Semmle 1.21
Skip to end of metadata
Go to start of metadata

 

-

On this page:

Configuration files

FilePurpose

Configuration file

Semmle Core: defines the analysis for one Semmle dashboard, including the snapshots to analyze and the queries to evaluate for each snapshot. The configuration combines one or more Query suites with snapshot patterns to control the behavior of the buildDashboard tool.

Default path: SEMMLE_HOME/dashboards/<dashboard>/Configuration

project file

Semmle Core: defines the language, checkout commands, build commands and snapshot retention policy for a project.

queries.xml file

Semmle Core: defines the language of associated query files. This is used to resolve the import statements in associated query files and also to determine whether or not a query is compatible with the snapshot database or dashboard database that is currently being analyzed.

Query suites

Semmle Core: used to define a logical group of queries to simplify query management during analysis.

snapshot file

Semmle Core: configuration file created automatically when a snapshot is added a the project using the addSnapshot or addLatestSnapshot tool. It includes a definition of where the source code for the snapshot is stored and the commands required to build this code (copied from the project file or defined on the command line at the time of creation). The information is used when the snapshot is built and the snapshot is indexed to create a snapshot database. In normal operation there is no reason to edit the content of the snapshot file.

variables file

Semmle Core: The  variables  file allows you to define custom variables that can be used to augment a configuration in various ways. You can define variables for either a particular project or a particular snapshot.

Tools

CommandPurpose

addLatestSnapshot

Semmle Core: used to create a snapshot for the latest version of your code base. The checkout commands used to create the snapshot are defined by the project configuration file or entered on the command line.

addSnapshot

Semmle Core: used to create a snapshot for a historic version of the code base. The checkout commands used to create the snapshot are defined by the project configuration file or entered on the command line.

analyzeSnapshot

Semmle Core: optional command used to analyze a Semmle snapshot and generate data for display in a code review tool.

applySnapshotPolicy

Semmle Core: optional command to apply the snapshot deletion policy defined in a project configuration file to the snapshots stored for a project. During standard operation this task is performed by the addSnapshot and  addLatestSnapshot commands, but on distributed systems it may be necessary to carry this task out separately. For example, when snapshots are stored on a separate server from the server where the addSnapshot and addLatestSnapshot commands are run.

archiveSnapshot

Semmle Core: optional command to compact the snapshot database generated by the buildSnapshot tool manually.

autoBuild

Semmle Core: autoBuild makes configuring a compiled-language project for Semmle analysis easier by automatically working out the best build commands to use.

bootstrap

Semmle Core: this command guides users through the process of creating a project configuration file for a new code base. Users may also choose to add a snapshot to the project, run a set of analyses, and export the snapshot.

buildDashboard

Semmle Core: deprecated command used to analyze snapshots and build a dashboard database. The snapshots to include and analysis performed are defined by the dashboard Configuration file.

buildSnapshot

Semmle Core: command may be used to build and index a single snapshot of source code for a project. When the tool has finished the code index is ready for analysis. The build commands used are defined by the snapshot configuration file (copied from the project configuration on creation of the snapshot).

createOdasaJavaHome

Semmle Core: legacy command used for installations where Java builds are analyzed using a customized JAVA_HOME directory (the default behavior in Semmle 1.7.6 and earlier versions).

createProject

Semmle Core: this command enables you to create a new project by copying the project configuration file for an existing project or a predefined template. When the command finishes, you need to edit the new project configuration file, configure the checkout command and verify that the build steps are correct. If you want to create an entirely new project then you should use the bootstrap tool.

credentials

Semmle Core: This tool is used to create and manage credentials files which are used to store passwords, SSL private keys, and trusted certificates. The credentials stored in this file can be accessed by tools that need to authenticate with source code repositories or other secure systems.

deleteSnapshot

Semmle Core: You can use this tool to delete a snapshot from a project. This is most useful when you are setting up a new project and experimenting with options.

duplicateCode

Semmle Core: used to analyze a snapshot for the presence of duplicate code. Usually called automatically by a build command defined in the project file created by the bootstrap tool.

editProject

Semmle Core: optional command enables you to modify one or more properties of an existing project configuration file. This is an alternative to editing the project file manually and is typically used in a script to modify the checkout or build command part way through the process. 

editSnapshot

Semmle Core: command enables you to modify one or more properties of a snapshot, in addition you can add, change or delete metadata values associated with a snapshot. Often used in a build step in the project configuration file. When the command is run, the metadata set by the command is automatically incorporated into the snapshot database.

export

QL plugins and extensions: command used to export a snapshot generated using the QL command line tools for use in the QL plugins and extensions. The resulting snapshot can be imported into the QL plugins and extensions and used to write new queries.

exportQueryMetadata

Semmle Core: optional command used to process a set of queries and produce an output file describing the metadata associated with each query.

getSnapshot

Semmle Core: report the absolute path for a specific snapshot data directory.

getSnapshots

Semmle Core: report the absolute path for all snapshots in a specific project configuration (optionally, report all built or all unbuilt snapshots).

lint

Semmle Core: optional command used to analyze a Semmle snapshot and generate data for display in a code review tool. See also analyzeSnapshot.

overview

Semmle Core: used to provide a quick assessment of the number of lines of code and comment in a source code directory.

prepareQueries

Semmle Core: command may be used to compile new or updated query files to speed up future analyses. The analyzeSnapshot command automatically calls this before analyzing snapshots. All queries in the specified directory are reviewed and all new or updated queries are compiled (creating a .qlo file for each query).

qltest

Semmle Core: command provides a simple way to run regression tests for custom QL queries. The tool runs QL queries against source code that you provide, and it checks that the output of each query matches the expected results.

runQuery

Semmle Core: run queries on a Semmle database from the command line. Particularly useful as part of a script to generate CSV reports or if you want to test a new query for a system before you add it to the dashboard configuration.

selfTest

Semmle Core: used to report details of the current Semmle Core including the version and values of the SEMMLE_DIST, SEMMLE_HOME, and SEMMLE_DATA environment variables.

updateExternalData

Semmle Core: this tool enables you to update the external data stored in a snapshot database from the data stored in the external/data subdirectory of the snapshot directory without rebuilding the entire snapshot database.

upgrade

Semmle Core: can be used to upgrade snapshot databases that were created with an earlier version of Semmle to enable you to analyze them using the latest version. The database schema of the snapshot databases is updated so that it is compatible with current version of Semmle analysis.

version

Semmle Core: used to report the Semmle QL product version number.

Other reference topics

FilePurpose

Environment variables

Semmle Core: used to simplify build commands and can be customized to override the default locations and behavior of Semmle Core. See Semmle variables for configuration variables.

Query directives

Semmle Core: used in a query suite file to override the default properties of a query or to provide additional information for the calculation.

Semmle variables

Semmle variables are used in configuration files to simplify the configuration of Semmle analysis and to reduce the use of absolute paths (which make it difficult to relocate a project). Semmle variables can be used almost everywhere in the various configuration files.

variables file

Semmle Core: The  variables  file allows you to define custom variables that can be used to augment a configuration in various ways. You can define variables for either a particular project or a particular snapshot.