About Analyzing the source code

A OpenText SAST security analysis includes the following phases:

• Translate the source code into intermediate files
• Scan the intermediate files to complete the security analysis

There are two ways to analyze your source code:

• Use a locally installed OpenText SAST to perform the entire analysis (translation and scan phases). For information about how to configure and run the analysis locally, see About Scanning Locally.

  To view the analysis results, upload the analysis results to a Fortify Software Security Center server by doing either of the following:

  • Automatically upload your changes each time you scan your project (see Synchronizing with Fortify Software Security Center).

  • Manually upload the analysis results (see Uploading Analysis Results to Fortify Software Security Center).

  You can also open the analysis results (FPR) file in OpenText™ Fortify Audit Workbench.

• Use ScanCentral SAST to perform the entire analysis (translation and scan phases) or only the scan phase. For information about how to configure and run the analysis using ScanCentral SAST, see Scanning with ScanCentral SAST.

  If you use ScanCentral SAST to perform only the scan phase, then the Fortify Analysis Plugin performs the translation phase using a locally installed OpenText SAST.

  To view the analysis results, configure the Fortify Analysis Plugin to upload the analysis results to a Fortify Software Security Center server. Alternatively, you can use the provided job token in the ScanCentral SAST command-line interface to retrieve the analysis results (FPR) file (see the OpenText™ ScanCentral SAST Installation, Configuration, and Usage Guide). You can then open the analysis results file in Fortify Audit Workbench.