Skip to main content

SAST Settings

General

On General (fig. 5.30), you can set parameters for the succeeding scans:

  • specify code source: repository or Google Play/App Store link. To upload code from a private repository, specify your username and password in the Private repository settings section
  • set up scan priority
  • select the agent to execute the scan
  • set up whether or not to execute preprocessing, it makes source code more readable, but expands scan time;
  • choose languages to be included in the analysis
  • enable library analysis and specify if the project build should be started (for Java, Scala, Kotlin and Android apps)
  • specify build environment for the project (for C/C++ apps)
  • specify whether to perform intermodular analysis (for C/C++ apps)
  • specify additional rules
  • specify whether to analyze configuration files
  • select incremental or full analysis (ABAP, Apex, C#, COBOL, Config files, Dart, Delphi, GO, Groovy, HTML5, JavaScript, LotusScript, Pascal, PHP, PL/SQL, Python, Perl, Ruby, Rust, Solidity, T-SQL, TypeScript, VB.NET, VBA, VBScript, Visual Basic 6, Vyper, or 1C apps). In incremental analysis, only modified or new files are scanned, thus reducing rescan time (full analysis recommended, when changing project settings or updating system)
  • specify directories, files and/or packages to be included/excluded from analysis
  • specify Git repository branch
  • specify whether to save the uploaded file (the file will be available for system administrator)
  • enter the username and password for private repository
  • select encoding for project source code
  • select encoding for project filenames
  • choose rule sets to be applied when scanning a certain app

You can also choose one of the presets for scanning from the Presets selection list. More information about presets in Settings. System preset is set by default.

Figure 5.30: General
Figure 5.30: General

User Roles

On User Roles, you can grant access to the project to other system users and configure their set of roles within the project. To edit user’s set of roles for the project, click on their login in the list.

Figure 5.31: User Roles
Figure 5.31: User Roles

Task Manager

On Task Manager, you can link Jira projects to the DerScanner project (see Linking a DerScanner project to a Jira project).

Autoscan

To make long-term project management more convenient, you can set up automatic scanning upon certain events or on schedule.

An integration with VCS hostings (system supports GitHub, GitLab and Bitbucket) supports Push and Tag events, and scanning on schedule. More information on how to use the integration in VCS hostings.

For applications from Google Play or App Store, autoscan upon version update and on schedule are available (fig. 5.32).

Figure 5.32: Configuring autoscan upon version update
Figure 5.32: Configuring autoscan upon version update

Project Management

You can edit project’s data, archive, or delete a project on the Project Management page. Archived projects remain in the system and can be retrieved. To delete a project without possibility of recovery, click Delete Project and confirm the action.

Figure 5.33: Project Management
Figure 5.33: Project Management