About Clients

A client Requesting program or user in a client/server relationship. For example, the user of a web browser is effectively making client requests for pages from servers all over the web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file. The computer handling the request and sending back the HTML file is a server. is a build machine on which Fortify Static Code Analyzer translates code and generates Fortify Static Code Analyzer mobile build sessions (MBS A mobile build session (MBS file) created in the Fortify Static Code Analyzer translation phase includes the files required for analysis and enables you to scan a project on a different machine (than the translation phase).). The translated source code, along with optional and required data, such as custom rules Rules that extend the functionality of Fortify Static Code Analyzer and the Secure Coding Rulepacks. Custom rules enable you to enforce proprietary security guidelines or analyze a project that uses third-party libraries or other pre-compiled binaries that are not already covered by the Secure Coding Rulepacks. and Fortify Static Code Analyzer command-line arguments, are uploaded to the Controller.

Clients not only translate code and generate MBSs, but can also generate packages with sources and dependencies for remote translation on sensors. (You can use this functionality independent of Fortify Static Code Analyzer.)

Embedded Clients and Standalone Clients

A client can be either an embedded client, which resides on the same machine as Fortify Static Code Analyzer, or a standalone client, which is independent of Fortify Static Code Analyzer.

Within an SCA and Apps Installer for Fortify Static Code Analyzer and component applications. installation, the files used to create ScanCentral SAST sensors Distributed network of computers set up to receive Fortify Static Code Analyzer mobile build sessions and scan instructions (or project packages with translation and scan instructions) from the ScanCentral SAST clients and scan code using Fortify Static Code Analyzer. If your applications are written in a supported language, the sensors can also perform the translation phase. of the analysis. and embedded clients are the same. The only difference is how you invoke their functionality from the command line. To use ScanCentral SAST as a sensor, you run ScanCentral SAST using the worker command. To use ScanCentral SAST as a client to initiate a scan, you invoke it using the start command. Sensor functionality depends on Fortify Static Code Analyzer. So, you can have a standalone client ScanCentral SAST client that runs outside of SCA and Apps., but not a standalone sensor.

The interface for issuing Fortify ScanCentral SAST commands is installed on your clients. You can use this interface to create or identify a Fortify Static Code Analyzer mobile build session A mobile build session (MBS file) created in the Fortify Static Code Analyzer translation phase includes the files required for analysis and enables you to scan a project on a different machine (than the translation phase)., set the parameters for the scan, and communicate your intentions to the ScanCentral Controller Server that receives the Fortify Static Code Analyzer mobile build sessions and scan instructions from the ScanCentral SAST clients (or project packages with translation and scan instructions), routes the information to ScanCentral SAST sensors, and (optionally) uploads scan results (FPR files) to Fortify Software Security Center..