C/C++ (Beta)

This article shows you how to analyze your applications written in C/C++ using NG SAST. It assumes that you have already set up and authenticated with ShiftLeft.

Requirements

  • optional: GCC and g++ (for auto-discovery of C/C++ system header files if included/used in your C/C++ code)

Analyzing your C/C++ application

note

ShiftLeft offers a sample application that you can use to run and test NG SAST.

To analyze your C/C++ application, run:

sl analyze --app <name> --c </path/to/code>
ParameterDescription
--app <name>The name of the application to be analyzed
--cThe flag identifying the application's language
<path/to/code>The path to your project

See the CLI reference for additional sl analyze options.

Scanning system header files

If you have GCC and g++ installed for the auto-discovery of C/C++ system header files, you can have ShiftLeft CORE scan these automatically for the evaluation of macros and predefined values. To do so, append a -- and the --with-include-auto-discovery flag:

sl analyze --app <name> --c </path/to/code> -- --with-include-auto-discovery

Because automatically scanning system header files can lead to increased scan times and memory consumption, we've disabled this feature by default.

Tagging results with your branch name

To include the branch name in your NG SAST results, allowing you to distinguish one set of results from another, add the following to your invocation of ShiftLeft:

sl analyze --app <name> --c --tag branch=`git symbolic-ref --short HEAD` </path/to/code>

If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }} to populate your branch name.

If you don't provide a branch name, but ShiftLeft detects one available in your environment, it will use that name.

Troubleshooting

If you have any issues scanning your project, please see our general troubleshooting page.