This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Run a SAST scan

To run a SAST scan on a project run the following command. endorctl scan --sast -n <project namespace>

You can run the endorctl scan --sast command with the following options.

Option Description
-n, --namespace Namespace of the project with which you are working. Mandatory.
--include-path Limit the scan to the specified file paths or directories using Glob style expressions. For example, --include-path="src/java/**”, scans all the files under src/java, including any subdirectories, while --include-path="src/java/*”, only includes the files directly under src/java. Paths must be relative to the root of the repository. Use quotes to ensure that your shell does not expand wildcards.
--exclude-path Specify one or more file paths or directories using Glob style expressions. For example, --include-path="src/java/**”, scans all the files under src/java, including any subdirectories, while --include-path="src/java/*”, only includes the files directly under src/java. Paths must be relative to the root of the repository. Use quotes to ensure that your shell does not expand wildcards.
--disable-code-snippet-storage Specify the flag to disable storing the code snippet that violates the SAST policy.
--path The path to issue the scan.