Is CheckMarx scan by .net solution possible?

691 views Asked by At

We are using CheckMarx's CxSDKWebService to scan .net code by giving it a TFS folder path. This works in most cases since we've one TFS folder per solution.

We do have couple of scenarios where files of multiple solutions exist under one folder and CheckMarx has a hard time keeping scan results pertaining to specific solution. It would lump all files under on CheckMarx project and all other projects have almost no LOC. Understandably so because its entry point is folder and not .net solution.

Is there a way to do a scan based on a solution such that scanner will ignore all files in the folder that are not part of solution currently being analyzed?

  1. File and folder exclusion is not only unmanageable but the dev team constantly keeps adding files to specific solutions under that folder. Managing exclusion list is a nightmare.
  2. Reorganizing TFS structure to have 1:1 ration for solution:folder is not possible, either.

Additional Info

We're initiating a scan using CheckMarx API ScanWithOriginName(). Essentially, our question is about having this API call work on a .net solution such that the scan will ignore all files NOT belonging to given .net solution.

0

There are 0 answers