Print Page   |   Contact Us   |   Sign In   |   Register

Join Vivit
Contact Vivit
Become a Leader
Become a Sponsor
Community Search

Digital Transformation with HPE Cloud Management

Deliver Amazing Apps Fast in the Idea Economy: a DevOps Transformation

Virginia / Mid-Atlantic VIVIT Chapter Meeting

Chicago Chapter Webinar

Learn how HPE’s Mobile Solutions Revolutionize Synthetic Monitoring

LinkedInTwitterFacebookGoogle Plus

HPE Software Products: Fortify Software Security Center Discussion
Share |

Referenced assembly does not include assembly pathOpen in a New Window

Hi I have Rebuid the .net solution file in command prompt the Rebuid is succeeded but i see something which I coudnt understand why it is appearing.

I opened developer command pprompt which is in All programs->Visual Studio 2013->Visual Studio Tools->Developer Command Prompt for VS2013.

These where the commands I used 

cd c/user/xyz

sourceanalyzer -b "app" -verbose -debug -logfile trans.log devenv Sample.sln /Rebuild Debug

Whereas the error whic I am getting is 

========= Rebuild All: 11 succeeded, 0 failed, 0 skipped =======


Fortify SCA..


Running: INFO : "-show-runtime-properties"


Referenced assembly does not include assembly path: Thicktecture.ServiceModel.Extensions.Metadata


Running: ASPCOMPILE : "-v" xyz


Running:  TRANSLATE :


Can anyone tell me why I am getting this error ?



Cannot Seed Initial DB - MSSQLOpen in a New Window

Hey all,

I'm not able to proceed past the initial seeding in the configuration setup. We're trying to setup the environment to demo and sandbox, but we keep getting this error and can't progress any further.

If anybody has any ideas, it would be incredibly helpful.

Some initial errors are below (entire log exceeds current characters)

16-10-17 14:52:26,586 [com.fortify.systemspec] - ========================== Fortify Context Startup =============================

WARN 2016-10-17 14:52:30,902 [org.hibernate.mapping.RootClass] - HHH000038: Composite-id class does not override equals(): com.fortify.manager.DAO.measurement.VariableCopy$VariableCopyPK

WARN 2016-10-17 14:52:30,903 [org.hibernate.mapping.RootClass] - HHH000039: Composite-id class does not override hashCode(): com.fortify.manager.DAO.measurement.VariableCopy$VariableCopyPK

WARN 2016-10-17 14:52:40,907 [com.fortify.manager.service.ldap.impl.LdapConfigRestorerImpl] - Not loading ldap properties into DB because enabled flag is false.

WARN 2016-10-17 14:52:44,408 [com.fortify.manager.service.runtime.RuntimeControllerConnectionConfiguration] - Runtime integration disabled

INFO 2016-10-17 14:52:44,915 [com.fortify.server.configuration.db.DBUtil] - Start of "sourcefilemap.fileName initial filling"

INFO 2016-10-17 14:52:45,402 [com.fortify.server.configuration.db.DBUtil] - "sourcefilemap.fileName initial filling" is successfully completed

INFO 2016-10-17 14:52:45,412 [com.fortify.server.configuration.db.DBUtil] - Opening zip file: temp4699533465298773753zip

INFO 2016-10-17 14:52:47,679 [com.fortify.server.configuration.db.DBUtil] - Opening zip file: temp4390493848572494269zip

INFO 2016-10-17 14:52:58,114 [com.fortify.server.configuration.db.DBUtil] - Opening zip file: temp465640963335816730zip

INFO 2016-10-17 14:53:00,017 [com.fortify.server.configuration.db.DBUtil] - Opening zip file: temp5984807870144934414zip

INFO 2016-10-17 14:53:02,418 [com.fortify.server.configuration.db.DBUtil] - Opening zip file: temp2067715629240169605zip

WARN 2016-10-17 14:53:09,205 [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - SQL Error: 2627, SQLState: 23000

ERROR 2016-10-17 14:53:09,205 [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] - Violation of PRIMARY KEY constraint 'PK_CATPACKLOOKUP'. Cannot insert duplicate key in object 'dbo.catpacklookup'. The duplicate key value is (1510, Code Correctness: null Argument to equals()).

