Contributor.. Contributor..

SCA 16.10. Scanning Objective-C, .m extension

We are trying to scan an Objective C project.  It uses the .m extension.  I don't see .m in fortify-sca.properties.  Is there any trick to this.  We also need to scan their pods (??) which are internal frameworks/libraries.  The approach we are going to try and take is to translate all of the pods, and use those files with the application scan.  The unknown at this point is the .m extension. 

1 Reply
Honored Contributor.
Honored Contributor.

Re: SCA 16.10. Scanning Objective-C, .m extension

C languages, including Objective-C can't be translated directly, so their extensions aren't included in the fortify-sca.properties file

You have to translate them by invoking the compiler; for Objective-C projects, it's easiest to use the xcodebuild integration.

Brief example:

- cd to root of Xcode project directory

- Run a command like this:

sourceanalyzer -b somebuildid xcodebuild clean build

If your project uses a workspace, as is typical for CocoaPods projects, you'll need to adjust the xcodebuild command to target the workspace instead, e.g.:

sourceanalyzer -b somebuildid xcodebuild -workspace <WorkspaceNameHere>.xcworkspace -scheme <Scheme in project to build here> clean build

(You can list the available schemes with this command: xcodebuild -list -workspace <WorkspaceNameHere>.xcworkspace)


Fortify L3 Support Engineer

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.