The tutorial covers basic use of the
odasa bootstrap tool to retrieve source files, start code analysis and export a snapshot of the project.
Time needed: 10–15 minutes
This tutorial assumes:
- You have installed release 1.17 or above of Semmle's analysis software—see Installing Semmle Core.
- You have installed Git and added it to your path – see http://git-scm.com/book/en/Getting-Started-Installing-Git.
Create a new project with odasa bootstrap
The quickest way to create a new Semmle analysis project is to use the
The bootstrap tool's on-screen instructions indicate what you should enter at each step. However, the first time you run it, you may find it useful to refer to the following procedure for some additional information.
Open a command console.
- Change to the directory where Semmle Core is installed—for example,
- Make sure the environment is set up correctly:
Linux and OS X:
See Setting up the environment.
Enter the following command to start the bootstrap tool:
The tool guides you through the rest of the process. The remainder of the steps provided below give some additional guidance that you may find useful the first time you run the bootstrap tool.
For additional on-screen information, enter
?at any of the prompts.
- Make sure to enter a capital
- Make sure to enter a capital
The PDF.js project uses Git as the version control system for its source code.
The PDF.js project stores its source code in GitHub.
bootstraptool with the URL of the repository makes it possible to automatically download the latest version of the software each time an analysis is triggered.
Press Enter without specifying a branch name.
The bootstrap tool will default to cloning the code from the "master" branch for the project.
Configure TypeScript analysis
Decide whether or not you want to include any TypeScript files (
.tsx) in the analysis. At the time of writing, this example project contains no TypeScript files.
What to extract
Press Enter without specifying a command.
This causes all of the PDF.js code base to be extracted, rather than just specific directories or files.
Creating a snapshot
You have now supplied all the information needed for the project file that is used each time a snapshot is generated. You can now go ahead and create a snapshot.
This tells the bootstrap tool that you want to clone the current PDF.js source files from GitHub and generate files needed to build a Semmle snapshot. This command will be run at the end of the bootstrap process.
Running a set of analyses
This tells the bootstrap tool that you want to run a set of queries to analyze the snapshot. This command will be run at the end of the bootstrap process.
Specifying an analysis suite
Exporting the database archive
This tells the bootstrap tool to create a zip archive containing a snapshot in your project directory. This command will be run at the end of the bootstrap process.
The bootstrap tool now:
- Clones the current PDF.js source files from GitHub, and generates files needed to build the snapshot.
- Exports the snapshot as a zip archive. You can use this snapshot to run queries in your IDE, for example using the QL for Eclipse plugin.
Completing these operations will take a few minutes.
When the bootstrap tool finishes, it displays a message like this:
Now you can view the analysis results in a SARIF viewer, or import the snapshot database into your IDE and run additional analyses.
If error messages are reported, you can investigate the problem by reviewing the log files:
Before rerunning the bootstrap process, enable prototyping mode. This will help with any further troubleshooting you need to do.
Query the snapshot in your IDE
If you install a QL plugin or extension, you can easily write custom queries to analyze snapshots and view the results directly in your IDE.
Create more snapshots
Use the bootstrap tool to create a project for your own code base.
Work through the tutorial on advanced project creation to see some examples of the available configuration options.