Synopsis
fcli sc-sast scan start [--delim=<delimiter>] [--notify=<email>] [--pool=<sensorPoolNameOrUuid>] [--publish-to=<appVersionNameOrId>] [--sargs=<scanArguments>] [--ssc-ci-token=<ciToken>] [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>]] [[--session=<sessionName>]] (-m=<mbsFile> | (-v=<sensorVersion> -p=<packageFile>)) ] [--store=_variableName[: _ <propertyNames>]] [--to-file=<outputFile>_]]
Options
- --delim=<delimiter>
-
Change the default delimiter character when using options that accept "application:version" as an argument or parameter.
- --notify=<email>
-
Email address to which to send a scan completion notification.
- --pool, --sensor-pool=<sensorPoolNameOrUuid>
-
Sensor pool Uuid or Name.
- --publish-to=<appVersionNameOrId>
-
Publish scan results to the given SSC application version once the scan has completed.
- --sargs, --scan-args=<scanArguments>
-
Fortify Static Code Analyzer scan arguments, see ScanCentral SAST documentation for supported scan arguments for your ScanCentral SAST version. Multiple scan arguments must be provided as a single option argument, arguments containing spaces must be embedded in single quotes, and local files must be referenced through the 'file:' prefix. Note that contrary to fcli, scan arguments usually start with a single dash, not double dashes. For example:
--sargs "-quick -filter 'file:./my filters.txt'"
- --ssc-ci-token=<ciToken>
-
SSC CIToken in either encoded (REST) or decoded (application) format.
Environment variables:
FCLI_DEFAULT_SSC_CI_TOKEN: Shared with SSC/SC DAST
FCLI_DEFAULT_SC_SAST_SSC_CI_TOKEN: Only SC SAST commands
Options for scanning a package file:
- -p, --package-file=<packageFile>
-
Package file to scan.
- -v, --sensor-version=<sensorVersion>
-
Version of the sensor on which the package should be scanned. Officially, you should select the same sensor version as the version of the ScanCentral Client used to create the package.
Session options
- --session=<sessionName>
-
Name of the ScanCentral SAST session to use for executing this command. Default value: default.
Output options
- -o, --output=format[=<options>]
-
Specify output format and options. Available output formats: csv, csv-plain, json, json-flat, table, table-plain, tree, tree-flat, xml, xml-flat, yaml, yaml-flat, expr, json-properties. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. Use '-o json-properties' on the current command to see available properties.
- --store=variableName[:<propertyNames>]
-
Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.
- --to-file=<outputFile>
-
Write command output to the specified file instead of stdout.
Generic fcli options
- --env-prefix=<envPrefix>
-
Environment variable prefix for resolving default option and parameter values. Default value is FCLI_DEFAULT.
- -h, --help
-
Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.
- --log-file=<logFile>
-
File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.
- --log-level=<logLevel>
-
Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR.