Visual Studio Project Command-Line Syntax

The basic syntax to translate a Visual Studio solution or project is to specify the corresponding build option for your project as part of the Fortify Static Code Analyzer translation command. This invokes a build integration that analyzes your solution and project files and automatically executes the appropriate translation steps.

Important! To ensure that the build integration correctly pulls in all of the appropriate project dependencies and resources, you must run the Fortify Static Code Analyzer command from a command prompt with access to your build environment configuration. Fortify strongly recommends you run this command from the Developer Command Prompt for Visual Studio to ensure an optimal environment for the translation.

In the following examples, Fortify Static Code Analyzer translates all the projects contained in the Visual Studio solution Sample.sln. You can also translate one or more specific projects by providing a semicolon-separated list of projects.

For a .NET 6.0 or later solution on Windows or Linux, use the following commands to translate the solution:
1. Optionally, run the following command to remove any intermediate files from previous project builds:
```
dotnet clean Sample.sln
```
2. Optionally, run the following command to ensure that all required reference libraries are downloaded and installed in the project. Run this command from the top-level folder of the project:
```
dotnet restore Sample.sln
```
3. Run one of the following Fortify Static Code Analyzer commands depending on how your project build is implemented. You can include any additional build parameters in this command:
```
sourceanalyzer –b MyProject dotnet msbuild Sample.sln
```
  or
```
sourceanalyzer –b MyProject dotnet build Sample.sln
```

For a C, C++, and .NET Framework solution (4.8.x or earlier) on Windows, use the following command to translate the solution:
```
sourceanalyzer –b MyProject msbuild /t:rebuild Sample.sln
```
Note: If you run Fortify Static Code Analyzer from a Windows Command Prompt instead of the Visual Studio Developer Command Prompt, you must set up the environment and make sure the path to the MSBuild executable required to build your project is included in the PATH environment variable.

After the translation is complete, you can perform the analysis phase and save the results in an FPR file as shown in the following example:

sourceanalyzer –b MyProject -scan -f MyResults.fpr