Configuring advanced local analysis options

Use the advanced analysis options to customize OpenText SAST translation and scan command-line options. You can also specify whether quick scan mode is enabled, if issues are merged during a rescan, if resources in dependent projects are scanned, and the location for the analysis results file. These options are available only if the analysis plugin is installed.

To change the advanced analysis options:

  1. Select Fortify > Options.

  2. In the left pane, select Default Project Configuration.

  3. Select the Advanced Analysis Options tab.

    This configuration requires that you specify local installation path for OpenText SAST. You can configure the location of the OpenText SAST executable file on the Security Content Management page.

    Advanced Analysis Options tab

  4. To scan only the selected project, clear the Scan resources in dependent projects check box.

    By default, the Fortify Plugin for Eclipse includes all source files from dependent projects in scans of selected projects. For more information, see Viewing the Resources and Classpath to be Scanned.

  5. Select the Use additional SCA options check box and type command-line options for either the translation or scan phase.

    For example, if you include the -verbose command-line option, detailed status messages are sent to the console during the analysis.

    For information about the available command-line options and the proper syntax, see the OpenText™ Static Application Security Testing User Guide.

  6. To perform a quick scan, select the Enable quick scan mode check box.

    For more information about quick scans, see About Quick Scan Mode.

  7. To disable merging the results of the next scan you run with results from the previous scan, clear the Merge with previous scan check box.

    For more information about merging analysis results with rescanning, see Rescanning Projects.

  8. To change the default directory and FPR file name for all projects, do one of the following:

    • In the Output results to box, type the absolute path for FPR files.

    • To specify a name and a static workspace folder for FPR files, click Workspace, and then, in the Folder Selection dialog box, navigate to and select a workspace relative directory.

    • To specify a name and a static folder that is not part of your workspace, click File System, and then select a directory for FPR files.

    • To specify a name and a dynamic path that changes based on the project you are analyzing, click Variables, and then, in the Select Variable dialog box, select core Eclipse variables to specify the relative path for FPR files.

    To change the default directory and FPR file name for a specific project, use the Eclipse Properties window (see Configuring Analysis Options for Specific Projects).

  9. Click OK to save the advanced analysis options.