C and C++ command-line syntax

Command-line options passed to the compiler affect preprocessor execution and can enable or disable language features and extensions. For OpenText SAST to interpret your source code in the same way as the compiler, the translation phase for C/C++ source code requires the complete compiler command line. Prefix your original compiler command with the sourceanalyzer command and options.

The basic command-line syntax for translating a single file is:

sourceanalyzer -b <build_id> [<sca_options>] <compiler> [<compiler_options>] <file>.c

where:

  • <sca_options> are options passed to OpenText SAST.
  • <compiler> is the name of the C/C++ compiler you use, such as gcc, g++, or cl. See Supported languagesthe OpenTextâ„¢ Application Security Software System Requirements document for a list of supported C/C++ compilers.
  • <compiler_options> are options passed to the C/C++ compiler.
  • <file>.c must be in ASCII or UTF-8 encoding.

All OpenText SAST options must precede the compiler options.

The compiler command must successfully complete when executed on its own. If the compiler command fails, then the OpenText SAST command prefixed to the compiler command also fails.

For example, if you compile a file with the following command:

gcc -I. -o hello.o -c helloworld.c

then you can translate this file with the following command:

sourceanalyzer -b MyProject gcc -I. -o hello.o -c helloworld.c

OpenText SAST executes the original compiler command as part of the translation phase. In the previous example, the command produces both the translated source suitable for scanning, and the object file hello.o from the gcc execution. You can use the OpenText SAST-nc option to disable the compiler execution.