Generating an IRX file by using the command line interface (CLI)

To initiate an analysis of your files, you must generate an IRX file to submit for scanning. To use the CLI to generate the IRX file, follow these instructions.

Procedure

To generate the IRX file:
  1. At the command prompt, issue a command to change directory to the location that contains your files.
    See Static analysis language support to learn about supported file types. If you are scanning Java projects in Eclipse, change directory to your Eclipse workspace.
    Note:
    • This step is not necessary if you are using a configuration file to generate the IRX file. See Configuring IRX file generation with the CLI.
    • Using the CLI, you cannot scan individual projects in an Eclipse workspace - you can scan only the entire workspace. If you want to scan individual projects, you must generate the IRX file in Eclipse.
    • .dll and .exe files must be valid .NET assemblies.
  2. Issue the appscan prepare (Windows) or appscan.sh prepare (Linux and macOS) command. This command is used with options that are listed in the Configuration commands (Windows) and Configuration commands (Linux and macOS) topics.
    For example, use -d and -n options for specifying a specific directory for saving the IRX file to and saving the file with a particular file name. In addition, run the command with a configuration file to specify additional information that would help to generate a complete IRX file. See Configuring IRX file generation with the CLI.
    Note: You can use AppScan Go! to create a configuration file. See Configuring a scan using AppScan Go!.
    Tip: By default, third-party Java and .NET code is not scanned during IRX file generation. You can modify third-party code exclusion settings by following the instructions in Managing third-party Java and .NET exclusions. To include third-party code, specify the -t or --thirdParty option when you issue the prepare command.
    Note: When you scan code or generate an IRX file, you might receive a message about updating to the latest Static Analyzer Command Line Utility. See Command Line Utility (CLI) support.
  3. After the command is issued, the Command Line Utility gathers information for any supported files in the directory from which the command was issued, and all of its subdirectories.
    An IRX file is created in the directory. The name of this file is based on the directory from which the command was issued and includes a date and time stamp (assuming you did not use a configuration option for specifying a different file name).
  4. Submit the IRX file to the cloud for analysis:
    Note: Configure the Static Analyzer Command Line Utility to use a system proxy if necessary.