Quick Start (Command Line)

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Java

Binaries

Quick Start (Command Line)

This section is designed to get you started using CodeSonar as quickly as possible. If you get stuck, see the links provided for more detailed information. For a guided introduction to CodeSonar see the tutorial.

Overview

In most cases we recommend starting with the CodeSonar tutorial. However, if you want to get started as quickly as possible (for example, because you have used CodeSonar before and just need a refresher), the steps are as follows.

Install CodeSonar, if you have not already done so: see section Installing or Upgrading CodeSonar.
Set up a hub, if one is not already running: see section Installation: Setting Up The Hub.
Build and analyze your project.
Browse the analysis results.

3. Build and Analyze

The codesonar binary resides in the $CSONAR/codesonar/bin subdirectory of the CodeSonar installation. To invoke CodeSonar without specifying the path, add $CSONAR/codesonar/bin to your PATH environment variable.

On the command line, execute

codesonar analyze path/to/project-name host:port command

where:

project-name	is the CodeSonar project name, used to identify the project to the hub. It can be different to the name of the software project you are analyzing, although it does not have to be.
/path/to/	is the project directory that CodeSonar should use to store files it generates for the analysis. You must have file system write access to this directory. Many users prefer to specify a directory that is outside their source directory. Windows users should specify a directory located outside the Program Files directory tree.
host:port	is the hub location.
command	varies depending on the language of the software to be analyzed. See the language-specific project build documentation for full details. C and C++ : the command you usually use to build your software project. Java : a cs-java-scan command. C# : a cs-dotnet-scan command.

For example, to analyze a C/C++ project whose regular build command is make myproj:

codesonar analyze /myfiles/cs-myproj hubmachine:7340 make myproj

CodeSonar will generate various files in directories /myfiles/ and /myfiles/cs-myproj.prj_files/.
The analysis results will be sent to the hub at hubmachine:7340, and associated with the CodeSonar project called cs-myproj. If this project does not already exist on the hub, it will be created.

The degree of parallelism in the analysis will depend on the setting of ANALYSIS_SLAVES.

For more details, see section Command Line Build/Analysis.

4. Browse

When CodeSonar has finished building and analyzing your project, it will print the URL at which the analysis results will be available. Use a web browser to open the URL.

This is the Analysis page. It displays information about the CodeSonar analysis of the project. By default it will show the Warnings tab, which contains a table with a line of information about each warning generated.

If the analysis is still running, the Analysis State field will describe the current state of the analysis. Use your browser's Reload command to refresh the page.
When the analysis is finished, the Analysis State field will read Finished.

To view a warning report, click anywhere on its entry in the summary table. A warning report page will open, containing:

summary information for the CodeSonar analysis of the project,
summary information for the warning, and
a code excerpt with lines of interest highlighted, together with line numbers and annotations indicating problem conditions (where present).

For more details, see section Warning Report.

To report problems with this documentation, please visit https://support.codesecure.com/.