Scanning PHP projects

If your PHP project uses the Composer dependency manager and you want to include dependencies in the analysis, then do the following on the client machine:

• Install PHP and Composer

• Configure the php.ini to run Composer for your project

This enables OpenText ScanCentral SAST client to invoke Composer to restore the dependencies before packaging the project for analysis. To prevent OpenText ScanCentral SAST from automatically restoring dependencies, include the -skipBuild option in the scan request command. If Composer already restored the dependencies before running OpenText ScanCentral SAST, they are included in the project package that is sent to the Controller. If Composer is not configured for your project, then OpenText ScanCentral SAST packages the project without restoring the dependencies.