Skip to main content

Changing SAST module configuration

If you wish, you can change SAST module analyzers. Each analyzer is responsible for the processing of different languages/file types:

  • Java.module: Java, Scala, Kotlin, Android
  • Matcher.module: ABAP, Apex, C#, COBOL, Dart, Delphi, GO, Groovy, HTML, JavaScript, LotusScript, Pascal, PHP, PL/SQL, Python, Perl, Ruby, Rust, Solidity, Swift, T SQL, TypeScript, VB.NET, VBA, VBScript, Visual Basic, Vyper
  • Regex.module, Xml.module: config files
  • CFamilyLinux.module: C, C++
  • CcppBin.module: .exe, .dll files (exclusively for C/C++)
  • iOS.bin.module: .ipa files

To change the configuration, edit /opt/derscanner/core/sast/configs/sast-daemon.env on the host with the SAST module deployed. By default, all analyzers are active. To exclude, put a string with the analyzer's name and an empty string value ("") to the end of the file. To apply changes, restart SAST module service:

sudo systemctl restart derscanner-sast.service

E.g.:

If you wish to disable analysis of Java, Scala, Kotlin, Android (Java.module), put: Java.module="" to the end of the file.

If you wish to disable analysis of C/C++ (CFamilyLinux.module) and Java, Scala, Kotlin, Android (Java.module), put: Java.module="" CFamilyLinux.module="" to the end of the file.

Changes will be applied only to the selected host.