Fortify360 with an automated build process?

An开发者_JAVA百科yone have any sample configurations using CruiseControl.net or similar tool?

The best way to do this is:

1. Install Microsoft Visual Studio on the build server
2. Install Fortify SCA on the build server
3. In the cruise control configuration, check out the source code

4. Specify the cruise control configuation to run the following in a Visual Studio command prompt:

   sourceanalyzer -b FOO devenv solution.sln /REBUILD "Debug"

The final parameter is the name of the build configuration; this configuration needs to emit PDBs for any buildable component you need SCA to analyze.

If you haven't already found it, you can get the authtoken from: fortifyclient token -gettoken AnalysisUploadToken -url [url] -user [YourUsername]

For uploads, I find it easier to use the string arguments of both "-project [PROJECT] -version [VERSION]" instead of the -projectID [NUMBER]. Same thing, different invocation.