Fortify Discussions
cancel

Touchless MSBuild ends in "VersionDependantCodeManager not initialized" Error

SOLVED
Go to solution
Mark_Egloff Valued Contributor.
Valued Contributor.

Touchless MSBuild ends in "VersionDependantCodeManager not initialized" Error

Dear all I tried to run outside of MS Visual 2017 the sourcecodeanalyzer by using the "Touchless MSBuild Integration". However if I do so I get the follwoing error

VersionDependantCodeManager not initialized

 I have no clue what can be done. The source code analyzer inside the Visual Studio 2017 works fine. Also the MSBuild works fine for my project. 

Any hints?

I am using

- Fortify SCA v17.20
- Windows 10
- MS Visual Studio 2017 Community

Execution call on command line

call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\Tools\VsDevCmd.bat"
sourceanalyzer -b ConsoleApplication1 -clean
sourceanalyzer -b ConsoleApplication1 msbuild ConsoleApplication1.vcxproj

Error Output

MSBUILD : error MSB4017: The build stopped unexpectedly because of an unexpected logger failure.
Microsoft.Build.Exceptions.InternalLoggerException: The build stopped unexpectedly because of an unexpected logger failure. ---> System.Exception: VersionDependantCodeManager not initialized
   at FortifyMSBuildCommon.VersionDependantCodeManager.get_Default()
   at FortifyMSBuildCommon.Util.ScanUtil.getScanObject(ScanObjectTypes type, String buildID, String projectName, String customFprFileLocation)
   at FortifyMSBuildCommon.Util.TranslationUtil.getTranslationScanObject(ArrayList args, Project project, String projectName)
   at FortifyMSBuildCommon.Util.TranslationUtil.ScanNonCodeFiles(Project project, ArrayList refObjects)
   at FortifyMSBuildTouchless.BuildLogger.ProjectFinished(Object Sender, ProjectFinishedEventArgs e)
   at Microsoft.Build.Evaluation.ProjectCollection.ReusableLogger.ProjectFinishedHandler(Object sender, ProjectFinishedEventArgs e)
   at Microsoft.Build.Framework.ProjectFinishedEventHandler.Invoke(Object sender, ProjectFinishedEventArgs e)
   at Microsoft.Build.BackEnd.Logging.EventSourceSink.RaiseProjectFinishedEvent(Object sender, ProjectFinishedEventArgs buildEvent)
   --- End of inner exception stack trace ---
   at Microsoft.Build.Exceptions.InternalLoggerException.Throw(Exception innerException, BuildEventArgs e, String messageResourceName, Boolean initializationException, String[] messageArgs)
   at Microsoft.Build.BackEnd.Logging.EventSourceSink.RaiseProjectFinishedEvent(Object sender, ProjectFinishedEventArgs buildEvent)
   at Microsoft.Build.BackEnd.Logging.EventSourceSink.Consume(BuildEventArgs buildEvent)
   at Microsoft.Build.BackEnd.Logging.EventSourceSink.Consume(BuildEventArgs buildEvent, Int32 sinkId)
   at Microsoft.Build.BackEnd.Logging.EventRedirectorToSink.Microsoft.Build.Framework.IEventRedirector.ForwardEvent(BuildEventArgs buildEvent)
   at Microsoft.Build.BackEnd.Logging.CentralForwardingLogger.EventSource_AnyEventRaised(Object sender, BuildEventArgs buildEvent)
   at Microsoft.Build.BackEnd.Logging.EventSourceSink.RaiseAnyEvent(Object sender, BuildEventArgs buildEvent)

1 ACCEPTED SOLUTION

Accepted Solutions
Respected Contributor... carmen.radu@hpe Respected Contributor...
Respected Contributor...
Solution

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

Hi Mark,

Can you use the solution file (.sln) instead of the project file (.vcxproj)?

The Touchless MSBuild integration requires the solution file.

sourceanalyzer -b buildxyz msbuild <solution_file> <msbuild_options>

Regards,

Carmen Radu

9 REPLIES
Respected Contributor... carmen.radu@hpe Respected Contributor...
Respected Contributor...
Solution

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

Hi Mark,

Can you use the solution file (.sln) instead of the project file (.vcxproj)?

The Touchless MSBuild integration requires the solution file.

sourceanalyzer -b buildxyz msbuild <solution_file> <msbuild_options>

Regards,

Carmen Radu

Mark_Egloff Valued Contributor.
Valued Contributor.

