SAST Scanner Parameters

The table below presents all the optional parameters for the SAST scanner, and their optional values.

Notice

There is an additional configuration option for filtering which compliance results to show. This can currently only be configured via REST API, see API documentation.

Parameter	Values	Notes
presetName	All the available SAST Presets that exist in the system	For the full Presets list (including descriptions) go to the following link: Predefined Presets The default preset that is used is ASA Premium
fastScanMode	true / false	By default, the Fast Scan mode is false. For more information, refer to Fast Scan Mode
incremental	true / false	Determines whether the scan should be performed incrementally or as a full scan. When set to `true`, SAST will only scan the code changes made since the last scan, significantly reducing the scan time and resource usage. When set to `false`, SAST will perform a full scan. Full scans are more comprehensive but take longer to complete and use more resources.
recommendedExclusions	true / false	Determines whether the system should automatically exclude certain files and folders from the scan. This is similar to the predefined rules of SAST. When set to `true`, SAST applies predefined exclusions, allowing developers to scan faster and focus on the most relevant code areas. When set to `false`, SAST will include all files and directories in the scan.
languageMode	primary / multi	For more information see: Specifying a Code Language for Scanning Supported Code Languages and Frameworks: Click Engine Pack Versions and Delivery Model. Select the latest EP (Engine Pack) Supported Code Languages and Frameworks. Note By default, the languageMode is Multi.
folder/filter	Allow users to select specific folders or files to include or exclude from the code scanning process.	Including a file type - .java Excluding a file type - !.java Use “,” sign to chain file types for example: .java,.js The parameter also supports including/excluding folders. regex is not supported.
engineVerbose	true / false	true = Enables PRINT_DEBUG mode. false = Enables PRINT_LOG mode.

ASA Premium Preset

ASA Premium Preset is a part of the SAST collection of presets.

This Preset is available only for Checkmarx One. Its usage is described in the table below.

Preset	Usage	Includes vulnerability queries for....
ASA Premium	The ASA Premium preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program. The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.	Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.
ASA Premium Mobile	The ASA Premium Mobile preset is a dedicated preset designed for mobile apps. The ASA Premium Mobile preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program. The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.	Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.

Preset

Usage

Includes vulnerability queries for....

ASA Premium

The ASA Premium preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program.

The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.

Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.

ASA Premium Mobile

The ASA Premium Mobile preset is a dedicated preset designed for mobile apps.

The ASA Premium Mobile preset contains a subset of vulnerabilities that Checkmarx AppSec Accelerator team considers to be the starting point of the Checkmarx AppSec program.

The preset might change in future versions. The AppSec Accelerator team will remove old/deprecated queries or include new and improved queries in a continuously manner.

Apex, ASP, CPP, CSharp, Go, Groovy, Java, JavaScript, Kotlin (non-mobile only), Perl, PHP, PLSQL, Python, Ruby, Scala, VB6, VbNet, Cobol, RPG and VbScript coding languages.

Fast Scan Mode

The new SAST scanner aims to find the perfect balance between thorough security tests and the need for quick and actionable results. There’s no need to choose between speed and security. Alongside the Base Preset, we are thrilled to announce a new scan mode designed to speed up the scan: Fast Scan mode.

Fast Scan mode decreases the scanning time of projects up to 90%, making it faster to identify relevant vulnerabilities and enable continuous deployment while ensuring that security standards are followed. This will help developers tackle the most relevant vulnerabilities.

While the Fast Scan mode identifies the most significant and relevant vulnerabilities, the In-Depth scan mode offers deeper coverage. For the most critical projects with a zero-vulnerability policy, it is advised also to use our In-Depth scan mode

Warning

To expedite the results retrieval, the scanning process has been optimized to reduce the number of stages and flows involved in the scan. With this enhancement, the queries related to Fusion are not executed and results won’t be generated when utilizing this new mode.

You may also notice impact on the API Security scanner results.

Incremental scans aren't supported in fast scan mode.

In this section: