Visual Studio Project command-line syntax

The basic syntax to translate a Visual Studio solution or project is to specify the corresponding build option for your project as part of the OpenText SAST translation command. This starts a build integration that analyzes your solution and project files and automatically executes the appropriate translation steps.

To ensure that the build integration correctly pulls in all of the appropriate project dependencies and resources, you must run the OpenText SAST command from a command prompt with access to your build environment configuration. OpenText strongly recommends you run this command from the Developer Command Prompt for Visual Studio to ensure an optimal environment for the translation.

In the following examples, OpenText SAST translates all the projects contained in the Visual Studio solution Sample.sln. You can also translate one or more specific projects by providing a semicolon-separated list of projects.

By default, test projects are excluded from the translation. Projects in your solution that reference NUnit, xunit, or MSTest are considered a test project. To include test projects in the translation, add the MSBuild option /p:ScaForceTranslateTestProjects=True to your sourceanalyzer command.

  • For a .NET 6.0 or later solution on Windows or Linux, use the following commands to translate the solution:

    1. Optionally, run the following command to remove any intermediate files from previous project builds:

      dotnet clean Sample.sln

    2. Optionally, run the following command to ensure that all required reference libraries are downloaded and installed in the project. Run this command from the top-level folder of the project:

      dotnet restore Sample.sln

    3. Run one of the following OpenText SAST commands depending on how your project build is implemented. You can include any additional build parameters in this command:

      sourceanalyzer –b MyProject dotnet msbuild Sample.sln

      or

      sourceanalyzer –b MyProject dotnet build Sample.sln

  • For a C, C++, and .NET Framework solution (4.8.x or earlier) on Windows, use the following command to translate the solution:

    sourceanalyzer –b MyProject msbuild /t:rebuild [<msbuild_options>] Sample.sln

    If you run OpenText SAST from a Windows Command Prompt instead of the Visual Studio Developer Command Prompt, you must set up the environment and make sure the path to the MSBuild executable required to build your project is included in the PATH environment variable.

After the translation is complete, perform the analysis phase and save the results in an FPR file as shown in the following example:

sourceanalyzer –b MyProject -scan -f MyResults.fpr