Java and Kotlin properties

com.fortify.sca.
JavaClasspath

Specifies the class path used to analyze Java or Kotlin source code. Separate multiple paths with semicolons (Windows) or colons (non-Windows).

Value type: String (paths)

Default: (none)

Command-line option: -cp or -classpath

Specifies the Java source code version for Java or Kotlin translation.

Value type: String

Default: 11

Command-line option: -jdk or -source

Specifies a directory that contains a JDK version that is not included in the OpenText SAST installation (<sast_install_dir>/Core/bootcp/).

Value type: String (path)

Default: (none)

Command-line option: -custom-jdk-dir

com.fortify.sca.
JavaSourcepath

Specifies a semicolon- (Windows) or colon-separated (non-Windows) list of Java or Kotlin source file directories that are not included in the scan but are used for name resolution. The source path is similar to class path, except it uses source files rather than class files for resolution.

Value type: String (paths)

Default: (none)

Command-line option: -sourcepath

Specifies the application server to process JSP files. The valid values are weblogic or websphere.

Value type: String

Default: (none)

Command-line option: -appserver

com.fortify.sca.
AppserverHome

Specifies the application server's home directory. For WebLogic, this is the path to the directory that contains server/lib. For WebSphere, this is the path to the directory that contains the JspBatchCompiler script.

Value type: String (path)

Default: (none)

Command-line option: -appserver-home

com.fortify.sca.
AppserverVersion

Specifies the version of the WebLogic or WebSphere application server.

Value type: String

Default: (none)

Command-line option: -appserver-version

com.fortify.sca.
JavaExtdirs

Specifies directories to include implicitly on the class path for WebLogic and WebSphere application servers.

Value type: String

Default: (none)

Command-line option: -extdirs

com.fortify.sca.
JavaSourcepathSearch

If set to true, OpenText SAST only translates Java source files that are referenced by the target file list. Otherwise, OpenText SAST translates all files included in the source path.

Value type: Boolean

Default: true

Specifies semicolon- or colon-separated list of directories of commonly used JAR files. JAR files located in these directories are appended to the end of the class path option (-cp).

Value type: String

Default: default_jars

If set to true, Java bytecode is decompiled for the translation.

Value type: Boolean

Default: false

com.fortify.sca.
jsp.UseSecurityManager

If set to true, the JSP parser uses JSP security manager.

Value type: Boolean

Default: true

com.fortify.sca.
jsp.DefaultEncoding

Specifies the encoding for JSPs.

Value type: String (encoding)

Default: ISO-8859-1

If set to true, enables additional filtering on JSP-related dataflow to reduce the amount of spurious false positives detected.

Value type: Boolean

Default: false

Command-line option: -legacy-jsp-dataflow

Specifies the generation of the DefaultImpls class for methods with bodies in Kotlin interfaces. The valid values are:

• disable—Specifies to generate the DefaultImpls class for each interface that contains methods with bodies.

• all—Specifies to generate the DefaultImpls class if an interface is annotated with @JvmDefaultWithCompatibility.

• all-compatibility—Specifies to generate the DefaultImpls class unless an interface is annotated with @JvmDefaultWithoutCompatibility.

Value type: String

Default: disable

If set to true, displays any unresolved types, fields, and functions referenced in translated Java source files at the end of the translation.

Value type: Boolean

Default: false

Command-line option: -show-unresolved-symbols