We are trying to integrate Appscan Source with our automated builds. We use TeamBuild for this and have encountered some issues doing this. Has anyone been able to integrate their scanning with TeamBuid and if so, how did you accomplish this?
Any help would be appreciated.
Pinned topic Appscan Source Integration with Microsoft TeamBuild
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2011-08-23T21:08:27Z at 2011-08-23T21:08:27Z by kalperst
SystemAdmin 110000D4XK49 Posts
Re: Appscan Source Integration with Microsoft TeamBuild2011-08-12T18:12:07ZThis is the accepted answer. This is the accepted answer.At a high level, the procedure is to:
Step 1) Get the scan working in AppScan Source Edition for Security
Step 2) Scan the application configuration file from (step 1) using AppScanSourceCLI
For (Step 1), there are several ways to scan a .NET solution in AppScan Source. I just sketched them out at a high level in another post https://www.ibm.com/developerworks/forums/thread.jspa?threadID=382611&tstart=0.
Depending on how you configure the application, you end up with either a wrapper around the Solution file (.sln.gaf), or a hand-made application file (.paf) containing either wrappers around the Projects (.csproj.gpf) or a hand-made project file (.ppf).
Method 1) If you import a solution, you'll have a .sln.gaf
Method 2) If you create a blank application then import projects, you'll have a .paf and .csproj.gpf files.
Method 3) If you create a .NET Assembly Project, you'll have .paf and .ppf files
If you add or remove classes from your source code, AppScan Source will know to target them (as long as Visual Studio includes them in the .sln or .csproj we will see them). If you add an entirely new project to your existing solution, you might have to add that project into your AppScan Source application configuration file if you used method 2 or method 3.
For (Step 2), refer to the AppScan_Utilities_Guide.pdf for instructions on how to scan Applications using AppScanSourceCLI. You basically have three steps: Login, OpenApplication, Scan. You can put these three commands in a text file and invoke it from a command line. Here's an example:
Note that my "login" command doesn't have a hard-coded username and password. That is because I used "AppScanSourceCLI" with the --persist flag to create a "token" so I wouldn't have to use hard coded usernames and passwords in my scripts. This is also documented in AppScan_Source_Utilities.pdf (in %appscanhome%/docs or in your Start Menu)
Re: Appscan Source Integration with Microsoft TeamBuild2011-08-12T18:31:43ZThis is the accepted answer. This is the accepted answer.Eric,
Thanks for responding. I have done all you describe below and can scan the code using CLI commands. However when I try to execute a .bat file from within a TeamBuild script, I get the following error: "Unable to create Visual Studio process VisualStudio.DTE.9.0"
The .bat file works outside of the TeamBuild environment, but not when called from a TeamBuild script. I was wondering if anyone else has tried this and if they have found a solution.
SystemAdmin 110000D4XK49 Posts
Re: Appscan Source Integration with Microsoft TeamBuild2011-08-12T18:47:33ZThis is the accepted answer. This is the accepted answer.
- kalperst 060000PHGA
Is it the case that VS is installed and you're still getting this error?
Re: Appscan Source Integration with Microsoft TeamBuild2011-08-23T21:08:27ZThis is the accepted answer. This is the accepted answer.It is the case that VS is installed. I can run the scan from the CLI on the same machine, but when launched from TeamBuild, no luck