Skip to main content

Changing the number of threads and RAM for analysis

During operations, the SAST module launches various static analyzers: Java, Matcher, Regex, Xml, CFamilyNix, CcppBin, iOS.bin, CFamilyWin. RAM allocated for the analysis is restricted in the configuration files. By default, analysis is performed in a single thread, which means that only one analyzer can be launched at any given moment of time.

To scan big or difficult projects, an upgrade might be considered. To speed up processing of multilanguage projects or run multiple scans simultaneously (given that every project will trigger only one task (analyzer)), either increase the number of threads on the host with the SAST module deployed, or set up an additional server(s). A single server with 2 threads performs in the same capacity as 2 servers with 1 thread each. Either way, the system will be able to run 2 task (analyzers) simultaneously.

Please notice:

If you configure multiple threads (e.g., 2) on one host, take into consideration that 2 tasks can be launched in a given moment of time, which could require necessary RAM, configured in the analyzers' settings. An extra 20% RAM should be allocated for OS operations, from the memory pool designated to the analyzers. If other modules (APP, DAST, SCA) are deployed on the same module, their resources consumption should also be taken into account.

Example:

To configure a second thread for a single server with only SAST module installed, RAM should be increased by 22 GB per thread * 2 threads = 44 GB + 20% for JVM service = 53 GB + 2-4 GB for OS processes = 57 GB RAM. Allocated CPU should also be doubled.

To change the number of analysis threads and RAM size per thread:

  1. Connect to the host with the SAST module deployed.

  2. Open configuration file: /opt/derscanner/core/sast/configs/sast-daemon.env

  3. Change the number of analysis threads to desired: daemonThreads=....

    Figure 10.78: daemonThreads
    Figure 10.78: daemonThreads

  4. Change allocated memory resources to desired: Matcher.memory=....

    Figure 10.79: Matcher.memory
    Figure 10.79: Matcher.memory

  5. Restart SAST module service by running:

    sudo systemctl restart derscanner-sast.service