SCA 16.10. Scanning Objective-C, .m extension
We are trying to scan an Objective C project. It uses the .m extension. I don't see .m in fortify-sca.properties. Is there any trick to this. We also need to scan their pods (??) which are internal frameworks/libraries. The approach we are going to try and take is to translate all of the pods, and use those files with the application scan. The unknown at this point is the .m extension.
C languages, including Objective-C can't be translated directly, so their extensions aren't included in the fortify-sca.properties file
You have to translate them by invoking the compiler; for Objective-C projects, it's easiest to use the xcodebuild integration.
- cd to root of Xcode project directory
- Run a command like this:
sourceanalyzer -b somebuildid xcodebuild clean build
If your project uses a workspace, as is typical for CocoaPods projects, you'll need to adjust the xcodebuild command to target the workspace instead, e.g.:
sourceanalyzer -b somebuildid xcodebuild -workspace <WorkspaceNameHere>.xcworkspace -scheme <Scheme in project to build here> clean build
(You can list the available schemes with this command: xcodebuild -list -workspace <WorkspaceNameHere>.xcworkspace)
Fortify L3 Support Engineer