Synopsis
fcli sc-sast scan start [--diagnose] [--no-replace] [--delim=<delimiter>] -f=<file> [--notify=<email>] [--pool=<sensorPoolNameOrUuid>] [--publish-as=<fprFileName>] [--publish-to=<appVersionNameOrId>] [--publish-token=<publishToken>] [--sargs=<scanArguments>] [--scan-timeout=<scanTimeout>] [-v=<sensorVersion>] [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<logMaskLevel>] [--debug]] [[--ssc-session=<sessionName>]] ] [--style=<outputStyleElements>_[, <outputStyleElements>…]]… ] [--to-file=<outputFile>_]]
Options
- --delim=<delimiter>
- 
Change the default delimiter character when using options that accept "application:version" as an argument or parameter. 
- --diagnose
- 
Request generation of server-side diagnostic logs 
- -f, --file=<file>
- 
File containing the payload to be scanned. This must be either an MBS file generated through 'sourceanalyzer -export-build-session', or a package file generated through 'scancentral package'. 
- --no-replace
- 
If ScanCentral SAST is configured to replace existing scan jobs if jobs are already running for the given application version, this option may be used to override this behavior and keep the existing scan jobs. 
- --notify=<email>
- 
Email address to which to send a scan completion notification. 
- --pool, --sensor-pool=<sensorPoolNameOrUuid>
- 
Sensor pool Uuid or Name. 
- --publish-as=<fprFileName>
- 
FPR file name to use when publishing the scan results to SSC. 
- --publish-to=<appVersionNameOrId>
- 
Publish scan results to the given SSC application version once the scan has completed. 
- --publish-token=<publishToken>
- 
SSC token to be used to publish the scan results to SSC. If not specified, the current SSC session token will be used. Note that publishing may fail if the token expires or is revoked before publishing has completed. It is recommended to either use a pre-generated long-lived token, or, if you authenticated using SSC user name and password, to wait for scan completion before running the 'session logout' command. 
- --sargs, --scan-args=<scanArguments>
- 
Fortify Static Code Analyzer scan arguments, see ScanCentral SAST documentation for supported scan arguments for your ScanCentral SAST version. Multiple scan arguments must be provided as a single option argument, arguments containing spaces or that conflict with fcli options like '-filter' must be embedded in single quotes, and local files must be referenced through the '@' prefix. Note that contrary to fcli, scan arguments usually start with a single dash, not double dashes. For example: --sargs "'-quick' '-filter' '@my filters.txt'" 
- --scan-timeout=<scanTimeout>
- 
Specify scan time-out (in minutes) for this scan job. This overrides the default scan time-out configured on ScanCentral SAST. 
- -v, --sensor-version=<sensorVersion>
- 
Version of the sensor on which the payload should be scanned. This option is not supported for MBS files, not recommended for package files generated by ScanCentral Client versions 24.2 and above, but required for package files generated by older ScanCentral Client versions, ideally matching the ScanCentral Client version that was used to generate the package file. If needed, this option can be used to override the sensor version that would be selected by default by ScanCentral SAST, but this is not officially supported and may cause unexpected results. 
SSC session name options
- --ssc-session=<sessionName>
- 
Name of the SSC session to use for executing this command. Default value: default. 
Output options
- -o, --output=type[=<args>]
- 
Specify output type and optional type arguments. Available output formats: csv, table, expr, json, xml, yaml. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. 
- --store=variableName[:<propertyNames>]
- 
Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command. 
- --style=<outputStyleElements>[,<outputStyleElements>…]
- 
Comma-separated list of style elements to apply to the selected output format. Allowed values: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border. 
- --to-file=<outputFile>
- 
Write command output to the specified file instead of stdout. 
Generic fcli options
- --debug
- 
Enables both fcli trace logging and the --diagnose option 
- --env-prefix=<envPrefix>
- 
Environment variable prefix for resolving default option and parameter values. Default value: FCLI_DEFAULT. 
- -h, --help
- 
Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands. 
- --log-file=<logFile>
- 
File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified. 
- --log-level=<logLevel>
- 
Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR, NONE. 
- --log-mask=<logMaskLevel>
- 
Masking level to apply to logging data. Allowed values: high, medium, low, none. Default value: medium. Note that this is on a best-effort basis; you should always check log contents for sensitive data before sharing or publishing logs.