问题
Related to question: Fortify command line usage
I would like to perform a nightly Fortify scan of my .NET solution, triggered by TeamCity's command line runner. I want to post up my own custom summary of the results to a web page.
The key information I want is the number of issues per level of criticality.
I have previously used the -f command-line switch for use with the Audit Workbench client, but the resulting .FPR file looks difficult to parse and interpret manually.
I'm using Fortify Static Code Analyzer 5.15.0.0060 and there does not appear to be a -format option that I can use to specify text.
Is there a way to obtain the numbers of issues found by the scan?
回答1:
Use the ReportGenerator utility. It was specifically designed for this purpose.
来源:https://stackoverflow.com/questions/23628164/obtaining-text-output-from-fortify-sourceanalyzer-command-line