CodeSonar Installation

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

Installing or Upgrading CodeSonar

This is the main section for CodeSonar installation instructions.

Where To Install
If You Are Upgrading
Installing CodeSonar
What's Next?

Requirements

If your source tree has non-ASCII file or directory names, then:
- The locales package must be installed.
- The locale environment corresponding to those file and directory names must be defined.
See the documentation for your Linux distribution if you need information on defining a locale environment: the mechanism is distribution-dependent. For example, Ubuntu and Debian provide command locale-gen; CentOS and Fedora provide command localedef.

Where To Install

Install CodeSonar:

On every machine that will be running the CodeSonar build/analysis .
On every machine that will run a hub. Hubs do not need to be run on the same machine as analyses, or even on the same platform.
CodeSonar SaaS Note: if you are using CodeSonar SaaS, you will be using an external SaaS hub instead of running your own hubs.

Note in particular that you do not need to install CodeSonar on machines that will only be browsing analysis results through the CodeSonar Web GUI.

Kubernetes Note

As an alternative to installing CodeSonar directly, you can use the CodeSonar 64-bit Linux installer to install and run CodeSonar on a Kubernetes cluster. You can run both your hub and your analyses on the cluster, or run your hub on the cluster and perform analyses elsewhere.

If you wish to deploy CodeSonar on Kubernetes, follow the instructions in section Install CodeSonar on a Kubernetes Cluster.

If You Are Upgrading

If you are upgrading an existing CodeSonar installation, follow these steps. $CSONAR refers to the CodeSonar installation directory.
If you are not upgrading, go on to Installing/Upgrading CodeSonar

Are you using CodeSonar SaaS?
- YES: contact CodeSecure support to arrange a convenient time for your SaaS hub to be upgraded.
- NO: Are you responsible for an existing CodeSonar hub?
  - YES:
    1. If your hub directory is located under the CodeSonar installation directory, relocate it.
    2. If the hub is running, shut it down.
    3. Make a backup copy of the hub directory. (This step is not essential, but is recommended.)
  - NO: Go on to the next step.
Are you responsible for a CodeSonar license key server?
- YES: stop the server.
- NO: Go on to the next step.
(Note that in most cases you will not be running a license key server.)
Do you want to also keep your previous CodeSonar installation on this machine?

CodeSonar SaaS Note: if you are only using SaaS analyzers managed by CodeSecure, there is no need to keep your previous installation. If you have performed some or all of your analyses locally (that is, without using SaaS analyzers), you may wish to keep the previous installation for convenience as described below.

If you keep your previous CodeSonar installation, you will retain the ability to view information (in particular, source file listings) that is stored in the analysis directories for analyses performed on this machine with the previous installation. If you do not keep your previous CodeSonar installation, you will only be able to view this information once you have re-analyzed the project with the upgraded installation. Note that this applies only to information stored in the analysis directory. Most information, including warning reports, is stored on the hub and will remain available regardless of whether or not you keep the previous installation.
- YES: You will need to select a new installation directory for the upgraded version of CodeSonar. Do not reuse the same installation directory, and do not uninstall the previous installation.
- NO: You can uninstall the previous version of CodeSonar and reuse the same installation directory if you wish.
If you have edited your configuration template file, $CSONAR/codesonar/template.conf, save a copy of it somewhere outside $CSONAR.
If you want to use the same CodeSonar installation directory as previously, you will need to uninstall. Remove $CSONAR and all its subdirectories.
Install CodeSonar as described below.
Follow the instructions in Upgrading Configuration Files to merge your old configuration files with the newly installed ones.
Are you using CodeSonar SaaS?
- YES: Go on to Hub Setup: Connecting to an Existing Hub.
- NO: Are you responsible for an existing CodeSonar hub?
  - YES: Follow the instructions in Upgrading an Existing Hub to upgrade the hub to work with your upgraded installation.
  - NO: Go on to Hub Setup: Connecting to an Existing Hub.

Installing/Upgrading CodeSonar

You will receive email from CodeSecure with download instructions that include the following.

A link to the CodeSonar product download site.
Download credentials.
A link to a page where you can generate a customized CodeSonar setup guide.

If you haven't already done so, download the installation file now:

Open the download site in your web browser. If you cannot locate the email with the URL, use https://links.codesonar.com/support/login/.
Authenticate using the download credentials provided in the email from CodeSecure. If you don't recall your password, click the Please remind me link at the bottom of the page and follow the password recovery instructions provided.
Download the installation file for your operating system.
[Optional] You can use the link provided to create a customized CodeSonar setup guide and follow that rather than working through the remainder of these instructions.
- If you prefer a stand-alone document that contains only instructions relevant to your own installation requirements, create and use a customized guide.
- If you prefer to be able to follow hyperlinks to other manual content from the installation instructions, use the instructions in the manual.

Your downloaded file will be a CodeSonar tarball whose name is codesonar-9.2p0.20260428-x86_64-pc-linux.tar.gz (the date stamp part of the name may vary).

Save the tarball to your system.
Untar the tarball to the directory of your choice. The directory name should not contain spaces or special characters.
gzip -cd /path/to/codesonar-9.2p0.20260428-x86_64-pc-linux.tar.gz | tar xf -

The contents of the tarball will be extracted into ./codesonar-9.2p0.
Read the license file at ./codesonar-9.2p0/EULA.txt. Note that by using CodeSonar, you are agreeing to these license terms.
Add $CSONAR/codesonar/bin to your PATH environment variable, where $CSONAR is the CodeSonar installation directory.
Run the following command, as the same user who performed the installation.
codesonar activate
You will be prompted with two yes/no questions.
1. First, you will be asked to accept the End User License Agreement (EULA).
  - Enter y at the prompt if you wish to accept the license agreement and proceed.
2. If you accept the EULA, you will be asked "Send anonymous usage statistics to CodeSecure?".
  CodeSonar collects a range of anonymized statistics about usage and performance. If you opt in to sending these statistics to CodeSecure, they will be uploaded periodically and aggregated with all usage statistics collected from other sources. The statistics do not include any identifying information, and do not include any kind of unique identifier for coordinating multiple submissions from the same site.
  
  The collection of usage statistics is always active. If you opt out of sending the statistics to CodeSecure, they will be temporarily stored on your local system. You can change this setting at any time.
  - Enter y at the prompt to opt in; n to opt out.

What's Next?

Now go on to Setting Up The Hub.

To report problems with this documentation, please visit https://support.codesecure.com/.