ERROR 2016-10-17 14:53:09,209 [org.hibernate.engine.jdbc.batch.internal.BatchingBatch] - HHH000315: Exception executing batch [could not perform addBatch]

ERROR 2016-10-17 14:53:09,220 [com.fortify.manager.BLL.impl.RulepackBLLImpl] - Exception loading external metadata

com.fortify.manager.exception.FMDALGeneralException: An unexpected error occurred.



Cannot update Audit Project from SCA to SSCOpen in a New Window


First sorry in my English ^_^". Right now I have an issue uploading the audit project to SSC Server. After using SCA to scan the code, I clicked upload the audit project, In the step "Uploading Audit..." I encountered an issue like this


(DOCTYPE is disallowed when the feature
"" set to true." (line1))


Well, i'm not kind of Java and tomcat guys. After searching google a while i still can't figure where I can fix this = ="
So Please help >_<

For my environment installation
1. SSC install using tomcat 8.5 In Windows 2012 r2, MSSQL2014r2
2. SCA install on Windows 7 x64


SSC 16.10 Cannot update the RulePackOpen in a New Window

Hi i'm now building new SSC 16.10 to support deploying rulepack in our environment.

After finished basic configuration, I tried to Update SSC rulepacks via Browser UI. after that it threw an error like this

"An internal error has occurred. Please contact your Fortify System Administrator"

Please help


HP WebInspect Certificates and Authentication Time OutOpen in a New Window

I am having authentication issues when attempting to scan web applications behind a reverse web proxy. I can get to the site just fine on the system that runs that scanner but when I attempt to build my scan it times out and I never get prompted to choose my certificate (I am using CAC authentication).

What I would like to try is to load my certificate on the local machine. When I go to the default settings in WI I can see there is a selection for local machine and within that are two selections: "MY" and "ROOT" I can see there is a certificate for root but there is nothing for "MY"

How can I load my authentication certificate for there? I believe my time out issue is occurring because I am reaching across a VPN connection to my scanner and then through the WI program. Could this be the case?

I am open to any other suggestions as well.


Fortify SSC v16 BugTracker JiraOpen in a New Window


We are now setting up Jira plugin in Fortify SSC v16. When we are trying to test connection with JIRA ir shows an error:

Error occured during test: There is a problem during connection with JIRA server: PKIX path building failed: unable to find valid certification path to requested target

Does any of certificates needs to be set in Jira or it should be configurated?


Thank you,



HP Fortify 6.11 ASP.NET Compiler error "Encountered: Page" on default.aspxOpen in a New Window

I'm geting a warning from HP Fortify on my API page.  This is my whole default.aspx:

<%@ Page Language="C#" %>
<script runat="server">
  protected override void OnLoad(EventArgs e)

and I get the following error in the translate page (this is taken from the logfile):

Building line numbers from source for: C:/git/Esb/Esb.Api/default.aspx
[2016-09-21 16:46:33.219 com.fortify.frontend.translator.dotnet.vb.VBParser.parse() Thread-15 Master FINE]
Starting to parse: C:\git\Esb\Esb.Api\default.aspx
[2016-09-21 16:46:33.219 com.fortify.frontend.translator.dotnet.vb.VBParserTokenManager.TokenLexicalActions() Thread-15 Master WARNING]
Bad character in: %; line: 1; col: 2
[2016-09-21 16:46:33.219 com.fortify.frontend.translator.dotnet.vb.VBParserTokenManager.TokenLexicalActions() Thread-15 Master WARNING]
Bad character in: @; line: 1; col: 3
[2016-09-21 16:46:33.219 com.fortify.frontend.translator.dotnet.DotnetSourceParser.reportParseError() Thread-15 Master WARNING 10000]
Parse error in file C:\git\Esb\Esb.Api\default.aspx at 1:5. Encountered: "Page".

