Static Code Analysis

Static code analysis includes the use of various security and quality tools, such as:

• SAST (Static Application Security Testing) tools

• Secrets scanning

• Dependency checks (SCA)

• Infrastructure as Code (IACS) scanners

Scan Types Supported

The system supports both on-demand (single) and scheduled scans. Additionally, you can configure repository monitoring to periodically check for updates in a target repository and automatically perform incremental scans on any new changes.

---

Step-by-Step Instructions

1. Create a Product

Before initiating a scan, create a new product as described on the previous page of the documentation.

---

2. Provide Source Code

You can supply the source code in one of the following ways:

• ZIP Archive: Upload a compressed folder containing one or more source code directories.

• Git Repository Path: Specify the repository URL (both HTTPS and SSH formats are supported).

📌 If the repository requires authentication, refer to the next page for setup instructions.

---

3. Configure the Static Analysis

Navigate to the Static Analysis tab and:

• Upload the ZIP archive or enter the Git repository path.

• Select the main programming language of the project.

• Choose any additional multi-language scanners you wish to include.

ℹ️ Language-specific scanners will automatically be triggered based on the selected Main Language.

---

---

4. Submit the Scan

• Confirm that the Engagement ID matches the one created during product setup.

• Click “Submit” to start the scan.