Configuring local analysis options

Customize the security content and the amount of memory Fortify Static Code Analyzer uses during a local analysis with the analysis settings. You can also specify the SQL type your project uses.

To configure the analysis settings:

1. Select Tools > Fortify > Analysis Settings.

   The Fortify Analysis Settings dialog box opens to the Analysis Configuration tab.

2. To specify the location of OpenText SAST:

   1. Click Browse to the right of Fortify executable path.

   2. Go to <sca_install_dir>/bin/, and select sourceanalyzer.exe (on Windows) or sourceanalyzer (on non-Windows).

   3. Click OK.

3. To specify the amount of memory to use for the scan, in the Memory (MB) box, type an integer.

   Do not allocate more than two thirds of the available physical memory.

4. By default, the OpenText SAST treats SQL files as though they use the T-SQL procedural language on Windows systems and PL/SQL on other platforms. To specify the procedural language for analysis, from the SQL type list, select TSQL or PLSQL.

5. To use specific security content to analyze the project (instead of all the security content):

   1. Under Security Content, clear the Use all installed security content check box.
   2. In the Installed Fortify Security Content list, select the check boxes for the rules to apply during the scan.
   3. If you have custom security content installed, in the Installed Custom Security Content list, select the check boxes for the custom security content you want to apply during the scan.
6. Click OK.

See Also

Configuring Advanced Local Analysis Options