Use the Fortify SCA with Command Line

Application SecurityStatic Code AnalysisFortify SCA

Build & Translate -> Scan -> Render

C/C++

Note

  • In order not to encounter an “Unable to load build session with id” error, the source code should be brought to a state to be compiled with GCC.
    https://gcc.gnu.org/

Source Code

  • Compile & Translate source code;
1
sourceanalyzer -b <buildId> gcc -I. -o build001.o -c "main.c"
  • Scan Source Code
1
sourceanalyzer -b <buildId> -scan -f output.fpr

Makefile

  • Compile & Translate Makefile;
1
sourceanalyzer -b <buildId> gcc Makefile
  • Scan Source Code
1
sourceanalyzer -b <buildId> -scan -f output.fpr

C#/.Net

Compiler: Devenv

  • Compile & Translate
1
sourceanalyzer -b <build_id> devenv Sample1.sln
  • Scan Source Code
1
sourceanalyzer -b <buildId> -scan -f output.fpr

Compiler: Msbuild

  • Compile & Translate
1
2
sourceanalyzer -b <build_id> msbuild Sample1.sln /rebuild
sourceanalyzer -b <build_id> "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Current\Bin\msbuild" Sample1.sln /rebuild
  • Scan Source Code
1
sourceanalyzer -b <buildId> -scan -f output.fpr

Go

Compile & Translate

1
2
sourceanalyzer -b <build_id> -gopath /Users/sametemiroglu/Desktop/Workspace/Go/exampleproject test.go
sourceanalyzer -b <build_id> -gopath /Users/sametemiroglu/Desktop/Workspace/Go/exampleproject -goroot /Users/sametemiroglu/go/ test.go

Scan Source Code

1
sourceanalyzer -b <buildId> -scan -f output.fpr

Java

Compile & Translate

1
sourceanalyzer -64 -Xmx5G -b <buildId> -verbose -logfile ./translate.log -source 1.8 -cp "lib/**/*.jar:/Users/sametemiroglu/Library/Android/sdk/platforms/android-27/android.jar"  projectDirectory/

Scan Source Code

1
sourceanalyzer -64 -Xmx5G -b <buildId> -scan -f output.fpr

Javascript/Typescript/jQuery/ES6

Compile & Translate

1
sourceanalyzer -b projectDirectory/projectFile

Scan Source Code

1
sourceanalyzer -b <buildId> -scan -f output.fpr

Maven

Installation

1
vn install:install-file -Dfile=sca-maven-plugin/sca-maven-plugin-20.1.1.jar -DpomFile=sca-maven-plugin/pom.xml

Compile & Translate

1
mvn com.fortify.sca.plugins.maven:sca-maven-plugin:<ver>:translate

Scan Source Code

1
sourceanalyzer -b <buildId> -scan -f output.fpr

Python

Compile & Translate

1
sourceanalyzer -b <buildId> -python-version 3 -python-path /Users/sametemiroglu/.pyenv/versions/python3.6.15:/Users/sametemiroglu/.pyenv/versions/python3.6.15/site-packages projects/*.py

Scan Source Code

1
sourceanalyzer -b <buildId> -scan -f output.fpr