SCA 16.10. Scanning Objective-C, .m extension

We are trying to scan an Objective C project.  It uses the .m extension.  I don't see .m in fortify-sca.properties.  Is there any trick to this.  We also need to scan their pods (??) which are internal frameworks/libraries.  The approach we are going to try and take is to translate all of the pods, and use those files with the application scan.  The unknown at this point is the .m extension. 

  • C languages, including Objective-C can't be translated directly, so their extensions aren't included in the fortify-sca.properties file

    You have to translate them by invoking the compiler; for Objective-C projects, it's easiest to use the xcodebuild integration.

    Brief example:

    - cd to root of Xcode project directory

    - Run a command like this:

    sourceanalyzer -b somebuildid xcodebuild clean build

    If your project uses a workspace, as is typical for CocoaPods projects, you'll need to adjust the xcodebuild command to target the workspace instead, e.g.:

    sourceanalyzer -b somebuildid xcodebuild -workspace <WorkspaceNameHere>.xcworkspace -scheme <Scheme in project to build here> clean build

    (You can list the available schemes with this command: xcodebuild -list -workspace <WorkspaceNameHere>.xcworkspace)

    -Josh

    Fortify L3 Support Engineer