Creating a Dockerfile to install OpenText SAST

This topic describes how to create a Dockerfile to install OpenText SAST in a Docker image.

The Dockerfile must include the following instructions:

  1. Set a Linux system to use for the base image.

    If you intend to use build tools when you run OpenText SAST, make sure that the required build tools are installed in the image. For information about using the supported build tools, see Build integration.

  2. Copy the OpenText SAST installer, the Fortify license file, and installation options file to the Docker image using the COPY instruction.

    For instructions on how to create an installation options file, see Installing OpenText SAST silently.

  3. Run the OpenText SAST installer using the RUN instruction.

    You must run the installer in unattended mode. For more information, see Installing OpenText SAST silently.

  4. Run fortifyupdate to install the Fortify security content using the RUN instruction.

    OpenText SAST requires installation of the Fortify security content to perform analysis of projects. The following example installs Fortify security content from a previously downloaded local file during the build of the image. For more information about downloading and installing Fortify security content using the fortifyupdate tool, see Manually installing Fortify security content.

  5. To configure the image so you can run OpenText SAST, set the entry point to the location of the installed sourceanalyzer executable using the ENTRYPOINT instruction.

    The default sourceanalyzer installation path is: /opt/Fortify/OpenText_SAST_Fortify_<version>/bin/sourceanalyzer.

The following is an example of a Dockerfile to install OpenText SAST: 

FROM ubuntu:18.04
WORKDIR /app 
ENV APP_HOME="/app" 
ENV RULEPACK="MyRulepack.zip"

COPY fortify.license ${APP_HOME}
COPY OpenText_SAST_Fortify_linux-x64_25.2.0.run ${APP_HOME}
COPY optionFile ${APP_HOME} 
COPY ${RULEPACK} ${APP_HOME}

RUN ./OpenText_SAST_Fortify_linux-x64_25.2.0.run --mode unattended \
 --optionfile "${APP_HOME}/optionFile" && \
  /opt/Fortify/OpenText_SAST_Fortify_25.2.0/bin/fortifyupdate -import ${RULEPACK} && \
  rm OpenText_SAST_Fortify_linux-x64_25.2.0.run optionFile
 
ENTRYPOINT ["/opt/Fortify/OpenText_SAST_Fortify_25.2.0/bin/sourceanalyzer"]

To create the docker image using the Dockerfile from the current directory, you must use the docker build command. For example:

docker buildx build -f <docker_file> -t <image_name> "."