Output Options
The following table describes the output options. Apply all these options during the analysis phase (with the -scan option). You can specify the build-label, build-project, and build-version options during the translation phase and they are overridden if specified again for the analysis phase.
| Output Option | Description |
|---|---|
|
|
Specifies the file to which analysis results are written. If you do not specify an output file, Fortify Static Code Analyzer writes the output to the terminal. Equivalent Property Name:
|
|
|
Controls the output format. Valid options are The FVDL is an XML file that contains the detailed Fortify Static Code Analyzer analysis results. This includes vulnerability details, rule descriptions, code snippets, command-line options used in the scan, and any scan errors or warnings. The FPR is a package of the analysis results that includes the FVDL file as well as extra information such as a copy of the source code used in the scan, the external metadata, and custom rules (if applicable). Fortify Audit Workbench is automatically associated with the Note: If you use result certification, you must specify the You can prevent some information from being included in the FPR or FVDL file to improve scan time or output file size. See other options in this table and see Optimizing FPR Files. Equivalent Property Name: |
|
|
Appends results to the file specified with the The engine data, which includes Fortify Software Security Content information, command-line options, system properties, warnings, errors, and other information about the execution of Fortify Static Code Analyzer (as opposed to information about the program being analyzed), is not merged. Because engine data is not merged with the If this option is not specified, Fortify Static Code Analyzer adds any new findings to the FPR file, and labels the older result as In general, only use the Equivalent Property Name: |
|
|
Specifies a label for the project to include in the analysis results. You can include this option during the translation or the analysis phase. Fortify Static Code Analyzer does not use this label for code analysis. Equivalent Property Name: |
|
|
Specifies a name for the project to include in the analysis results. You can include this option during the translation or the analysis phase. Fortify Static Code Analyzer does not use this name for code analysis. Equivalent Property Name: |
|
|
Specifies a version for the project to include in the analysis results. You can include this option during the translation or the analysis phase. Fortify Static Code Analyzer does not use this version for code analysis. Equivalent Property Name: |
|
|
Excludes source files from the analysis results file. Equivalent Property Name: |
|
|
Excludes the Fortify Software Security Content descriptions from the analysis results file. Equivalent Property Name:
|
|
|
Excludes engine data from the analysis results file. The engine data includes Fortify Software Security Content information, command-line options, system properties, warnings, errors, and other information about the Fortify Static Code Analyzer execution. Equivalent Property Name:
|
|
|
Excludes program data from the analysis results file. This removes the taint source information from the Functions view in Fortify Audit Workbench. Equivalent Property Name:
|
|
|
Excludes the code snippets from the analysis results file. Equivalent Property Name:
|