Build Integration

You can translate entire projects in a single operation. Prefix your original build operation with the sourceanalyzer command followed by the Fortify Static Code Analyzer options.

The basic command-line syntax to translate a complete project is:

sourceanalyzer -b <build_id> [<sca_options>] <build_tool> [<build_tool_options>]

where <build_tool> is the name of your build tool, such as make, gmake, msbuild, devenv, or xcodebuild. See the Micro Focus Fortify Software System Requirements document for a list of supported build tools. Fortify Static Code Analyzer executes your build tool and intercepts all compiler operations to collect the specific command line used for each input.

Note: Fortify Static Code Analyzer only processes the compiler commands that the build tool executes. If you do not clean your project before you execute the build, then Fortify Static Code Analyzer only processes those files that the build tool re-compiles.

For information about integrating with Xcodebuild, see iOS Code Analysis Command-Line Syntax. For information about integration with MSBuild, see Translating Visual Studio and MSBuild Projects.

Successful build integration Ability to translate your codebase as part of your build process. requires that the build tool:

Executes a Fortify Static Code Analyzer-supported compiler
Executes the compiler on the operating system path search, not with a hardcoded path (This requirement does not apply to xcodebuild integration.)
Executes the compiler, rather than executing a sub-process that then executes the compiler

If you cannot meet these requirements in your environment, see Modifying a Build Script to Invoke Fortify Static Code Analyzer.

Make Example

If you build your project with the following build commands:

make clean
make
make install

then you can simultaneously translate and compile the entire project with the following example commands:

make clean
sourceanalyzer -b MyProject make
make install