Generating an IRX file by using the command line interface (CLI)

To be able to initiate an analysis of your files, you must generate an IRX file that you submit to the cloud. If you want to use the CLI, follow these instructions for creating that file.

Procedure

To generate the IRX file:
  1. At the command prompt, issue a command to change directory to the location that contains your files. See src_sys_req.html#src_sys_req__scan to learn about supported file types. If you are scanning Java projects in Eclipse, change directory to your Eclipse workspace.
    Note:
    • This step is not necessary if you are using a configuration file to generate the IRX file. See Configuring IRX file generation with the CLI.
    • Using the CLI, you cannot scan individual projects in an Eclipse workspace - you can scan only the entire workspace. If you want to scan individual projects, you must generate the IRX file in Eclipse.
    • .dll and .exe files must be valid .NET assemblies.
  2. Issue the appscan prepare (Windows) or appscan.sh prepare (Linux and macOS) command. This command is used with options that are listed in the Configuration commands (Windows) and Configuration commands (Linux and macOS) topics. For example, you can use -d and -n options for specifying a specific directory for saving the IRX file to and saving the file with a particular file name. In addition, you can run the command with a configuration file to specify additional information that would help to generate a complete IRX file. See Configuring IRX file generation with the CLI.
    Note: You can use AppScan Go! to create a configuration file. See Configuring a scan using AppScan Go!.
    Tip: By default, third-party Java and .NET code is not scanned during IRX file generation. You can modify third-party code exclusion settings by following the instructions in Managing third-party Java and .NET exclusions. To include third-party code, specify the -t or --thirdParty option when you issue the prepare command.

    If you are a developer of third-party code that would normally be excluded in a scan, you should use the setting to include the third-party code.

    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  3. After the command is issued, the Command Line Utility will gather information for any supported files in the directory from which the command was issued - and all of its subdirectories. An IRX file is created in the directory. The name of this file is based on the directory from which the command was issued and includes a date and time stamp (assuming you did not use a configuration option for specifying a different file name).
  4. Submit the IRX file to the cloud for analysis. To do this, issue the appscan queue_analysis command (Windows) or the appscan.sh queue_analysis command (Linux and macOS). This command is used with options that are listed in the Analysis commands (Windows) or Analysis commands (Linux and macOS) topics.