It is more efficient to break down large projects into independent modules. For example, if you have a portal application that consists of several modules that are independent of each other or have very little interactions, you can translate and scan the modules separately. The caveat to this is that you might lose dataflow issue detection if some interactions exist.
For C/C++, you might reduce the scan time by using the
–bin option with the
–scan option. You need to pass the binary file as the parameter (such as
‑bin <filename>.exe ‑scan or
‑bin <filename>.dll ‑scan). Fortify Static Code Analyzer finds the related files associated with the binary and scans them. This is useful if you have several binaries in a makefile.
The following table lists some useful Fortify Static Code Analyzer command-line options to break down codebases.
||Specifies a subset of source files to scan. Only the source files that were linked in the named binary at build time are included in the scan. You can use this option multiple times to specify the inclusion of multiple binaries in the scan.|
||Displays all objects that were created but not used in the production of any other binaries. If fully integrated into the build, it lists all of the binaries produced.|
||When used with the