Generating an OpenText ScanCentralSAST package
Use the package command to create a ZIP archive for the specified project. The ZIP archive project package includes the following information:
Libs—Folder that contains the project dependencies (Gradle, Maven, MSBuild, Java, and .NET projects)
Src—Folder that contains the source files
metadata—Specification file that the sensor uses to generate OpenText SAST commands
The following table provides examples of different commands to generate a project package with OpenText ScanCentral SAST client. The examples assume that the command is run from the project's working directory. In these examples, OpenText ScanCentral SAST client creates a package with the name fortifypackage.zip unless the -o option is used to specify a custom package name.
OpenText ScanCentral SAST client can automatically detect the build tool you are using based on the project files being scanned so use of the --build-tool (-bt) option is usually not required.
| Task | Example command |
|---|---|
| Create a package from a dotnet project on Linux. | scancentral package |
| Create a package from an MSBuild project. | |
| Create a package from a dotnet project on Windows. |
|
| Create a package from a Gradle project. | scancentral package |
Create a package from a Maven project with a custom pom.xml file. | scancentral package ‑bfmyCustomPom.xml |
| Create a package from an ABAP project. | scancentral package |
| Create a package from an Apex project. | scancentral package |
| Create a package from a Classic ASP project. | scancentral package |
| Create a package from a COBOL project. | scancentral package -targs "-copydirs copybooks" -targs "-dialect COBOL390" |
| Create a package from a ColdFusion (CFML) project. | scancentral package |
| Create a package from a Java project. | scancentral package |
| Create a package with the name MyPackage.zip from a Java project. | scancentral package -o MyPackage.zip |
(For use with OpenText™ Core Application Security only) Create a package from a Java project and include additional files required for open source software composition analysis. | scancentral package -oss |
| Create a package from a Java project and exclude test source files. | scancentral package -exclude "./src/test/**/*" |
| Create a package from a JavaScript/TypeScript project that only includes the distribution files. | scancentral package -include "./dist/**/*.*" |
| Create a package of all the beta files except for JSON files | scancentral package -include "./beta/*.*" -exclude "./beta/*.json" -o BetaWithoutJSON.zip |
| Generate a package from an Android project in Kotlin that uses the Android plugin. | scancentral package -bt gradle |
| Create a package from a Go project. | scancentral package |
Create a package for only IaC/Dockerfiles. If Dockerfiles are included in a Gradle, Maven, or MSBuild project, then the Docker files are automatically included in the package. | scancentral package |
| Create a package from a PHP project. | scancentral package |
| Create a package from a Python 2 project. | scancentral package -yv 2 -pyr<requirements_file_path> |
Create a package from a Python project under an active virtual environment with dependencies already installed. | scancentral package |
| Create a package from a Python project under an active virtual environment without project dependencies installed. | scancentral package -pyr<requirements_file_path> |
| Create a package from a Python project using an existing Python virtual environment and install project dependencies. | scancentral package -pyv<venv_location> |
| Create a package from a Ruby project. | scancentral package |
| Create a package from a SQL project. |
|
| |
| Create a package from a Visual Basic project. | scancentral package |
See also