Compilation Instructions for C/C++ on Solaris and Linux

Compilation Guide

Compilation Instructions for C/C++ on Solaris and Linux

See the master compilation guidelines for instructions for other platforms.

Required Files

The Veracode Platform requires all binary executables, all required libraries, and the complete debug information for the application.

Supported C/C++ on Solaris and Linux Platforms and Compiler Versions

Platform & Architecture Version Compiler
Solaris (SPARC) 2.7-2.10 gcc 3.3, 3.4, 4.0-4.2
Red Hat Enterprise Linux (x86) 3, 4, 5 gcc 3.2-3.4, 4.0-4.2, 4.8, 4.9
Fedora (x86) 5, 6 gcc 3.2-3.4, 4.0-4.2, 4.8, 4.9
CentOS (x86) 3, 4, 5 gcc 3.2-3.4, 4.0-4.2, 4.8, 4.9
openSUSE (x86) 10,11 gcc 4.1, 4.5, 4.8, 4.9
Solaris (SPARC64) 2.8-2.10 gcc 3.3, 3.4, 4.0-4.2
Red Hat Enterprise Linux (x86-64) 5-7 gcc 4.1, 4.4, 4.7-4.9, 5.3-5.5, 6.3
Fedora (x86-64) 5-7 gcc 4.1, 4.4, 4.7-4.9, 5.3-5.5, 6.3
CentOS (x86-64) 5-7 gcc 4.1, 4.4, 4.7-4.9, 5.3-5.5, 6.3
openSUSE (x86-64) 11 gcc 4.5, 4.8, 4.9

Supported Architectures

Veracode supports analyzing C/C++ code compiled for the Intel IA32 and X86_64 architectures. Veracode does not currently support analyzing C/C++ code compiled for Itanium (IA64), Alpha, MIPS, PowerPC, ARM, or other microarchitectures.

Platform Specific Debug Settings

Please ensure the binary files are compiled with the following debug flags:

  1. Compile code with -gdwarf-2 -g3 -O0 -fno-builtin flags.
  2. Do not compile code with any of the following options:
    • -O
    • -mflat
    • -mno-faster-structs
    • -mimpure-text
    • -mcpu={ultrasparc or ultrasparc3}
    • -mtune={ultrasparc or ultrasparc3}
    • -mlittle-endian
    • -mcmodel
    • -mstack-bias
    • -p, -pg, -fprofile-<any>

Packaging Guidance

  • You must package applications as EXE, TAR, TAR.GZ, TGZ, or SO files.
  • Dwarf debug symbols are mandatory for main executables. Failure to upload debug symbols for Solaris or Linux C/C++ applications prevents the scan from proceeding.
  • Failure to upload dependencies for Solaris or Linux C/C++ applications results in a warning during prescan.

Compatibility Notes

  • GCC 4.4 is only supported on 64-bit RedHat Enterprise Linux 5 and 6, and 32-bit and 64-bit openSUSE 11.
  • You must package applications as a TAR file (extensions of .tar, .tar.gz, .tgz), ZIP file, or submit individual native binaries with the .so extension.