Analyzing Projects That Build Multiple Executable Files

If your Visual Studio or MSBuild project builds multiple executable files (such as files with the file name extension *.exe), Fortify strongly recommends that you run the analysis phase separately for each executable file to avoid false positive issues in the analysis results. To do this, use –binary-name option when running the analysis phase and specify the executable file name or .NET assembly name as the parameter.

The following example shows how to translate and analyze a Visual Studio solution Sample.sln that consists of two projects, Sample1 (a C++ project with no associated .NET assembly name) and Sample2 (a .NET project with .NET assembly name Sample2). Each project builds a separate executable file, Sample1.exe and Sample2.exe, respectively. The analysis results are saved in Sample1.fpr and Sample2.fpr files.

sourceanalyzer -b MySampleProj msbuild /t:rebuild Sample.sln
sourceanalyzer -b MySampleProj -scan -binary-name Sample1.exe -f Sample1.fpr
sourceanalyzer -b MySampleProj -scan -binary-name Sample2.exe -f Sample2.fpr

For more information about the -binary-name option, see Analysis Options.