Analyzing SQL

On Windows (and Linux for .NET projects only), OpenText SAST assumes that files with the .sql extension are T-SQL rather than PL/SQL. If you have PL/SQL files with the .sql extension on Windows, you must configure OpenText SAST to treat them as PL/SQL.

The basic syntax to translate and scan PL/SQL is:

sourceanalyzer -b <build_id> -sql-language PL/SQL <files>
sourceanalyzer -b <build_id> -sql-language PL/SQL -scan -f <results>.fpr

Alternatively, you can change the default behavior for files with the .sql extension. In the fortify-sca.properties file, set the com.fortify.sca.fileextensions.sql property to PLSQL.

The basic syntax to translate and scan T-SQL is:

sourceanalyzer -b <build_id> -sql-language TSQL <files>
sourceanalyzer -b <build_id> -scan -f <results>.fpr

SQL Properties