SAST workflow
Overview of steps for static analysis scanning.
The general steps for performing static analysis are as follows. Additional steps may be required to meet your scanning goals.
Note: Users must be assigned an appropriate role to perform static analysis
functions. If you are unsure whether your user role has appropriate permissions,
consult your organization's ASoC Administrator.
- Create an application.
- Decide the mechanism you will use to prepare files for scanning and set it up
accordingly:
- Static Analyzer Command Line Utility
- AppScan Go!
- a supported plugin
- identify source code files.
- Create and configure a scan.
- Review scan preferences.
- Run the scan.
- Review results.
- Triage and remediate issues.
- Repeat steps three through eight as needed.