Translation phase

To successfully translate a project that is normally compiled, make sure that you have any dependencies required to build the project available. For languages that have any specific requirements, see the sections for the specific source code type.

The basic command-line syntax to perform the first step of the analysis process, file translation, is:

sourceanalyzer -b <build_id> ... <files>

or

sourceanalyzer -b <build_id> ... <compiler_command>

The translation phase consists of one or more invocations of OpenText SAST using the sourceanalyzer command. OpenText SAST uses a build ID (-b option) to tie the invocations together. Subsequent invocations of sourceanalyzer add any newly specified source or configuration files to the file list associated with the build ID.

After translation, you can use the -show-build-warnings directive to list any warnings and errors that occurred in the translation phase:

sourceanalyzer -b <build_id> -show-build-warnings

To view the files associated with a build ID, use the -show-files directive:

sourceanalyzer -b <build_id> -show-files

Special considerations for the translation phase

Consider the following special considerations before you perform the translation phase on your project:

  • When you translate dynamic languages (JavaScript/TypeScript, PHP, Python, and Ruby), you must specify all source files together in one invocation. OpenText SAST does not support adding new files to the file list associated with the build ID on subsequent invocations.

  • Generated code is automatically generated by a script or a tool such as a parsing tool. This code can be optimized, minimized, or large and complex. Therefore, OpenText recommends that you exclude it from translation because it would be challenging to fix any vulnerabilities OpenText SAST might report in this code. Use the -exclude command-line option to exclude this type of code from translation.

  • To translate the project on a build machine, and then run the scan on a better performance system, see Using mobile build sessions.