fortify scans


Chris Pollach answered fortify scans


Hi Randy;

    Unfortunately, the HP Fortify product does not support the PowerScript language.

    As a workaround though, PB does emit C++ or C# depending on whether you are a) compiling to machine code;  b) deploying as a Winform app; c) deploying a .NET Assembly; or d) deploying Web Service. During these compilation / deployments - you can trap the generated C++ and/or C# code and then feed that into Fortify. The generated code is basically a 100% reflection of the PowerScript commands. Thus, the Fortify scan of the generated C++ / C# source should expose any vulnerability issues from the static perspective.

   Note: the Winform deployment option was removed in PB 2017 but was present on PB versions 11.x through 12.6.

Regards ... Chris