Analysis Phase

The analysis phase scans the intermediate files created during translation and creates the vulnerability results file (FPR).

The analysis phase consists of one invocation of sourceanalyzer. You specify the build ID and include the -scan directive with any other required analysis or output options (see Analysis Options and Output Options).

The following example shows the command-line syntax to perform the analysis phase and save the results in an FPR file:

sourceanalyzer -b MyProject -scan -f MyResults.fpr

Note: By default, Fortify Static Code Analyzer includes the source code in the FPR file.

To combine multiple builds into a single scan command, add the additional builds to the command line:

sourceanalyzer -b MyProject1 -b MyProject2 -b MyProject3 -scan -f MyResults.fpr