Getting started with Fortify ScanCentral SAST

You can submit your project to Fortify ScanCentral SAST for remote static analysis (translation and scan). You can also upload and view the results in Fortify Software Security Center. See Adding a Fortify ScanCentral SAST Assessment as a Build Step. With this task, you do not need to install Fortify Static Code Analyzer on the Azure DevOps agent.

To run the translation locally and offload only the scan phase to Fortify ScanCentral SAST, use the Fortify Static Code Analyzer Install task and the Fortify Static Code Analyzer Assessment task (see Getting Started with Fortify Static Code Analyzer Tasks ).

This section contains the following topics: