Generating an IRX file using the command line interface (CLI)

To initiate an analysis of your files, you must generate an IRX file to submit for scanning. To use the CLI to generate the IRX file, follow these instructions.


To generate the IRX file:
  1. At the command prompt, issue a command to change directory to the location that contains your files.
    See SCA language support to learn about supported file types. If you are scanning Java projects in Eclipse, change directory to your Eclipse workspace.
    • This step is not necessary if you are using a configuration file to generate the IRX file. See Configuring IRX file generation with the CLI.
    • Using the CLI, you cannot scan individual projects in an Eclipse workspace - you can scan only the entire workspace. If you want to scan individual projects, you must generate the IRX file in Eclipse.
    • .dll and .exe files must be valid .NET assemblies.
  2. Issue the appscan prepare -oso (Windows) or prepare -oso (Linux and macOS) command. This command is used with options that are listed in the Configuration commands (Windows) and Configuration commands (Linux and macOS) topics.
    For example, use -d and -n options for specifying a specific directory for saving the IRX file to and saving the file with a particular file name. In addition, run the command with a configuration file to specify additional information that would help to generate a complete IRX file. See Configuring IRX file generation with the CLI.
    Note: You can use AppScan Go! to create a configuration file. See Configuring a scan using AppScan Go!.
    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  3. After the command is issued, the Command Line Utility gathers information for any supported files in the directory from which the command was issued, and all of its subdirectories.
    An IRX file is created in the directory. The name of this file is based on the directory from which the command was issued and includes a date and time stamp (assuming you did not use a configuration option for specifying a different file name).
  4. Submit the IRX file to the cloud for analysis:
    Note: Configure the Static Analyzer Command Line Utility to use a system proxy if necessary.