Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
4 replies Latest Post - ‏2011-08-23T21:08:27Z by kalperst
kalperst
kalperst
11 Posts
ACCEPTED ANSWER

Pinned topic Appscan Source Integration with Microsoft TeamBuild

‏2011-08-10T15:27:57Z |
We are trying to integrate Appscan Source with our automated builds. We use TeamBuild for this and have encountered some issues doing this. Has anyone been able to integrate their scanning with TeamBuid and if so, how did you accomplish this?

Any help would be appreciated.

Regards
Updated on 2011-08-23T21:08:27Z at 2011-08-23T21:08:27Z by kalperst
  • SystemAdmin
    SystemAdmin
    49 Posts
    ACCEPTED ANSWER

    Re: Appscan Source Integration with Microsoft TeamBuild

    ‏2011-08-12T18:12:07Z  in response to kalperst
    At a high level, the procedure is to:
    Step 1) Get the scan working in AppScan Source Edition for Security
    Step 2) Scan the application configuration file from (step 1) using AppScanSourceCLI

    For (Step 1), there are several ways to scan a .NET solution in AppScan Source. I just sketched them out at a high level in another post https://www.ibm.com/developerworks/forums/thread.jspa?threadID=382611&tstart=0.

    Depending on how you configure the application, you end up with either a wrapper around the Solution file (.sln.gaf), or a hand-made application file (.paf) containing either wrappers around the Projects (.csproj.gpf) or a hand-made project file (.ppf).
    Method 1) If you import a solution, you'll have a .sln.gaf
    Method 2) If you create a blank application then import projects, you'll have a .paf and .csproj.gpf files.
    Method 3) If you create a .NET Assembly Project, you'll have .paf and .ppf files

    If you add or remove classes from your source code, AppScan Source will know to target them (as long as Visual Studio includes them in the .sln or .csproj we will see them). If you add an entirely new project to your existing solution, you might have to add that project into your AppScan Source application configuration file if you used method 2 or method 3.
    For (Step 2), refer to the AppScan_Utilities_Guide.pdf for instructions on how to scan Applications using AppScanSourceCLI. You basically have three steps: Login, OpenApplication, Scan. You can put these three commands in a text file and invoke it from a command line. Here's an example:
    login localhost
    openapplication AltoroJ_ant.paf
    scan AltoroJ_ant.ozasmt
    quit

    Note that my "login" command doesn't have a hard-coded username and password. That is because I used "AppScanSourceCLI" with the --persist flag to create a "token" so I wouldn't have to use hard coded usernames and passwords in my scripts. This is also documented in AppScan_Source_Utilities.pdf (in %appscanhome%/docs or in your Start Menu)

    /eh
  • kalperst
    kalperst
    11 Posts
    ACCEPTED ANSWER

    Re: Appscan Source Integration with Microsoft TeamBuild

    ‏2011-08-12T18:31:43Z  in response to kalperst
    Eric,
    Thanks for responding. I have done all you describe below and can scan the code using CLI commands. However when I try to execute a .bat file from within a TeamBuild script, I get the following error: "Unable to create Visual Studio process VisualStudio.DTE.9.0"

    The .bat file works outside of the TeamBuild environment, but not when called from a TeamBuild script. I was wondering if anyone else has tried this and if they have found a solution.
    • SystemAdmin
      SystemAdmin
      49 Posts
      ACCEPTED ANSWER

      Re: Appscan Source Integration with Microsoft TeamBuild

      ‏2011-08-12T18:47:33Z  in response to kalperst
      That error is typically caused by not having Visual Studio installed on the machine where you are attempting to scan. You should have the version of VS that corresponds to the .sln file (e.g. if it was made using VS2008 then you should have that version).

      Is it the case that VS is installed and you're still getting this error?

      /eh
  • kalperst
    kalperst
    11 Posts
    ACCEPTED ANSWER

    Re: Appscan Source Integration with Microsoft TeamBuild

    ‏2011-08-23T21:08:27Z  in response to kalperst
    It is the case that VS is installed. I can run the scan from the CLI on the same machine, but when launched from TeamBuild, no luck