CodeSonar Plug-in for Visual Studio: Build and Analyze a Project [Windows only]

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Third-Party External

CodeSonar Plug-in for Visual Studio: Build and Analyze a Project [Windows only]

This section explains how to build and analyze a project with the CodeSonar plug-in for Visual Studio.

Prerequisites
Setting Up
Build and Analyze a Project
Analyze Automatically
The Project Hub
Output tab
Next
Visual Studio Plug-in Links

Prerequisites

If you have not already installed the CodeSonar plug-in for Visual Studio, install it now.

The CodeSonar build/analysis can only be performed and its results browsed by a user with the following permissions.

Does the project P already exist on the hub?
- YES: PROJECT_ADD_CHILD, ANALYSIS_READ, ANALYSIS_WARNING_EXISTS, and ANALYSIS_WARNING_READ for P.
- NO: PTREE_ADD_CHILD, ANALYSIS_READ, ANALYSIS_WARNING_EXISTS, and ANALYSIS_WARNING_READ for the project tree under which you are creating the project.
(Futher ANALYSIS_* permissions are required if you wish to annotate warnings or make other changes to the CodeSonar hub database.)
Global permissions G_LIST_PROPERTIES and G_LIST_USERS.

If special user Anonymous does not have these permissions, you will need to provide credentials for a hub user account that does have them (and also has G_SIGN_IN and either G_SIGN_IN_PASSWORD or G_SIGN_IN_CERTIFICATE).

If you aren't sure whether or not you have or need a user account, consult the hub Administrator. They may need to create a user account for you, or to provide you with information about an existing account that has been created for you.
To create a hub user account, follow the instructions in Task: Add a New User Account for Yourself.

Setting Up

Before you can build and analyze a project, you will need to set the project's analysis mode to Hook mode, and specify a CodeSonar hub to manage the analysis results. If this is a C# build project, you will also need to set up a post-build step to trigger the CodeSonar analysis.

You will only need to perform these setup steps once for each project.

In the Solution Explorer, right-click on the project you want to analyze.
A menu will open.
Select CodeSonar > Enable > Hook Build from the menu.
A CodeSonar dialog will notify you that a clean build is recommended.
- Click Yes to activate CodeSonar and proceed with a clean build.
- Click No to activate CodeSonar without cleaning.
- Close the dialog box without clicking either button if you do not wish to activate CodeSonar.
Right-click on the project again, and select CodeSonar > Properties from the menu.
Visual Studio will display the CodeSonar Project Properties dialog for the project.
Enter your hub location in the Hub address field.

Work through the following steps to establish your hub authentication settings for the project.

Select a hub authentication mode: Anonymous only, Password, or Certificate.

Enter any additional information required for the hub authentication method you selected.

Anonymous only	no further information required.
Password	select/deselect Try Anonymous First according to your preference, then enter the Username and Password for a hub user account on the hub specified in the Hub address field.
Certificate	enter the Certificate location for the user certificate you will use for hub authentication, and the Private key location for the private key corresponding to that certificate.

Specify choices in the Build/Analyze section of the CodeSonar Project Properties dialog, if required. These options include: project file, project, presets, and configuration file.
Click Apply.
Click OK.

Is this a C# project?
NO: go on to the next step.
YES: work through the following steps to set up a post-build step that runs the CodeSonar C# analysis (this is not required for C and C++ projects).

Right-click on the project and select Properties from the menu.
The Project Properties dialog for the project will open.
Select Build > Events > Post-Build Event in the left hand panel of the dialog.

Enter a suitable cs-dotnet-scan command in the Command Line field.

if exist "%CodeSonarDotNetScan%" "%CodeSonarDotNetScan%" -msbuild-location "$(MSBuildToolsPath32)"  -msbuild-solution "$(SolutionPath)" -msbuild-project "$(ProjectPath)"

where:

%CodeSonarDotNetScan%	will expand to the full path to cs-dotnet-scan if you have hooked the build as described on this page, and to the empty string otherwise.
$(MSBuildToolsPath32)	is available in both Visual Studio and MSBuild projects. Always specify the "32" form of this build macro, even if you are using 64-bit MSBuild.
$(SolutionPath)	is typically available in .NET projects created in Visual Studio. Some MSBuild projects may not support this build macro, in which case you will need to adjust the -ms-build-solution argument to specify the path to your solution (.sln) file.
$(ProjectPath)	is typically available in .NET projects created in Visual Studio. Some MSBuild projects may not support this build macro, in which case you will need to adjust the -msbuild-project argument to specify the path to your project file.

Note: More complicated projects may require additional cs-dotnet-scan options.

Make sure Use in Build is set to Yes.
Click Apply.
Click OK.

Go on to Build and Analyze a Project.

Build and Analyze a Project

When the plug-in is enabled in Hook mode, it will automatically observe all Visual Studio builds of the project and accumulate CodeSonar project components based on those builds. Users can then invoke the CodeSonar analysis on the project as needed.

The relevant commands are available from the CodeSonar menu.

Command	Effect	Usage
CodeSonar > Build Project	The plug-in will execute a codesonar build command based on the Visual Studio build. This accumulates CodeSonar project components but does not finalize (or analyze) the CodeSonar project.	This command is provided for completeness - it is functionally equivalent to invoking the Visual Studio build.
CodeSonar > Analyze Project	The plug-in will execute codesonar analyze to finalize the CodeSonar project and run the CodeSonar analysis. If no CodeSonar project components have been accumulated, the plug-in will notify you when you try to invoke this command.	Use this command when you have run CodeSonar > Build Project, or the Visual Studio project has been built by some other mechanism, and there have been no subsequent code changes that you want to include in the analysis.
CodeSonar > Build/Analyze Project	The plug-in will execute a codesonar build command based on the Visual Studio build to accumulate project components, then execute codesonar analyze to finalize the CodeSonar project and run the CodeSonar analysis.	Use this command if you haven't built the Visual Studio project since enabling Hook mode, or if you want the analysis to include changes that have occurred since your last build.
CodeSonar > View Analysis Results	The plug-in will display the Analysis results pane with the Overview tab selected.	Use this to navigate to the Analysis results.

Analyze Automatically

Selecting CodeSonar > Analyze Automatically enables CodeSonar to always run an analysis when the project is built.

The Project Hub

The CodeSonar analysis requires a hub for managing analysis results, so the plug-in stores a hub address as part of the project properties.

The Setting Up instructions above include specifying a hub for the project's analysis results.
You can change the project hub using the Properties dialog.
If you invoke CodeSonar > Analyze Project or CodeSonar > Build/Analyze Project on a project that has no project hub specified, you will be prompted to specify one.

Output Tab

The Output tab displays build and analysis output (CodeSonar > Analyze Project, and the analysis component of CodeSonar > Build/Analyze Project) from project <Project Name>.

output tab

Go on to Viewing Analysis Results.

Visual Studio Plug-in Links

The following sections provide detailed information about installing and using the CodeSonar plug-in for Visual Studio.

Install and Configure the Plug-in
Build and Analyze a Project (current page)
Import Analysis Results
View Analysis Results
Preferences and Properties
CodeSonar Toolbar
Visual Studio Plug-in Tutorial

To report problems with this documentation, please visit https://support.codesecure.com/.