Running fortify scan on .cs files

Question

Is it possible to run Fortify scan on .cs files ? have searched on net and SF but did not get any concrete answer. The project structure is exactly like this https://pnppubsub.codeplex.com/SourceControl/latest

Some of the projects are portable class libraries

Answer 1

This is not really correct. Fortify doe not NEED to compile the code so that it can perform the scan. It can accept pre-compiled .Net Assemblies if they are build in a Debug configuration and the .pdb files are present.

For example a VS2012 project (typical VS folder structure):

MyProject\MyProject\bin\Debug\MyProject.dll
MyProject\MyProject\bin\Debug\MyProject.pdb
MyProject\MyProject\MyProject.csproj
MyProject\MyProject\MyProject.cs
MyProject\MyProject.sln

Your Translate step command would be something like:

sourceanalyzer -b MyProjectScan -vsversion 11.0 MyProject

Sourceanalyzer will look at the MyProject folder and all subfolders for Assemblies and .pdb files. The -vsversion 11.0 parameter tells Sourceanalyzer what .Net framework the Assemblies were built with.