exit(1)