about "The insides of CATScan"

Oct 26, 2009 at 12:20 PM

The insides of CATScan

How does CATScan work?

In three steps,

  1. Each build calls CAT.NET tool as an MsBuild task.
  2. CAT.NET scans all the binaries built by Team Build to produce a security code review report in xml and html format.
  3. Custom console application uses WSS List web service to upload the security code review scan report file(s) to the Team portal belonging to the Team Project.


What modifications are required on Team Build?

Visual Studio Team Build targets file Microsoft.TeamFoundation.Build.targets is called whenever a build is executed in Team Build.

  • This file is injected with the CAT.NET task information for calling like this

_<!-- Cat.Net declarations--->
<UsingTask TaskName="CatNetScan" AssemblyFile="$(ProgramFiles)\Microsoft\Cat.Net\TeamBuildCATNET.dll"/>_ the library does not exist in the installation

I installed the latest version on 32 bits

 

Coordinator
Apr 10, 2010 at 1:57 PM

Firstly, let me apologise. I had been involved with some project due to which I could not get back to my normal life.

Now to your question if you are still hoping for an answer - The TeamBuildCATNET.dll was actually part of the install. I did not write that assembly but it would not be that difficult to do. You would have to write an MS task to wrap the CAT.Net functionality as required. Have a look here http://msdn.microsoft.com/en-us/library/t9883dzc.aspx if you have never written a custom task.

I will dig out the original VPC that should still have the source code for this release. I will confirm what I said above and post the assembly if required. If MS have removed the assembly from recent releases of CAT.Net then they probably have plans to release the project in some way down the line. Let me see what I can do.

 

Coordinator
Apr 10, 2010 at 4:10 PM

Yes, as suspected MS excluded the TeamBuildCatNet.dll from the release version. My project was based on CTP and I had those doubts at the back of my mind about MS changing things in the release version.

I have the CTP install and the TeamBuildCATNet.dll, but I reckon I could get in trouble if I now posted it here. Like I said above you could write a custom task to wrap the CatNetCMD functions in a similar assembly or even call CATNetCmd directly if you wish. Let me know if anyone needs help in changing these scripts to work with Catnetcmd.exe

Good luck,

Apr 12, 2010 at 9:03 AM
<object id="tts_flash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="18" height="18" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"> <param name="_cx" value="476" /> <param name="_cy" value="476" /> <param name="FlashVars" /> <param name="Movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="Src" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="WMode" value="Transparent" /> <param name="Play" value="0" /> <param name="Loop" value="-1" /> <param name="Quality" value="High" /> <param name="SAlign" /> <param name="Menu" value="-1" /> <param name="Base" /> <param name="AllowScriptAccess" value="always" /> <param name="Scale" value="ShowAll" /> <param name="DeviceFont" value="0" /> <param name="EmbedMovie" value="0" /> <param name="BGColor" /> <param name="SWRemote" /> <param name="MovieData" /> <param name="SeamlessTabbing" value="1" /> <param name="Profile" value="0" /> <param name="ProfileAddress" /> <param name="ProfilePort" value="0" /> <param name="AllowNetworking" value="all" /> <param name="AllowFullScreen" value="false" /> </object>
hello again, I will add in my Team Build Cat.NET rules and I relied on the example of the URL

URL http://catscan.codeplex.com/wikipage?title=Project%20details&ProjectName=catscan

if you do not have the library as is this example, what are the changes from the example that is posted.
A greeting.

Coordinator
Apr 13, 2010 at 5:47 AM
MERCHE wrote:
<object id="tts_flash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="18" height="18" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"> <param name="_cx" value="476" /> <param name="_cy" value="476" /> <param name="FlashVars" /> <param name="Movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="Src" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="WMode" value="Transparent" /> <param name="Play" value="0" /> <param name="Loop" value="-1" /> <param name="Quality" value="High" /> <param name="SAlign" /> <param name="Menu" value="-1" /> <param name="Base" /> <param name="AllowScriptAccess" value="always" /> <param name="Scale" value="ShowAll" /> <param name="DeviceFont" value="0" /> <param name="EmbedMovie" value="0" /> <param name="BGColor" /> <param name="SWRemote" /> <param name="MovieData" /> <param name="SeamlessTabbing" value="1" /> <param name="Profile" value="0" /> <param name="ProfileAddress" /> <param name="ProfilePort" value="0" /> <param name="AllowNetworking" value="all" /> <param name="AllowFullScreen" value="false" /> </object>
hello again, I will add in my Team Build Cat.NET rules and I relied on the example of the URL

URL http://catscan.codeplex.com/wikipage?title=Project%20details&ProjectName=catscan

if you do not have the library as is this example, what are the changes from the example that is posted.
A greeting.

 If you follow this post by Aaron Hallberg from Microsoft: http://blogs.msdn.com/aaronhallberg/archive/2007/07/12/team-build-devenv-task.aspx you will be able to quickly write your own version of TeamBuildCATNet.dll which you can plug-in the above script. If you name it TeamBuildCATNet.dll and place it in the c:\Program Files\Microsoft\Cat.Net folder then you won't need to make any changes to the script.

If not I will try to get something posted here in a couple of days.