bootstrap tool is used to create a Semmle project for a new code base. The tool acts as a wizard that prompts you to enter the information required to configure and create the new project, which can greatly speed up project creation for conventional set-ups. Although not every version control system or build method is supported by the tool, many common ones are, and the tool offers you the additional flexibility of customizing the version control / build command for supported set-ups when the default configuration is insufficient. In addition, you can use the tool to add a snapshot, run a set of analyses, and export the snapshot for use in your IDE.
This tool is run from the command line as follows:
If the programming languages listed do not include the language that you want to analyze then you should check that your Semmle license includes analysis of this language. If you think that you should have this language included, and it is not listed here, then please contact GitHub Support.
--experimental flag is not supported for use by customers.
bootstrap tool supports the following flags:
Optional. Output more detailed information about actions. This increases the verbosity to level 4.
Optional. Define the precise level of reporting required where
Optional, for Java projects only. Generate a project configuration to analyze code using a customized
Default: generate a project configuration to analyze code by injecting a custom Java agent into the build process. This is the recommended method of analysis because it enables analysis of the code with minimal impact on the normal build process.
|-||-||Supported for internal use only.|
For tutorials on using
- Tutorial: Basic project creation (C/C++)
- Tutorial: Basic project creation (C#)
- Tutorial: Basic project creation (Go)
- Tutorial: Basic project creation (Java)
- Tutorial: Basic project creation (Python)
bootstrap tool prompts you to define the configuration of a new project, including:
- Basic project details – the name of the project and the language of the code base.
- Source code extraction method – the type and location of the repository used. The tool also provides the option of defining a specific code version to analyze.
- Build method for the code base – the build location, method and whether or not a clean step is required.
When you have finished defining the configuration, a
project configuration file is created and stored in a new subdirectory of
odasa/projects. Then you are prompted to:
- Create a snapshot for the project immediately by accepting the option to add a snapshot. This creates a new snapshot directory in the project subdirectory.
- Run a set of analyses. This can be the default set, or a custom set. The results are stored in SARIFv2 format in the project data directory.
- Export the snapshot as a zip archive. This zip archive is stored in the project data directory.
If your system is set up to store configuration and data files separately from the Semmle Core distribution files, the project configuration files are created in sub-directories of
SEMMLE_HOME/projects. Any snapshots that you export or SARIFv2 files you create are stored in sub-directories of
SEMMLE_DATA/projects using the same naming conventions.
bootstrap tool has pre-configured settings for many of the most popular source code repositories and build methods. If you create a project for a code base that is not covered by these settings or that requires multiple checkout or build commands, then you will need to edit the project file manually when you exit the bootstrap tool.