Scanning with ScanCentral SAST

This section describes the requirements, configuration, and procedure to use ScanCentral SAST to analyze your code and upload the analysis results to Fortify Software Security Center.

With the Fortify Analysis Plugin and ScanCentral SAST, you can either:

• Perform the entire analysis (translation and scan) remotely with ScanCentral SAST

• Perform the translation locally and then automatically upload the translated project to ScanCentral SAST for the scan phase

  You must translate the project locally if it uses a language that ScanCentral SAST does not support in remote translation. For a list of supported languages, see the Fortify Software System Requirements document.

  You must have a locally installed and licensed OpenText SAST to perform the translation phase.

  Make sure that the Fortify Security Content version on the local system is the same as the version on the Fortify ScanCentral sensor. OpenText strongly recommends that you periodically update the security content. For information about how to update the security content locally, see Updating Fortify Security Content. Use the fortifyupdate utility to update security content on the ScanCentral SAST sensor (see the OpenText™ Static Application Security Testing User Guide).

This section contains the following topics: