Translating without explicitly running OpenText SAST
You have the option to translate your Visual Studio project without invoking OpenText SAST directly. This requires the Fortify.targets file, which is located in <sast_install_dir>\Core\private-bin\sca\MSBuildPlugin in the DotNet and Framework directory. You can specify the file using an absolute or relative path in the build command line that builds your project. Use the path with the Dotnet or Framework directory depending on the build command you are using: dotnet.exe or MSBuild.exe respectively. For example:
dotnet.exe msbuild /t:rebuild /p:CustomAfterMicrosoftCommonTargets=<sast_install_dir>\Core\private-bin\sca\MSBuildPlugin\Dotnet\Fortify.targets Sample.slnor
msbuild.exe /t:rebuild
/p:CustomAfterMicrosoftCommonTargets=<sast_install_dir>\Core\private-bin\sca\MSBuildPlugin\Framework\Fortify.targets Sample.slnThere are several environment variables that you can set to configure the translation of your project. Most of them have default values, which OpenText SAST uses if the variable is not set. These variables are listed in the following table.
| Environment variable | Description | Default value |
|---|---|---|
FORTIFY_MSBUILD_BUILDID | Specifies the OpenText SAST build ID for translation. Make sure that you set this value. This is equivalent to the OpenText SAST | None |
FORTIFY_MSBUILD_DEBUG | Enables debug mode. This is equivalent to the OpenText SAST | False |
FORTIFY_MSBUILD_DEBUG_VERBOSE | Enables verbose debug mode. This is equivalent to the OpenText SAST | False |
FORTIFY_MSBUILD_MEM | Specifies the memory requirements for translation in the form of the JVM | Automatic allocation based on physical memory available on the system |
FORTIFY_MSBUILD_SCALOG | Specifies the location (absolute path) of the OpenText SAST log file. This is equivalent to the OpenText SAST |
|