Skip to main content

Configuring CxSAST Scan Flow Processes

Introduction

Typically a software project consists of several different programming languages, including primary languages, such as, Java, C#, and Python, and secondary languages, such as the following auxiliary scripting languages: JavaScript, PL-SQL, and VBScript. Depending on the scan configuration, one or more languages will be scanned by SAST.

Purpose of the scan configuration

The purpose of the configuration is to increase the speed, accuracy, and efficiency of the scans by restricting the scan coverage to specific programming languages or categories of languages. The tradeoff between increasing the speed of the scan and reducing the language coverage can best be made by the developers knowledgeable about the scope and purpose of the project.

Scan configuration options

The SAST installation includes the following standard configurations to choose from:

  • Improved Scan Flow (default for SAST 9.4.0)

  • Multi-language Scan

  • Default Configuration

  • Japanese

  • Korean

The scan configurations differ in how the projects are scanned, in terms of which programming languages are scanned and which flow calculations are used. The configurations are briefly described as follows:

  • Improved Scan Flow and Default Configuration scan the primary language with the most files in the project. Once the primary language is determined all the secondary languages, such as auxiliary scripting languages that are used in the code are also scanned. For example, if a project has 100 Java files, 50 Python files, and 60 JavaScript files, only the Java and JavaScript are scanned. These two configurations differ in the scanning algorithm used. The Default Configuration calculates the flow for all queries, but the Improved Scan Flow, using a new algorithm to calculate the flow, only calculates the flow for the queries that were specified in the Preset field, significantly reducing the duration and memory consumption of the scan. Since the Improved Scan Flow and Default Configuration use different algorithms, if a project is scanned first by one and then by the other, there will be a difference in the results.

  • Multi-language Scan scans all the languages in the project, both the primary languages and their secondary languages. For example, if a project has 100 Java files, 50 Python files, and 60 JavaScript files is scanned, all languages – Java, Python, and JavaScript are scanned. Uses the Default Configuration scanning algorithm.

  • Japanese and Korean use the default configuration to scan projects that contain text consisting of the character sets from these languages.

For instructions how to specify a scan configuration, see Specifying a Scan Configuration for a Project.

For more information about the Improved Scan Flow, see Using the Improved Scan Flow Process.

In addition to these standard configurations, you can create custom configurations, as described in How to Create a Custom Scan Configuration.