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

Thank you Radu this worked, so I changed the command line for execution to:

@echo off
call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\Tools\VsDevCmd.bat"
sourceanalyzer -b ConsoleApplication1 -clean
sourceanalyzer -b ConsoleApplication1 msbuild ConsoleApplication1.sln /t:ReBuild
sourceanalyzer -b ConsoleApplication1 -scan -f result.fpr

Agilan Frequent Contributor.
Frequent Contributor.

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

I am trying to use FortifyMSBuildToculess using the alternative option that was mentioned in the Fortify SCA User Guide 17.20 

Msbuild <solution_file> /logger:"C:\Program Files\HP Fortify\HP_Fortify_SCA_and_Apps_<version>\Core\lib\FortifyMSBuildTouchless.dll"
<msbuild_options>

Currently the CI pipeline is already building the project using MSBuild.exe. I am thinking of just adding the /logger ... in the same step which will reduce the time in using the sourceanalyzer to build/translate the project. But It is throwing error message 

MSBuildPlugin: No Build ID found! Aborting

C:\Windows\Microsoft.NET\Framework64\v4.0.30319>MSBuild "C:\Program Files\HPE_Se
curity\Fortify_SCA_and_Apps_17.10\Samples\advanced\csharp\VS2015\Sample1\Sample1
.sln" /logger:"C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.1
0\Core\lib\FortifyMSBuildTouchless.dll"

Could someone help me to resolve the issue.

 

Highlighted
 Honored Contributor... andersonshatch  Honored Contributor...
 Honored Contributor...

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

You must define the FORTIFY_MSBUILD_BUILDID environment variable with a value to start a translation that way.
Documentation here about the other environment variables which can be used

-Josh
Fortify L3 support engineer

Agilan Frequent Contributor.
Frequent Contributor.

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

Thank you so much. That solved the issue.

Let me explain the steps:

Created an Environment variable FORTIFY_MSBUILD_BUILDID with a sample value and restarted the command prompt which I used for testing. Then it worked.

One more question, My clean/Scan sourceanalyzer command will have a build id depends on the project name. But environment variable will have a different value. How can I sync up these values? Anyway, I can pass the build id as part of MSBuild with logger step command arguments.  

 I used the command argument to update environment variable setx FORTIFY_MSBUILD_BUILDID "<Build ID>" /M before calling Build/translate step. Which resolved the issue as of now.

 Honored Contributor... andersonshatch  Honored Contributor...
 Honored Contributor...

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

The build ID you're using needs to be the same between (clean,) translate and scan. I would not set this environment variable globally on your system, but instead define it in your script or before the first command you are running.

Then you can make use of the same build ID in your sourceanalyzer commands too, e.g.:
sourceanalyzer -b %FORTIFY_MSBUILD_BUILDID% -scan -f ...

-Josh
Fortify L3 support engineer

Agilan Frequent Contributor.
Frequent Contributor.

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

I am triggering the Foritfy SCA from the Jenkins job.

I am calling Clean, Scan with the build id variable from Jenkins variable. I am trying to use Build/translate with the current MSBuild build code step in the Jenkins using the /logger functionality. But I cannot set the build id when calling using MSBuild Exe without using source analyzer. I understand I can use an environment variable, But keep updating the environment variable before the jobs start and when parallel jobs are running, whether the environment variable will be available until the build/translate step is completed.

C:\Windows\Microsoft.NET\Framework64\v4.0.30319>MSBuild "C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Samples\advanced\csharp\VS2015\Sample1\Sample1.sln" /logger:"C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Core\lib\FortifyMSBuildTouchless.dll"

 

With the above command argument, Can I use the build id.

 Honored Contributor... andersonshatch  Honored Contributor...
 Honored Contributor...

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

How about a step that sets FORTIFY_MSBUILD_BUILDID to the value of your Jenkins Build ID variable?

In a batch script, it'd be something like this:
set FORTIFY_MSBUILD_BUILDID=%JENKINS_BUILD_ID%

(substituting whatever variable name on the right hand side that actually holds your Jenkins build name)

-Josh
Fortify L3 support engineer

Agilan Frequent Contributor.
Frequent Contributor.

Re: Touchless MSBuild ends in "VersionDependantCodeManager not initialized

That's what my intention too.  Will see If there is an issue when running multiple jenkins job at the same time utilising this environment variable batch file/command.

Thank you.