Regular expression analysis

Regular expression (regex) analysis provides the ability for using regular expression rules to detect vulnerabilities in both file content and file names. This analysis can detect vulnerable secrets such as passwords, keys, and credentials in project files.

Regex analysis is language agnostic and therefore it might detect vulnerabilities in file types that OpenText SAST does not officially support.

Regex analysis recursively examines all file paths and path patterns included in the translation phase. Every file found is analyzed unless it is specifically excluded. To manage the files that are included in regex analysis, the following options are available:

Exclude any file or directory with the -exclude option in the translation phase.

For more information about this option, see Translation Options.
By default, regex analysis excludes all detectible binary files. To include binary files in the analysis, add the following property to the fortify-sca.properties file (or include this property on the command line using the -D option):
```
com.fortify.sca.regex.ExcludeBinaries = false
```
By default, regex analysis excludes files larger than 10 MB to ensure that the scan time is acceptable. You can change the maximum file size (in megabytes) with the following property:
```
com.fortify.sca.regex.MaxSize = <max_file_size_mb>
```

Regex analysis is enabled by default. To disable regex analysis, add the following property to the fortify-sca.properties file or include it on the command line:

com.fortify.sca.regex.Enable = false

Regex Analysis Properties