Analysis options

The following table describes the analysis options.

Analysis option	Description
`-b <build_id>`	Specifies the build ID used in a prior translation command. Equivalent property name: `com.fortify.sca.BuildID`
`-scan`	Causes OpenText SAST to perform a security analysis for the specified build ID.
`-scan-policy` `<policy_name>` \| `-sc` `<policy_name>`	Specifies a scan policy for the analysis. The valid policy names are `classic`, `security`, and `devops`. For more information, see Applying a scan policy to the analysis. Equivalent property name: `com.fortify.sca.ScanPolicy`
`-analyzers <analyzer_list>`	Specifies the analyzers you want to enable with a colon- or comma-separated list of analyzers. The valid analyzer names are `buffer`, `content`, `configuration`, `controlflow`, `dataflow`, `nullptr`, `semantic`, and `structural`. You can use this option to disable analyzers that are not required for your security requirements. Equivalent property name: `com.fortify.sca.DefaultAnalyzers`
`-p <level>` \| `-scan-precision <level>`	Uses speed dial to scan the project with a scan precision level. The lower the scan precision level, the faster the scan performance. The valid values are `1`, `2`, `3`, and `4`. For more information, see Configuring scan speed with speed dial. Equivalent property name: `com.fortify.sca.PrecisionLevel`
`-project-root`	Specifies the directory to store intermediate files generated in the translation and analysis phases. OpenText SAST makes extensive use of intermediate files located in this project root directory. In some cases, you can achieve better performance for analysis by making sure this directory is on local storage rather than on a network drive. Equivalent property name: `com.fortify.sca.ProjectRoot`
`-project-template <file>`	Specifies the issue template file to use for the scan. This only affects scans on the local machine. If you upload the FPR to Fortify Software Security Center, it uses the issue template assigned to the application version. Equivalent property name: `com.fortify.sca.ProjectTemplate`
`-quick`	Quickly scan the project for critical- and high-priority issues using the `fortify-sca-quickscan.properties` file, which provides a less in-depth analysis. By default, quick scan disables the Buffer Analyzer and the Control Flow Analyzer. In addition, it applies the Quick View filter set. For more information, see Quick scan. Equivalent property name: `com.fortify.sca.QuickScanMode`
`-filter <file>`	Specifies a results filter file. For more information, see Filtering the analysis. Equivalent property name: `com.fortify.sca.FilterFile`
`-bin <binary>` \| `-binary-name <binary>`	Specifies a subset of source files to scan. Only the source files that were linked in the named binary at build time are included in the scan. You can use this option multiple times to specify the inclusion of multiple binaries in the scan. Equivalent property name: `com.fortify.sca.BinaryName`
`-disable-default-rule-type <type>`	Used to test custom rules. Disables all rules of the specified type in the default Rulepacks. You can use this option multiple times to specify multiple rule types. The `<type>` parameter is the XML tag minus the suffix `Rule`. For example, use `DataflowSource` for DataflowSourceRule elements. You can also specify specific sections of characterization rules, such as `Characterization:Control flow`, `Characterization:Issue`, and `Characterization:Generic`. The `<type>` parameter is case-insensitive.
`-no-default-issue-rules`	Used to test custom rules. Disables rules in default Rulepacks that lead directly to issues. OpenText SAST still loads rules that characterize the behavior of functions. Note: This is equivalent to disabling the following rule types: DataflowSink, Semantic, Controlflow, Structural, Configuration, Content, Statistical, Internal, and Characterization:Issue. Equivalent property name: `com.fortify.sca.NoDefaultIssueRules`
`-no-default-rules`	Used to test custom rules. Disables loading of rules from the default Rulepacks. OpenText SAST processes the Rulepacks for description elements and language libraries, but processes no rules. Equivalent property name: `com.fortify.sca.NoDefaultRules`
`-no-default-source-rules`	Used to test custom rules. Disables source rules in the default Rulepacks. Note: Characterization source rules are not disabled. Equivalent property name: `com.fortify.sca.NoDefaultSourceRules`
`-no-default-sink-rules`	Used to test custom rules. Disables sink rules in the default Rulepacks. Note: Characterization sink rules are not disabled. Equivalent property name: `com.fortify.sca.NoDefaultSinkRules`
`-rules <file>` \| `<dir>`	Specifies a custom Rulepack or directory. You can use this option multiple times to specify multiple Rulepack files. If you specify a directory, OpenText SAST includes all the files in the directory with the `.bin` and `.xml` extensions. Equivalent property name: `com.fortify.sca.RulesFile`