Running the container

This topic describes how to run the OpenText SAST image as a container and provides example Docker run commands for translation and scan.

When you run OpenText SAST in a container and especially if you also leverage runtime container protections, make sure that OpenText SAST has the appropriate permission to run build commands (for example, javac).

To run the OpenText SAST image as a container, you must mount two directories from the host file system to the container:

The directory that contains the source files you want to analyze.
A temporary directory to store the OpenText SAST build session between the translate and scan phases and to share the output files (logs and FPR file) with the host.
Specify this directory using the –project-root command-line option in both the OpenText SAST translate and scan commands.

The following example commands mount the input directory /sources in /src and the temporary directory in /scratch_docker. The image name in the example is fortify-sast.

Example Docker run commands for translation and scan

The following example mounts the temporary directory and the sources directory, and then runs OpenText SAST from the container for the translation phase:

docker run -v /scratch_local/:/scratch_docker -v /sources/:/src 
-it fortify-sast –b MyProject -project-root /scratch_docker [<sca_options>] /src

The following example mounts the temporary directory, and then runs OpenText SAST from the container for the analysis phase:

docker run -v /scratch_local/:/scratch_docker 
-it fortify-sast –b MyProject -project-root /scratch_docker –scan [<sca_options>] –f /scratch_docker/MyResults.fpr

The MyResults.fpr output file is created in the host's /scratch_local directory.