Welcome to your step-by-step guide on using the Corax for Java – Community Edition, a powerful static code security analysis tool designed specifically for Java projects. This guide will walk you through getting started, from preparing your analysis target to viewing your reports. By the end, you’ll be equipped to enhance your code quality and security like a pro!
Project Introduction
CoraxJava is essentially a safety helmet for your Java projects. Just like you wouldn’t ride a bike without a helmet, you don’t want to run your code without checking for safety risks. The core of CoraxJava’s analysis engine is built on solid foundations from its more commercial counterpart, ensuring you get robust analysis capabilities.
Quick Start
To dive right into using CoraxJava, follow these steps:
Step 1: Prepare Your Analysis Target
- Your project should include complete Java source code.
- Gather all necessary build artifacts and third-party libraries. You will need to build them if they are not available.
- Verify that your project has a structure that can be analyzed—it should have relevant .class files or .jar/.war/.zip files.
Step 2: Analyze Quickly
Now, it’s time to analyze. Choose your operating system and follow the appropriate commands:
For Linux and macOS:
bash
chmod +x .coraxjw.sh
.coraxjw.sh --target java --auto-app-classes [project root directory] --output corax_reports
For Windows:
shell
@%SystemRoot%System32WindowsPowerShellv1.0powershell.exe -NoProfile -InputFormat None -ExecutionPolicy Bypass -File coraxjw.ps1 --target java --auto-app-classes [project root directory] --output corax_reports
Step 3: View Report
Once the analysis is complete, you can view the results:
- The results will be in SARIF format, stored in the provided output directory.
- For optimal viewing, we recommend using Visual Studio Code with the SARIF Viewer extension.
Set Up a Development Environment
Environment Requirements
You’ll need JDK version 17 installed. Verify your installation with the command:
bash
java -version
Compilation and Build
If you prefer to build the project yourself, execute:
bash
cd corax-community
./gradlew build
Ensure the path to CoraxJava core engine is correctly defined in gradle-local.properties.
Configure Parameters
To start analysis, manually configure essential parameters, ensuring you set up the project paths and any necessary configurations.
Troubleshooting
If you encounter any issues during your Corax setup or analysis, consider these troubleshooting tips:
- Verify that correct versions of Java and JDK are installed. An improper environment can lead to analysis failures.
- Ensure that all directory paths are correctly set, especially for outputs and inputs. Misconfigured paths are common culprits.
- If you face memory issues (OOM errors), free up more than 12GB of remaining memory as a best practice.
- Should you need additional support or insights, you can always reach out to the community through [GitHub Issues](https://github.com/Feysh-Group/corax-community/issues) or check out the [FAQ](docsenFAQ.md). For more insights, updates, or to collaborate on AI development projects, stay connected with [fxis.ai](https://fxis.ai).
Final Words
At [fxis.ai](https://fxis.ai), we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.
Now get out there and enable your code with the safety it deserves! Happy coding!