Swift (Alpha)
This article shows you how to analyze applications written in Swift using preZero. It assumes that you have already set up and authenticated with Qwiet.
Requirements
See Prerequisites for more information.
Analyzing your Swift application
To analyze your Swift application, run:
sl analyze --app <name> --swiftsrc <path>
| Parameter | Description |
|---|---|
--app <name> | The name of the application to be analyzed (maximum length: 100 characters) |
--swiftsrc | The flag identifying the application's language |
<path> | The path to your project |
See the CLI reference for additional sl analyze options.
Additional parameters
The analysis accepts additional parameters after a double hyphen --.
sl analyze --app <name> --swiftsrc <path> -- ...
To exclude specific files or directories from the analysis:
sl analyze --app <name> --swiftsrc <path> -- --exclude <path>
To exclude files or directories based on a regular expression match:
sl analyze --app <name> --swiftsrc <path> -- --exclude-regex <expression>
Swift compiler support
Type information extraction via the Swift compiler is enabled by passing the --swift-build flag in the sl analyze command. When set, the tool attempts to compile the target as a Swift Package Manager (SwiftPM) package using swift build.
For projects that are not built with SwiftPM (for example, Xcode- or make-based builds), provide a build log that includes all swiftc invocations using the --build-log-path <path> option. Generate this log by capturing the output of your normal build process.
# SwiftPM project
sl analyze --app <name> --swiftsrc <path> -- --swift-build
# Xcode/make or other non-SwiftPM projects (using a captured build log)
sl analyze --app <name> --swiftsrc <path> -- --build-log-path <path>
For macOS and iOS applications, make sure to run the sl analyze command on a host that can successfully compile the project (for example, a macOS machine with the appropriate SDKs and toolchains installed).
Swift 6.1 or later is required for this functionality.
Sample usage
sl analyze --app shiftleft-swift-example --swiftsrc .
Tagging results with your branch name
To include the branch name in your preZero results, allowing you to distinguish one set of results from another, add the following to your invocation of Qwiet:
sl analyze --app shiftleft-swift-example --swiftsrc --tag branch=`git symbolic-ref --short HEAD` .
If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }} to populate your branch name.
If you don't provide a branch name, but Qwiet detects one available in your environment, it will use that name.
Troubleshooting
If you have any issues scanning your project, please see our general troubleshooting page.