Breaking Down Codebases

It is more efficient to break down large projects into independent modules. For example, if you have a portal application that consists of several modules that are independent of each other or have few interactions, you can translate and scan the modules separately. The caveat to this is that you might lose dataflow issue detection if some interactions exist.

For C/C++, you might reduce the scan time by using the –bin option with the –scan option. You need to pass the binary file as the parameter (such as -bin <filename>.exe -scan or -bin <filename>.dll -scan). Fortify Static Code Analyzer finds the related files associated with the binary and scans them. This is useful if you have several binaries in a makefile.

The following table lists some useful Fortify Static Code Analyzer command-line options to break down codebases.

Option Description

-bin <binary>

Specifies a subset of source files to scan. Only the source files that were linked in the named binary at build time are included in the scan. You can use this option multiple times to specify the inclusion of multiple binaries in the scan.

-show-binaries Displays all objects that were created but not used in the production of any other binaries. If fully integrated into the build, it lists all the binaries produced.

When used with the -bin option, displays all files used to create the binary and all files used to create those files in a tree layout. If the -bin option is not present, Fortify Static Code Analyzer displays the tree for each binary.