Java translation command-line syntax

To translate Java code, all types defined in a library that are referenced in the code must have a corresponding definition in the source code, a class file, or a JAR file. Include all source files on the OpenText SAST command line.

If your project contains Java code that refers to Kotlin code, make sure that the Java and Kotlin code are translated in the same OpenText SAST instance so that the Java references to Kotlin elements are resolved correctly. Kotlin to Java interoperability does not support Kotlin files provided by the –sourcepath option. For more information about the –sourcepath option, see Java Command-Line Options.

The basic command-line syntax to translate Java code is shown in the following example:

sourceanalyzer -b <build_id> -cp <classpath><files>

With Java code, OpenText SAST can either:

  • Emulate the compiler, which might be convenient for build integration
  • Accept source files directly, which is convenient for command-line scans

For information about how to integrate OpenText SAST with Ant, see Integrating with Ant.

To have OpenText SAST emulate the compiler, type:

sourceanalyzer -b <build_id> javac [<translation_options>]

To pass files directly to OpenText SAST, type:

sourceanalyzer -b <build_id> -cp <classpath> [<translation_options>] 
<files> | <file_specifiers>

where:

  • <translation_options> are options passed to the compiler.

  • -cp <classpath> specifies the class path to use for the Java source code.

    Include all JAR dependencies normally used to build the project. Separate multiple paths with semicolons (Windows) or colons (non-Windows).

    Similar to javac, OpenText SAST loads classes in the order they appear in the class path. If there are multiple classes with the same name in the list, OpenText SAST uses the first loaded class. In the following example, if both A.jar and B.jar include a class called MyData.class, OpenText SAST uses the MyData.class from A.jar.

    sourceanalyzer -cp A.jar:B.jar myfile.java

    OpenText strongly recommends that you avoid using duplicate classes with the -cp option.

    OpenText SAST loads JAR files in the following order:

    1. From the -cp option
    2. From jre/lib
    3. From <sast_install_dir>/Core/default_jars

    This enables you to override a library class by including the similarly-named class in a JAR specified with the -cp option.

For descriptions of all the available Java-specific command-line options, see "Java/J2EE Command-Line Options".