C/C++ (Beta)
This article shows you how to analyze your applications written in C/C++ using NG SAST. It assumes that you have already set up and authenticated with ShiftLeft.
Requirements
- optional: GCC and g++ (for auto-discovery of C/C++ system header files if included/used in your C/C++ code)
Analyzing your C/C++ application
note
ShiftLeft offers a sample application that you can use to run and test NG SAST.
To analyze your C/C++ application, run:
Parameter | Description |
---|---|
--app <name> | The name of the application to be analyzed |
--c | The flag identifying the application's language |
<path/to/code> | The path to your project |
See the CLI reference for additional sl analyze
options.
Scanning system header files
If you have GCC and g++ installed for the auto-discovery of C/C++ system header files, you can have ShiftLeft CORE scan these automatically for the evaluation of macros and predefined values. To do so, append a --
and the --with-include-auto-discovery
flag:
Because automatically scanning system header files can lead to increased scan times and memory consumption, we've disabled this feature by default.
Tagging results with your branch name
To include the branch name in your NG SAST results, allowing you to distinguish one set of results from another, add the following to your invocation of ShiftLeft:
If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }}
to populate your branch name.
If you don't provide a branch name, but ShiftLeft detects one available in your environment, it will use that name.
Troubleshooting
If you have any issues scanning your project, please see our general troubleshooting page.