I don't know why its invoking a VB parser, or why Page would be an invalid entry


Getting authentication failure after java version updateOpen in a New Window


Recently we have updated java version in our Fortify box. After update, we are unable to login into Fortify enterprise web client. We are using AD to login into Fortify. I restarted Tomcat. but no luck. let me know how to resolve.








How to exclude in Fortify scan for SQL Injection in MyBatis Mapper filesOpen in a New Window


I am using My-batis generated fild in my project. I am getting "SQL Injection: MyBatis Mapper" errors, when i run Fortify on it.

To resolve this issue i modified the "$" to "#" in my mappers, which is not supported by My-Batis.

Could someone help me to resolve this issue, on how to exclude this SQL Injection issue in Fortify scan?

  Also please let me know why Fortify is not supporting My-Batis generated files


Problems with initial seeding for SSC mysql databaseOpen in a New Window


I am trying to install and configure SSC 16.10 with Mysql.  During the process seeding I get the following error reported in the log:

Caused by: org.springframework.dao.DataIntegrityViolationException: could not perform addBatch;

SQL [insert into catpacklookup (fromExtension, orderingInfo, catPackExternalCategory_id, mappedCategory) values (?, ?, ?, ?)]; constraint [null];

nested exception is org.hibernate.exception.ConstraintViolationException: could not perform addBatch

        at org.springframework.orm.hibernate4.SessionFactoryUtils.convertHibernateAccessException( ~[spring-orm-4.2.1.RELEASE.jar:4.2.1.RELEASE]


We've dropped and recreated the DB multiple times trying to resolve this issue.  Any pointers as to what might be causing this installation issue?





Fortify - Path Manipulation issues in JavaOpen in a New Window

I am getting Path Manipulation issues on the following statements of my Java code when I run Fortify tool on my web-application.  Below are the different sample statements where it throws HIGH priority security vulnerabilities. Please note that the filePath that is being passed is an absolute path but not relative. We have a requirement to read files that are placed in a system directory, hence I have depend on file system package. 

Please suggest me the resolution to avoid security issues on below statements.

File file = new File(filePath)
FileReader fileReader = new FileReader(filePath);
FileInputSteam inputStream = new FileInputSteam(new File(filePath));
String userHome = System.getProperty("user.home");
Path path = Paths.get(filePath);


Cross-Frame Scripting ( 11293 ) ErrorOpen in a New Window

Facing cross frame scripting issue on site.

Tried changing web.config with below code but after rescan cross scripting error did not go.

Tried other two options like 1) adding X-frame-options in IIS for response header, 2) installed nuget package nwebsec however the rescan returned same error.

              <add name="X-Frame-Options" value="DENY " />


Can any one help on this


Cross frame scripting - ASP.Net applicationOpen in a New Window

We are facing cross-frame scripting issue in our newly developed application using 4.5. We have tried the below list of fixes but the scanner tool is still giving us the same error,

1. x-frame deny option.

2. Machine key addition in the config file.

3. x-frame deny using nuget package

But none of the fixes working and we still getting the issue. Can you someone suggest some thoughts





Fortify exclude option not working for my projectOpen in a New Window

I have a visual studio c/c++ project having folder structure as below



"client" is the root foler which has ABCClient & lib folder inside "client" folder.

"ABCClient "project is refering some of the source file from "lib" folder also.

I want to completly exclude issues reported in fortify scan from "lib" folder. I tried exclude options but still its reporting issues from "lib" folder.

I have used below commands.

sourceanalyzer -b "test5" -exclude "**\lib\*" -quick -Xmx4G -Xss8M -debug -logfile scan.log -scan -f ABCClient8.fpr

sourceanalyzer -b "test5" -exclude "client\lib\*" -quick -Xmx4G -Xss8M -debug -logfile scan.log -scan -f ABCClient8.fpr

I have tried both wildcard chars as well as absolute path of exclude file but it didn't worked.


Please someone help


How to setup Continuous Integration gated check-in with Fortify SCA Visual Studio OnlineOpen in a New Window


We are trying to integrate Fortify SCA into our DevOps platform VSO, we are able to run the SCA from command line and generate FPR files.

