Fortify ScanCentral SAST

You can use OpenText™ Fortify ScanCentral SAST to manage your resources by offloading the OpenText SAST analysis phase from build machines to a collection of machines provisioned for this purpose. For most languages, Fortify ScanCentral SAST can perform both the translation and the analysis (scan) phases. Users of Fortify Software Security Center can direct Fortify ScanCentral SAST to output the FPR file directly to the server. You have the option to install a Fortify ScanCentral SAST client when you install OpenText SAST.

You can analyze your code in one of two ways:

• If your application is written in a language supported for Fortify ScanCentral SAST translation, you can offload the translation and analysis (scan) phase of the analysis to Fortify ScanCentral SAST.
• Perform the translation phase on a local build machine and generate a mobile build session (MBS). Start the scan with Fortify ScanCentral SAST using the MBS file. In addition to freeing up the build machines, this process gives you the ability to expand the system by adding more resources as needed, without having to interrupt the build process. For more information about MBS, see Using mobile build sessions.

For information about the specific supported languages for translation and how to configure and use Fortify ScanCentral SAST, see the OpenText™ Fortify ScanCentral SAST Installation, Configuration, and Usage Guide.