[New for Release 1.3.0.0]

The CAT.NET activity can be used to run the CATNetCmd.exe tool to check for security issues in an assembly. For more details on this tool see the MSDN Security Tools blog. In this example we aim to show the basic steps that are required to get the activity integrated into a build.

Before you can make use of any of the TFS 2010 community build activities you have to make sure they are available for the build system and on your development PC. Instructions for this process can be found in the ALM Rangers build guide or in the StyleCop page of this wiki. This page assumes the CatNetScan activity is available in the developers build process workflow toolbox.

Installing Cat.NET

The 2.0 CTP of Cat.NET can be downloaded from Microsoft Connect

• 32 bit
• 64 bit

One of these versions needs to be installed on the build agent PC, it should not matter which.

Add the activity to the workflow

The CatNetScan activity should added to the workflow. As the tool works with compiled assemblies it is probably best to place it just after the build workflows Compile and Tests block.

Setting the Properties

The following properties need to be set (as a minimum)

The other properties of the activity match the command line arguments of the Cat.NET tools. For more details run CatNETCMD.EXE /?

Running the Build

When the build is run, and if a CAT.NET violation is found, such as a SQL Injection or XSS issue, then the build will fail and the number of issues will be listed in the build report summary. The details of the issues will be found in the XML report file in the drops location (if using the setting above)