|
|
#1
08-14-2013, 03:27 PM
|
|||
|
|||
|
VBP and HP Fortify
I am using VBP 7.7a
Is there a way to turn off quotation marks around the default location of the Devenv / MSBuild / VCBuild? Is there a way to turn off escape characters around the same? similar to:{Tools\Application Options\Logging(More)\"Escape special characters in step output macros"} Alternatively is there a way to keep VBP from inserting "&&" after "Command to run before main command"? Also how does VBP determine the default location of devenv? Thank you, James Mathews 
|
|
#2
08-14-2013, 04:05 PM
|
||||
|
||||
|
Quote:
Quote:
http://www.kinook.com/Forum/showthread.php?t=3044 Quote:
http://www.microsoft.com/resources/d....mspx?mfr=true Quote:
|
|
#3
08-14-2013, 04:47 PM
|
||||
|
||||
|
Quote:
{[1]"}sourceanalyzer{[1]"} -b %someBuildID% {[2]"}%devenv%{[2]"} {[3]"}%solutionToCompile%{[3]"} %anyBuildVariables%where {[x]"} indicate quotes that follow the behavior you outlined and x indicates a set (both must be either present or absent.) Quote:
"sourceanalyzer -b %buildID% "%devenv%hoping for: ""sourceanalyzer -b someBuildID "pathtodevenv\devenv.com" ....but getting: "\"sourceanalyzer -b someBuildID \"pathtodevenv\devenv.com" .... Quote:
%devenv% %solutionToCompile% %anyBuildVariables%as parameters to sourceanalyzer -b %buildID% Quote:
sourceanalyzer -b %buildID% %correctDEVENV%and reset it afterwards. Using this solution I would still need to overcome the quotation issue from above, but would save me a lot of time modifying each step by hand. Also before you sugest using something like "Run Script" let me explain my situation... To give you a idea of the size of the project, using VBP it takes over 14 hours to compile, one of the 2 current versions of this software utilize VB6 and VS2010, the other version uses VS2010, vs2008, VS2005, and VB6 (it is the older version). The older version has over 2000 steps, the newer is segmented across ~40 build files. In addition, we are not the developers, we provide software assurance on these products for the US Govt. Every time the developer drops new software, we provide static code analysis and regression testing on it. They use VBP 7.7a, and every time there is a new drop we get a new set of build files. Thank you for your assistance, James Mathews
|
|
#4
08-14-2013, 05:25 PM
|
|||
|
|||
|
There isn't a way to prevent quoting of the devenv command or escaping of additional extra quote characters added to a command.
Locating devenv.com does use registry lookups, but it's fairly involved for the various versions, bitness of Windows, fallback to App Paths, etc. I think you might need to use a Run Program action and call sourceanalyzer directly. You could use the object model to iterate over all Make VS steps in the projects and create matching Run Program steps calling sourceanalyzer. http://www.kinook.com/VisBuildPro/Ma...bjectmodel.htm http://www.kinook.com/VisBuildPro/Ma...riptsample.htm Another possibility might be to create your own custom executable that calls sourceanalyzer, and specify that executable in the Override field on the Options tab of the Make VS action. http://www.kinook.com/VisBuildPro/Ma...optionstab.htm
|
|
#5
08-14-2013, 05:32 PM
|
|||
|
|||
|
Quote:
Quote:
Is there any possibility of integrating Fortify into future versions of VBP? Say a check box in the to turn it on and a textbox to enter a build id in the various Make VS* actions? It won't help me now but down the road it probably will (up to the developer) Thank you, James Mathews Last edited by James.Mathews; 08-14-2013 at 05:33 PM. Reason: afterthough
|
|
#7
08-15-2013, 07:40 AM
|
|||
|
|||
|
Quote:
|
|
#8
10-25-2013, 04:13 PM
|
|||
|
|||
|
In the latest build (8.5.0.1), there is a new Prefix main command option on the Advanced tab of Run Program and derived actions to prefix the main command instead of running as a separate command (&&), which should allow you to call sourceanalyzer from a Make VS* action.
|
 |
| Tags |
| hp fortify |
|
|
Linear Mode
