How the -append option changes FRP results.

We have a team that uses SCA to scan different modules, and appends them into a single FPR.  I assume this breaks the data flow analysis.  Is that correct?  Are there any other considerations for breaking up the scan and appending?

  • Verified Answer

    When you use -append, the results generated by that scan are simply added to any existing results in the output FPR. No analysis is performed on the results already in the FPR.

    The intention behind the -append function, is to allow you to combine the results of two disparate scans into one FPR.

    You should not use -append in order to split up the scanning of a project into smaller pieces, as analysis will not be performed across the separate scans.

    If it is natural to split up your translations (e.g. when different components of a system require different build processes), then you should either use the same build ID for all those translations, or specify all the build IDs used by the components at scan time (example below), therefore allowing all the code for the project to be scanned at once.

    sourceanalyzer -b firstbuildid -b secondbuildid -b ... -scan -f scan.fpr


  • Was your question answered? If so, please mark the question as correct, so other users will know. Thanks!