Semmle 1.24
Skip to end of metadata
Go to start of metadata


The bootstrap tool is used to create a Semmle project for a new code base. The tool acts as a wizard that prompts you to enter the information required to configure and create the new project, which can greatly speed up project creation for conventional set-ups. Although not every version control system or build method is supported by the tool, many common ones are, and the tool offers you the additional flexibility of customizing the version control / build command for supported set-ups when the default configuration is insufficient. In addition, you can use the tool to add a snapshot, run a set of analyses, and export the snapshot for use in your IDE.


This tool is run from the command line as follows:


 odasa bootstrap [--verbose] [--verbosity <level>] [--no-java-agent] [--experimental]


If the programming languages listed do not include the language that you want to analyze then you should check that your Semmle license includes analysis of this language. If you think that you should have this language included, and it is not listed here, then please contact GitHub Support.


The --experimental flag is not supported for use by customers.



The bootstrap tool supports the following flags:


Optional. Output more detailed information about actions. This increases the verbosity to level 4.

Default: level verbosity


Optional. Define the precise level of reporting required where 0 suppresses all output and 6 reports all levels of detail available. You can use the --verbose flag as shorthand for --verbosity 4 .

Default: 3


Optional, for Java projects only. Generate a project configuration to analyze code using a customized JAVA_HOME directory.

Default: generate a project configuration to analyze code by injecting a custom Java agent into the build process. This is the recommended method of analysis because it enables analysis of the code with minimal impact on the normal build process.

--experimental--Supported for internal use only.


c:\odasa>odasa bootstrap

*** ODASA Bootstrap ***
(c) Semmle ltd.

Welcome to the ODASA bootstrap utility, which is designed to help you get
started by generating a basic configuration file for a new project.

You will be prompted for a series of choices, which will determine the
configuration that will be generated. Any time you are prompted for input, you
can just enter '?' to see a more detailed explanation of the possible inputs.

Please enter the project name: >

For tutorials on using bootstrap see:


The bootstrap tool prompts you to define the configuration of a new project, including:

  1. Basic project details – the name of the project and the language of the code base.
  2. Source code extraction method – the type and location of the repository used. The tool also provides the option of defining a specific code version to analyze.
  3. Build method for the code base – the build location, method and whether or not a clean step is required.

When you have finished defining the configuration, a project configuration file is created and stored in a new subdirectory of odasa/projects. Then you are prompted to:

  • Create a snapshot for the project immediately by accepting the option to add a snapshot. This creates a new snapshot directory in the project subdirectory.
  • Run a set of analyses. This can be the default set, or a custom set. The results are stored in SARIFv2 format in the project data directory.
  • Export the snapshot as a zip archive. This zip archive is stored in the project data directory.

If the code base uses a non-standard build method then you need to exit the bootstrap process and edit the project file before you start analysis (see Advanced project creation for an example).

If your system is set up to store configuration and data files separately from the Semmle Core distribution files, the project configuration files are created in sub-directories of SEMMLE_HOME/projects. Any snapshots that you export or SARIFv2 files you create are stored in sub-directories of SEMMLE_DATA/projects using the same naming conventions.

Known limitations

The bootstrap tool has pre-configured settings for many of the most popular source code repositories and build methods. If you create a project for a code base that is not covered by these settings or that requires multiple checkout or build commands, then you will need to edit the project file manually when you exit the bootstrap tool.