Installing ScanCentral SAST Clients
Unless you use a language that supports offloading the translation phase of analysis to your sensors, you must have a licensed copy of Fortify Static Code Analyzer on each of the machines you plan to use as ScanCentral SAST clients. If you use a language that supports offloading the translation phase of analysis to your sensors, you can install standalone clients, independent of Fortify Static Code Analyzer.
The languages and container configurations that are supported for offloading the translation phase of analysis are:
- Python
- Go
- Ruby
- JavaScript
- PHP
- Java
-
ABAP (Advanced Business Application Programming)
-
Apex (Salesforce)
-
Classic ASP (ASP Classic)
- Adobe ColdFusion
-
PL/SQL / T-SQL
-
Microsoft TypeScript
-
Visual Basic 6.0
- .NET applications (C#, VB.NET, .NET Core, ASP.NET, and .NET Standard)
- Dockerfiles
Caution! As you specify an installation path, make sure that the path name contains no spaces.
Creating a Standalone Client
If you plan to offload both the translation and scanning phases of analysis to your ScanCentral SAST sensors, you can use standalone clients.
Important! Before you install a standalone client
ScanCentral SAST client that runs outside of SCA and Apps., you must first download and configure a Java Runtime Environment (JRE) on the machine on which you plan to install it. For information about supported JRE versions, see the Micro Focus Fortify Software System Requirements guide. For information about how to download and configure a JRE, see the documentation for the supported JRE version.
To install a standalone client Requesting program or user in a client/server relationship. For example, the user of a web browser is effectively making client requests for pages from servers all over the web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file. The computer handling the request and sending back the HTML file is a server. (independent of Fortify Static Code Analyzer):
-
Extract the contents of the
Fortify_ScanCentral_Client_<version>_x64.zipfile to any directory on your machine. -
On the machine to which you extracted the
Fortify_ScanCentral_Client_<version>_x64.zipfile, install JRE 11. -
Set the
JAVA_HOMEenvironment variable Building blocks for performance indicators; storage for measurement values that count issues, conditions, and similar categories of numeric data. to point to JRE 11, and make sure that you add the java executable to the PATHenvironment variable.Important! If you have a Java 8 project that fails to build because ScanCentral SAST requires Java 11 to run, set the
SCANCENTRAL_JAVA_HOMEenvironment variable to point Java 11. After you do, ScanCentral SAST runs correctly, and the build runs with theJAVA_HOMEset to Java 8.
Placing Multiple Standalone Clients Under the Controller
You can place multiple standalone clients of different supported versions in the Controller. To do this:
-
Place any number of client ZIP files for any and all supported versions into the
<controller_dir>/tomcat/clientdirectory.
The ZIP file names themselves are unimportant. On startup, the Controller parses the available clients.
To install a patch for a given client or sensor version installed on the Controller, place the patch ZIP file into the <controller_dir>/tomcat/client directory. If auto-upgrade is enabled, the clients of that version are automatically upgraded with the patch. For information about how to enable or disable automatic updates of your clients and sensors, see Enabling and Disabling Auto-Updates of Clients and Sensors.
Installing an Embedded Client Using Fortify Static Code Analyzer
Use the following procedure to install an embedded client (client included with SCA and Apps) if you do not plan to offload project translation to your sensors.
To install an embedded client ScanCentral client that comes with SCA and Apps.:
- Log on to a build machine using credentials for an account that is not an administrator or root account.
-
Use the instructions provided in the Micro Focus Fortify Static Code Analyzer User Guide to install Fortify Static Code Analyzer and applications on your build machine.
Upgrading a Client
Important! Fortify recommends that your standalone ScanCentral SAST clients Build machines that use Fortify Static Code Analyzer to translate code and generate a mobile build session (MBS) file. The MBS is uploaded to the ScanCentral Controller. The interface for issuing ScanCentral SAST commands is installed on the build machine, is used to create an MBS, and communicate your intentions to the ScanCentral Controller. and your Fortify Static Code Analyzer installation be the same version.
To upgrade a standalone client (independent of Fortify Static Code Analyzer):
-
Delete the client, and then extract the
Fortify_ScanCentral_Client_<version>_x64.zipfile to any directory on the machine.Or,
- Extract the contents of the
Fortify_ScanCentral_Client_<version>_x64.zipfile on top of the existing client.
To upgrade an embedded client that resides on the same machine as Fortify Static Code Analyzer:
- Log on to the build machine using credentials for an account that is not an administrator account or root.
-
Back up the following directories:
<sca_install_dir>/bin<sca_install_dir>/Core/lib<sca_install_dir>/Core/config
-
Upgrade Fortify Static Code Analyzer. For instructions on how to install and upgrade Fortify Static Code Analyzer, see the Micro Focus Fortify Static Code Analyzer User Guide.
-
Accept all overwrite requests.
Note: On a Linux system, you may also need to run
chmod +x ScanCentral(in the<sca_install_dir>/bin/ScanCentraldirectory).
Tip: After you configure a client, you can copy the configuration files and use them to create other clients.
See Also
(Windows only) Configuring Sensors to Offload Translation for .NET Languages
Configuring Sensors to Use the Progress Command when Starting on Java