OpenText™ ScanCentral SAST

The following features have been added to OpenText ScanCentral SAST.

System requirements

• The System Requirements section has now been separated from the User Guide and placed in a standalone document, like earlier releases.

• Fortify ABAP Extractor is supported on a system running ABAP Platform 2023 / ABAP Version 7.58.
• The Akka compiler plugin is available in the Maven Central Repository for Scala.
• dotnet 6.0–10.x
• MSBuild 14.x–17.14

Supported sensor version

For the 25.4.0 ScanCentral client the supported SAST (sensor) versions are 25.4.x, 26.1.x.

User guide

New way of working with OpenText SAST

• The ScanCentral SAST client is no longer included in the OpenText SAST installer. The ScanCentral Client needs to be installed separately in order to run OpenText SAST as a ScanCentral SAST Sensor.
• In version 25.4.0, if ScanCentral Client is installed into OpenText Static Application Security Testing (Fortify Static Code Analyzer) no additional configuration actions are required. If installed into a different location, the SAST_LOCATION environment variable must point to the OpenText Static Application Security Testing (Fortify Static Code Analyzer) installation directory to use it as a Sensor or to run local translation scans.

• When a remote translation scan is run for an OpenText SAST (Fortify Static Code Analyzer) version which doesn't match the ScanCentral SAST client version (for example, 26.1 OpenText SAST should be used with 25.4 ScanCentral SAST client) the -sastver or --sast-version command line option should be set.

Deploying the Controller on Tomcat

A distribution without an embedded Tomcat is available for ScanCentral SAST Controller.

Print Sensor logs to stdout

Configure client and sensor logging options using environment variables 

Configuration for Debricked CLI

Customize the configuration for Debricked CLI using -dnr or  --debricked-no-resolve