However we want to fail the build step if there are any Mandatory Issues reported by SCA, we didnt find an easy way to do this.

Do you have any recommendations on how to integrate with continuous integration gated check-in

We are using Microsoft .NET as our development platform

Thanks in advance


HP Fortify SCA - erroneous Insecure RandomnessOpen in a New Window

HP Fortify SCA flags math.Random in JQuery (js/jquery-1.7.1.min.js) as High Vulnerability Insecure Randomness. JQuery and GitHub forum moderators disagree (links below). The Fortify explanation is to use window.crypto.random, which I have done (see screenshot) but SCA does not accept this. Any suggestions?

Thank you,

Github disagrees     


JQuery disagrees


Fortify issues with -python-pathOpen in a New Window

I am trying to scan a python project with HP-Fortify.

EVERYTIME I run it, I get the following error: 

   [warning]: The Python frontend was unable to resolve the following import:

I am setting -python-path "C:\Python\27\" 

I have also set -python-path "C:\Python27\Tools\Scripts\"



Fortify Command Line InterfaceOpen in a New Window


I have created command line interface for Fortify scan.

Somehow , but my results very different from scan, that I am running from Visual Studion 2015

Here my script example. I am trying to scan Projects of the solution, but not Solution in .NET



Fortify SCA v4.40 not support XCODE version 7.1 ?Open in a New Window


I'm install HPE Fortify SCA v4.40 for MacOS. But Fortify SCA v4.40 show error.

"Detect Xcode version: 7.1"

"Supported Version: FALSE"

"Unsupported version detected"

Fortify SCA v4.40 not support XCODE version 7.1 ?. How do I do?


Thank you. :)


Fortify 4.2: Translator execution failed. Status 139Open in a New Window

When running the following command: sourceanalyzer -debug -b $build_id touchless make

I'm getting this error: 

Compiling C++ myFile.C

[ERROR]: Translator execution failed. Please consult the Troubleshooting section of the User Manual.

Translator returned status 139:

“/usr/include/c++/4.3/atomicity.h”, line 51: warning identifier

                “__sync_fetch_and_add” is undefined

    { return __sync_fetch_and_add(__mem, __val); }

“/usr/include/c++/4.3/atomicity.h”, line 55: warning identifier

                “__sync_fetch_and_add” is undefined

    {  __sync_fetch_and_add(__mem, __val); }

“/usr/include/c++/4.3/new”, line 95: warning: first parameter of allocation

                                Function must be of type “size_t”

                Void* operator new(std::size_t) throw (std::bad_alloc);

“/usr/include/c++/4.3/new”, line 96: warning: first parameter of allocation

                                Function must be of type “size_t”

                Void* operator new[](std::size_t) throw (std::bad_alloc);

“/usr/include/c++/4.3/new”, line 99: warning: first parameter of allocation

                                Function must be of type “size_t”

                Void* operator new(std::size_t, const std::nothrow_t&) throw ();

“/usr/include/c++/4.3/new”, line 100: warning: first parameter of allocation

                                Function must be of type “size_t”

                Void* operator new[](std::size_t, const std::nothrow_t&) throw ();

“/usr/include/c++/4.3/new”, line 105: warning: first parameter of allocation

                                Function must be of type “size_t”

                Inline void* operator new(std::size_t, void* __p) throw (){ return __p; }

“/usr/include/c++/4.3/new”, line 105: warning: first parameter of allocation

                                Function must be of type “size_t”

                Inline void* operator new[](std::size_t, void* __p) throw (){ return __p; }

“/opt/ilog51/views51/include/ilog/list.h”, line 77: warning: first parameter of allocation function must be of type “size_t”


“/opt/ilog51/views51/include/ilog/list.h”, line 110: warning:  no appropriate operator delete is visible

{ e(); delete_first; _first; _first = _last 0; _length = 0; }


Furthermore, when uploading the FPR file to SSC, under Artifacts the status is: Error Processing.  And when auditing issues, the ssc is unable to locate source files. 

Any ideas about this issues ?

Sign In

Forgot your password?

Haven't registered yet?

Vivit Blog