I am using VeraCode for the first time. I have ASP.NET MVC application .NET 4.7.2. To analyze ASP.NET applications, Veracode requires you to supply all the forms the application uses and all the dependencies in the compiled form, which are the DLL, EXE, and PDB files.
I used VeraCode's Veracode Static for Visual Studio extension to build application using VeraCode settings. I could upload application for scanning directly using Veracode Extension menu. However this extension uploads one file at a time and extension is very buggy. Every now and then upload just stops in the middle and I have to start all over again.
What's the best way to package DLL,PDB, JS files. By default The compiled assets are deployed in \PrecompiledWeb folder
1> Can I zip of the entire folder \PrecompiledWeb and upload for scanning? This folder will have other assets as well, like .json, web.config files.
2> Or Do I manually need to create zip of (DLL & PDB) and another zip of only JS files
3> Do I also need to include .compiled files?
Yes you can zip the file. It uploads faster. Its okay to have other
assets there, If Veracode supports it, it will scan it.
No, One zip is fine for all files.
No. '.compiled' is not mentioned on there help page. This says:
Applications must be packaged as EXE, DLL, NUPKG, or ZIP files. Veracode requires debug symbols (PDB files) to be included with the application to accurately report the filenames and line numbers for findings.
And for JS files. See this.
I have done a scan with exe, dll, pdb, js, css, html all in one zip. It works.
Related
I have moved binary files into the project under the bin folder to avoid publishing the same binary files twice since one of the binaries is huge; i.e. 15MB.
This was originally in a separate Includes folder. So the files were being copied twice to the publish folder.
Is the bin folder the correct placement for these or are there other steps I should take?
Edit:
Sorry if I gave a poor explanation (and original title). I've changed the title; this was "Where should static libraries (3rd party DLLs) be kept in Visual Studio?", and is now, "How can I avoid publishing the library folder in a Web Publish?"
As mentioned, I originally had a separate folder named Includes. When I did a Web Publish, each of the DLLs are published twice; one into the bin folder, the other into the Includes folder. In this case, I am publishing at least an extra 15MB of unnecessary file space. Normally, not a big deal but if I am on a very slow connection, I'll need to wait longer to deploy the project to its environment.
I moved the DLLs back into a separate folder but the folder is still published along with the bin output folder. I did this to see if the placement of these files would set their properties differently.
I have tried various settings for Build Action and other property settings for these libraries without success.
Is there no way around publishing the DLLs twice?
If these files are part of the overall source of the system (not necessarily as source code, but as source-control-tracked artifacts nonetheless), then you probably don't want to keep them in the output folder for the build. The output folder should be transient and shouldn't be tracked in source control.
Keep 3rd party libraries in a library folder. The folder structure in source control might look something like this:
/
--/lib
--/Project1
----/SomeSubFolder
--/Project2
----/Images
----/Styles
and so on.
Each Project would have its own bin folder when it gets compiled, which itself may contain other folders for types of compilation (Release, Debug, etc.). But you don't want those build artifacts tracked in source control or in any way interfering with what's in source control.
The projects would reference their library dependencies, and at build time those dependencies would be copied to the output folder to be used by the application runtime.
I've an HTML5 application packaged into OpenFin environment. The complete package is inside an .Exe executable that we wish to ship to end users.
We tried to create a link to the executable that could be downloaded from a web link - but seems most of the company' security permissions environments/firewalls block .Exe file downloads.
Our requirement is to ship the .EXE file (we do not have certain files - so may not be able to effectively create a clickonce deployment package)
Is there a better way, even using ClickOnce to ship the .Exe via web url?
You can wrap exe into a zip and can ship..
What I want to do is to programmatically update resources of an executable file.
I have a binary resource (.res) file containg bitmaps, icons, version info and a manifest, created with a resource editor, and a PE file compiled with AutoHotkey to which I want to copy the resources from the .res file.
Until now I used to do this with ResourceHacker in command prompt, but ResourceHacker can't be redistributed and besides I want to do this more elegantly.
So I was looking in the WinAPI functions and there seems to be a way to do this: http://msdn.microsoft.com/en-us/library/windows/desktop/ms648008%28v=vs.85%29.aspx
But the problem is that the article describes how to copy resources from an executable file to another, and you can't import non-executable files (the .res file) with LoadLibrary/LoadLibraryEx.
There also seems to be a way to do this with tools from Visual Studio, particularly LINK.exe. But I'm not sure if it can be used outside of the VS enviroment. I have no idea how it works.
You can programmatically update resources with the UpdateResource function
RES files are not involved. RES files are used by the project makefile system to enable minimal rebuild of resources... they don't have to be recompiled every time the application is relinked, just embedded. But you aren't relinking the application and losing the existing resources, so updating just the resources you want to change is the way to go.
If your source assets are already encoded in RES files, then this page describing "Resource File Formats" can help you extract them. It also describes use of LINK.exe for resource embedding. LINK.exe is installed as part of Visual Studio, but it is also available in many versions of the Platform SDK and Windows DDK.
I have an app that I am moving to another server. It is complaining that it is missing TABCTL32.OCX. I have located this file on another server and I want to copy and paste it across.
I have discovered that there is also a file called TABCTL32.DEP on the server I am moving from. Do I have to copy both files across or is the dependency file optional?
I have tried it with an without the DEP. The app works in both cases. It is a production server so I want to be sure.
Those .DEP (depdendency) files are instructions about a library meant to be used by packaging tools. These files have no run-time significance, containing only development metadata. They are text files.
They contain the preferred ("designed") location to install the library, sub-dependencies of the library including optional localization "satellite" resource DLLs, version information, etc.
See articles such as INFO: How Setup Wizard and PDW Use Dependency Files.
This is information a packager should use along with other "rules databases" such as VB6DEP.ini. Programmers are also supposed to create them if they expect other developers to use their libraries.
If you are using an "impaired" 3rd party packaging technology that is ignorant of .DEP files it is up to you to read them and incorporate the information they contain in your build process. You are also responsible as a developer to keep your dev machine's .DEP files and VB6DEP.ini file up to date, since they often are not updated by Microsoft anymore.
You can't just copy files willy-nilly from one machine to another. Go find this program's installer and run it on the new machine.
A .dep file is a file used by the Visual Basic Setup Wizard to determine what dependencies your ocx file have. You can open the file with Windows Notepad to view the contents.
Unless you are using the Visual Basic Package and Deploy Wizard, you can ignore this file.
For more info, see INFO: How Setup Wizard and PDW Use Dependency Files
I have a dependency folder that I use for dll's in my web application. Some are referenced in the web application, others aren't. However for the application to run I need to have all the dll's in the bin directory of the web application. But I dont want to reference them in the web app. Is there a work around for this? I was considering the post build event to copy in the dll's required from dependencies to bin directory.
If the assemblies are implicitly referenced (required by assemblies you have referenced) they should be automatically copied to the output path. If there are assemblies which you are dynamically loading with reflection like form example some plugins you will need to copy them manually to the bin folder. A post-buid event seems like a good approach.
You can use PostBuild event as you mentioned or edit the project file to include MSBuild Copy Task.
Check: http://msdn.microsoft.com/en-us/library/3e54c37h.aspx