Skip to main content

SAST Configuration Options

The following table shows the configuration options available for the SAST scanner. These configuration options can be applied on the Account > Project > Scan levels. These configurations can be set via the web application (UI), CLI or API, as shown in the table below.

Notice

CLI flags are submitted on the scan level with the scan create command. API configs can be configured on the account or project level using the Configuration API.

Parameter	Values	Notes	CLI	API
presetName	All the available SAST Presets that exist in the system	For the full Presets list (including descriptions) go to the following link: Predefined Presets The default preset that is used is ASA Premium	`--sast-preset-name boolean`	`scan.config.sast.presetName`
fastScanMode	true / false	By default, the Fast Scan mode is false. For more information, refer to Fast Scan Mode	`--sast-fast-scan boolean`	`scan.config.sast.fastScanMode`
incremental	true / false	Determines whether the scan should be performed incrementally or as a full scan. When set to `true`, SAST will only scan the code changes made since the last scan, significantly reducing the scan time and resource usage. When set to `false`, SAST will perform a full scan. Full scans are more comprehensive but take longer to complete and use more resources.	`--sast-incremental boolean`	`scan.config.sast.incremental`
recommendedExclusions	true / false	Determines whether the system should automatically exclude certain files and folders from the scan. When set to `true`, SAST applies predefined exclusions, allowing developers to scan faster and focus on the most relevant code areas. When set to `false`, SAST will include all files and directories in the scan.	Not Supported	`scan.config.sast.recommendedexclusions`
languageMode	primary / multi	For more information see: Specifying a Code Language for Scanning Supported Code Languages and Frameworks: Click Engine Pack Versions and Delivery Model. Select the latest EP (Engine Pack) Supported Code Languages and Frameworks. Note By default, the languageMode is Multi.	Not Supported	`scan.config.sast.languageMode`
folder/filter	Allow users to select specific folders or files to include or exclude from the code scanning process.	Including a file type - .java Excluding a file type - !.java Use “,” sign to chain file types for example: .java,.js The parameter also supports including/excluding folders. regex is not supported.	`--sast-filter <string>`	`scan.config.sast.filter`
engineVerbose	true / false	true = Enables PRINT_DEBUG mode. false = Enables PRINT_LOG mode.	Not Supported	`scan.config.sast.engineVerbose`
compliance	Submit a list of compliances	This parameter is used to filter which compliance standards are included in the scan results. By default, all supported compliances are returned. If you would like to limit the compliances returned, you can set this parameter and specify an array of compliances to include. This filter applies to the results shown in the UI on the Project Overview page as well as to the results returned in the Results Summary API. Warning Supported only via API.	Not Supported	`scan.config.sast.compliance`

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.