c# - HP Fortify - Dead Code stored in Asp.net Temp Files -


is there possible fix dead code identified fortify when scanning asp.net mvc 3 project? code identified "dead' in generated files, stored in asp.net temp files folder. have 173 of these findings showing in our scan results. using version 6.10 of hp fortify scanner, latest rulepacks.

i came across article mitigates fortify dead code in mvc. appearantly, out of box fortify scans the mvc website if standard asp.net application.

modify fortify properties file

open {fortify_install_dir}\core\config\fortify.properties , uncomment following:

com.fortify.vs.skipaspprecompilation=true , also, set following property false (default value true).

com.fortify.vs.requireaspprecompilation=false build project

build project normal in visual studio

copy build artifacts

copy build artifacts /bin directory @ root of project following location -

c:\windows\microsoft.net\framework{frameworkverion}\temporary asp.net files{yourprojectname} project named “yourproject.web” build against .net 4 or 4.5, path this-

c:\windows\microsoft.net\framework\v4.0.30319\temporary asp.net files\yourproject.web run scan

see full article charles king here:

http://charlesbking.com/programming/2015/01/23/run-fortify-on-asp-mvc.html


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -