Description
Fortify ScanCentral SAST how to create one package for multi-language project
Solution
For example, for Java please check reference:
Fortify ScanCentral SAST - Generating a ScanCentral SAST Package
https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#Gen_SC_Package.htm?TocPath=Submitting%2520Scan%2520Requests%257C_____3
Regarding build tools, documentation mentions that depending on the build tools you used for Java, that will define the command arguments to use.
For multi-language package/project:
Pretty much when you have two languages or more in the same package/project, you need to check the parameters related to those languages and add them all to one single ScanCentral command (combined command) to get the package created all at once.
Just to be clear, it will be just one single scancentral command with all the parameters of each language.
Please follow these steps:
1). Make sure both Projects languages source files are in the same location.
2). Please use the combined ScanCentral command according to the languages.
Important Note: This is what -bt does:
-bt,
--build-tool <name>
Specifies the name of the build tool used for the project. You cannot use this option with the -scan option. The valid values for <name> are dotnet, gradle, msbuild, mvn, and none.
Reference: https://www.microfocus.com/documentation/fortify-software-security-center/2310/SC_SAST_Help_23.1.0/index.htm#CLI.htm?TocPath=_____13
---------------------
3). After created the package, either extract it or open it and review both <Language1> and <Language2> files are present (You can do searches)
4). If all files are in the package, you can proceed to upload it.