Translating COBOL Code

In the previous release, Fortify Static Code Analyzer introduced updated COBOL code translation, which is now the default translation method. The previous translation method, referred to now as legacy COBOL translation is still available for use with a command-line option. Use the legacy COBOL translation method if either of the following is true:

You run Fortify Static Code Analyzer on a non-Windows operating system
Your COBOL dialect is unsupported.

The following sections describe the default COBOL code translation. Information that pertains only to the legacy COBOL translation is indicated as such.

For a list of supported technologies for translating COBOL code, see the Micro Focus Fortify Software System Requirements document. Fortify Static Code Analyzer does not currently support custom rules Rules that extend the functionality of Fortify Static Code Analyzer and the Secure Coding Rulepacks. Custom rules enable you to enforce proprietary security guidelines or analyze a project that uses third-party libraries or other pre-compiled binaries that are not already covered by the Secure Coding Rulepacks. for COBOL applications.

Note: To scan COBOL with Fortify Static Code Analyzer, you must have a Fortify Static Code Analyzer license file that specifically includes COBOL scanning capabilities. Contact Micro Focus Fortify Customer Support for more information about scanning COBOL and the required license file.

This section contains the following topics: