Start command

Use the start command to perform a remote scan, or to perform a remote translation and scan.

Start command option	Description
Options for all scan requests
`-upload`, `--upload-to-ssc`	Uploads the scan results to Application Security after completion. For more information about uploading scan results, see Uploading results to Application Security.
`-application <name>`	Specifies the Application Security application name. The `<name>` value is case-sensitive.
`-version`, `--application-version <name>`	Specifies the Application Security application version name. The `<name>` value is case-sensitive.
`-versionid`, `--application-version-id <id>`	Specifies the Application Security application version ID.
`-uptoken`, `--ssc-upload-token <token>`	Specifies the Application Security authentication token of type ScanCentralCtrlToken, which is only required if you are uploading scan results and specify the Controller with the global `-url` option. If the `pool_mapping_mode` property is set to `disabled`, you can also use a token of type AnalysisUploadToken. For information about how to acquire authentication tokens, see the OpenText™ Application Security User Guide.
`-fprssc`, `--fpr-filename-on-ssc <file>`	Specifies the name to use for the FPR file uploaded to Application Security. For more information about this option, see Specifying a scan results (FPR) file name.
`-dr`, `--disallow-replacement`	Prevents a scan job from being replaced because it is a duplicate (targeted for upload to the same application version as an existing queued scan job). For more information about this option, see Preventing replacement of duplicate scan requests.
`-block`	Waits for the job to complete, and then downloads the scan results from the Controller.
`-f`, `--output-file <file>`	Specifies the name for the local FPR file output. Use with the `-block` option to specify the name for the local FPR file output after a scan is completed.
`-diag`, `--diagnosis <zip_file>`	Generates a ZIP file that includes debug log information from client, sensor, and OpenText SAST that Customer Support requires to analyze any problems you might encounter. For more information about this option, see Creating Archive Logs for Customer Support.
`-email <address>`	Specifies the address for job status notifications. To send the notification to multiple email addresses, specify a colon-, comma-, or semicolon-separated list of email addresses. You can specify a maximum of 100 email addresses. For example: -email userA@example.com:userB@example.com Use of a colon to separate multiple email addresses works in most shells. If you use shell that interprets colon, comma, or semicolon as a delimiter, then you must enclose multiple email addresses in quotes. For example: -email "userA@example.com;userB@example.com"
`-filter <file>`	Specifies a filter file to use during a scan (repeatable).
`-log`, `--log-file <file>`	Specifies a file name for the local log file after the scan is complete.
`-slog`, `--sensor-log-file <file>`	Use with the `-block` option to specify the file name for the local sensor log output.
`-j`, `--job-file <file>.zip`	Specifies a file name for the local job file that was submitted to OpenText ScanCentral SAST for analysis. The job file for remote translation contains the project package (sources, dependencies, and metadata). The job file for local translation contains the mobile build session (MBS) file. Use with the `-block` option.
`-o`, `--overwrite`	Overwrites the existing FPR or log with new data.
`-projtl`, `--project-template <file>`	Specifies an issue template file to include.
`-pi`, `--poll-interval <n>`	Specifies how often (in seconds) to poll the processing status. The valid range for <n> is from `10` to `60`.
`-pool`, `--submit-to-pool <uuid>` \| <pool_name>	Specifies a specific sensor pool for the scan request. You can specify the sensor pool by either the UUID or the pool name.
`-sto`, `--scan-timeout <n>`	Specifies the maximum amount of time (in minutes) a sensor can work on an assigned job (and prevent the sensor from doing other work). Use of this option has a higher priority than the `scan_timeout` property setting in the `config.properties` file.
`-rules <file/dir>`	Specifies a custom rules file or directory to use during the scan (repeatable).
`-sp`, `--save-package <file>`	Specifies the project package file to save after submitting the scan request. The <file> must have a `*.zip` extension. This project package contains the following information: Libs—Folder that contains the project dependencies (Gradle, Maven, MSBuild, Java, and .NET projects) Src—Folder that contains the source files metadata—Specification file that the sensor uses to generate OpenText SAST commands
Options for local translation and remote scan requests
`-b`, `--build-id <id>`	Specifies the build ID of a previously translated project to upload to the Controller for analysis.
`-mbs <file>`	Specifies a mobile build session file for a previously translated project to upload to the Controller for analysis.
`-projroot`, `--project-root <dir>`	Specifies the project directory for the mobile build session export.
`-scan`	Sets the point beyond which all options are for OpenText SAST.
Options for remote translation and scan requests
`-p`, `--package <file>`	Specifies the project package file to upload to the Controller (see Package Command).
`-bt`, `--build-tool <name>`	Specifies the build tool used for the project. The valid values for <name> are `dotnet`, `gradle`, `msbuild` (Windows only), `mvn`, or `none`. The following example specifies a maven project with build parameters: -bt mvn -bc "package --setting custom.xml" If not specified, OpenText ScanCentral SAST automatically detects the build tool based on the project files being scanned.
`-bc`, `--build-command <commands>`	(For use with Maven, Gradle, dotnet, and MSBuild) Specifies custom build parameters for preparing and building a project. The following example build command starts a Gradle build before packaging the project: -Prelease=true clean customTask build If you use the `-bc` option and the build fails, OpenText ScanCentral SAST stops working on the build. (Gradle only) If you do not use `-bc`, the default command, default tasks, and target are invoked. If the build fails, OpenText ScanCentral SAST displays a warning, but continues to work and then displays a message to indicate that the build procedure failed and your results might be incomplete.
`-bf`, `--build-file <file>`	Specifies the build file if you are not using a default name such as `build.gradle` or `pom.xml`.
`-q`, `--quiet`	Prevents the printing to stdout from the build execution.
`-skipBuild`	Disables the project preparation build step if your projects uses Gradle or Maven before packaging. If you use this option, any `-bc` option specified is ignored. If your project does not use a build tool, you can use this option to prevent OpenText ScanCentral SAST from automatically restoring dependencies using a package manager (for languages such as Go, JavaScript/TypeScript, PHP, and Python).
`-t`, `--include-test`	Includes the test source set (Gradle), the test scope (Maven), or projects in your solution that reference NUnit, xunit, or MSTest (.NET).
`-exclude <file_paths>`	Specifies files or directories (with absolute or relative path, or Ant-style path pattern) to exclude from the analysis (repeatable). Separate multiple file paths with semicolons (Windows) or colons (Linux). For example, you might use this option to exclude a few test files from the analysis.
`-include <file_paths>`	Specifies files or directories (with absolute or relative path, or Ant-style path pattern) to include in the analysis (repeatable). Only file paths for files within the current working directory are included. Separate multiple file paths with semicolons (Windows) or colons (Linux). For example, you might use this option if you have only a few files you want to include in the analysis. You can combine this option with the `-exclude` option to exclude specific files from the included path. See Submitting remote translation and scan requests for example commands.
`-hv`, `--php-version <version>`	Specifies the PHP version. If not specified, OpenText ScanCentral SAST automatically detects the installed PHP version.
`-pyr`, `--python-requirements <file>`	Specifies the Python project requirements file to install and collect dependencies.
`-pyv`, `--python-virtual-env <dir>`	Specifies the Python virtual environment location.
`-yv`, `--python-version <version>`	Specifies the Python version. The valid values are `2` and `3`. This option is ignored if OpenText ScanCentral SAST client is started under a Python virtual environment or if `--python-virtual-env` is specified.
`-targs`, `--translation-args <translation_option>`	Specifies an OpenText SAST translation option (repeatable). For multiple translation options, use multiple `-targs` options. If the translation option has a path parameter that includes a space, enclose the path in single quotes. For a list of OpenText SAST options you can use with the `-targs` option, see Options accepted for -targs (‑‑translation-args). If you use the `-targs` option with the `--package` option, OpenText ScanCentral SAST ignores it and informs you with a message.
`-sargs`, `--scan-args <scan_option>`	Specifies an OpenText SAST scan option (repeatable). For multiple scan options, use multiple `-sargs` options. If the scan option has a path parameter that includes a space, enclose the path in single quotes. For a list of OpenText SAST options you can use with the `-sargs` option, see Options accepted for -sargs (--scan-args).
`-sastver`, `--sast-version <version>`	Specifies the <year>.<quarter> OpenText SAST version to assign the remote translation and scan job. For more information about the supported OpenText SAST versions, see the Application Security Software System Requirements document.