Fortify Static Code Analyzer – Improving Performance – Tuning Options

Fortify Static Code Analyzer can take a long time to process complex projects. The time is spent in different phases:

· Translation

· Analysis

Fortify Static Code Analyzer can produce large analysis result files (FPRs), which can cause a long time to audit and upload to Micro Focus Fortify Software Security Center. This is referred to as the following phase:

· Audit/Upload

The following table lists tips on how to improve performance in the different time-consuming phases.

Phase Option Description
Translation -export-build-session
-import-build-session
Translate and scan on different machines
Analysis -Xmx<size>M | G Set maximum heap size
Analysis -Xss<size>M | G Set stack size for each thread
Analysis -bin Scan the files related to a binary
Analysis -quick Run a quick scan
Analysis

Audit/Upload

-filter <file> Apply a filter using a filter file
Analysis

Audit/Upload

-disable-source-bundling Exclude source files from the FPR file

Leave a Comment