Fortify ScanCentral SAST

The following features have been added to Fortify ScanCentral SAST.

Uploading analysis results to Fortify Software Security Center

You can configure the ScanCentral SAST Controller with a ScanCentral SAST Controller service account created in Fortify Software Security Center. This enables to upload the scan results to Fortify Software Security Center using the Controller service account. In this case, your Software Security Center user accounts do not require the upload analysis results permission.
The start command -uptoken option is no longer required to upload scan results to Fortify Software Security Center if you specify the -sscurl and -ssctoken option pair.

ScanCentral client

You can add JVM system and ScanCentral SAST properties (for clients and sensors) to the ScanCentral client commands by adding the -D option to the SCANCENTRAL_VM_OPTS environment variable. You can add JVM system properties to the environment variable for use by the PackageScanner tool.
You can retrieve your package (job file) from the Controller using the retrieve command --job-file option.
The client start command -sargs option accepts the Fortify Static Code Analyzer -bin option.
The client start command -targs option accepts the Fortify Static Code Analyzer -gotags option.
When packaging PHP projects that use Composer for dependency management, the ScanCentral client will automatically restore the dependencies prior to generating the package.
Support packaging Maven projects that use the -Dmaven.repo.local or

-Dsettings.localRepository properties to configure a non-default local repository location.

Updated build tool support

ScanCentral SAST containers

New ScanCentral SAST Windows Sensor container with Windows Server 2022 as a base image
New database migration container to migrate the ScanCentral SAST Controller database when upgrading