Scanning Basics

The following is the fundamental sequence of commands to translate and analyze code:

1. Remove all existing OpenText SAST temporary files for the specified build ID.

   sourceanalyzer -b MyProject -clean
   

   Always begin an analysis with this step to analyze a project with a previously used build ID.

2. Translate the project code. Where available, we recommend using build integration to automate picking up your source files and configuring the translation settings correctly.
   Build integration typically takes the form:

   sourceanalyzer -b MyProject ... <build_command>
   

   Or manually:

   sourceanalyzer -b MyProject <files_to_analyze> <options_specific_to_language>
   

   For more details about translation, check under the section of the programming language you are trying to analyze.

3. Analyze the project code and save the results in a Fortify Project Results(FPR) file.

   sourceanalyzer -b MyProject -scan -f MyResults.fpr

   For more information, see Analysis Phase.

   This can also be simplified or even performed remotely via OpenText™ ScanCentral SAST. For more information, see the OpenText™ ScanCentral SAST Installation, Configuration, and Usage Guide.