The variety of source code makes accurate predictions of memory usage and scan times impossible. The factors that affect memory usage and performance consists of many different factors including:
· Code type
· Codebase size and complexity
· Number of vulnerabilities
· Type of vulnerabilities (analyzer used)
Fortify developed the following set of “best guess” hardware recommendations based on real-world application scan results. The following table lists these recommendations based on the complexity of the application. In general, increasing the number of available cores might improve scan times.
|Application Complexity||CPU Cores||RAM (GB)||Average Scan Time||Description|
|Simple||4||16||1 hour||A standalone system that runs on a server or desktop such as a batch job or a command-line utility.|
|Medium||8||32||5 hours||A standalone system that works with complex computer models such as a tax calculation system or a scheduling system.|
|Complex||16||128||4 days||A three-tiered business system with transactional data processing such as a financial system or a commercial website.|
|Very Complex||32||256||7+ days||A system that delivers content such as an application server, database server, or content management system.|
Note: TypeScript scans increase the analysis time significantly. If the total lines of code in an application consist of more than 20% TypeScript, use the next highest recommendation.
The Micro Focus Fortify Software System Requirements document describes the system requirements. However, for large and complex applications, Fortify Static Code Analyzer requires more capable hardware. This includes:
· Disk I/O—Fortify Static Code Analyzer is I/O intensive and therefore the faster the hard drive, the more savings on the I/O transactions. Fortify recommends a 7,200 RPM drive, although a 10,000 RPM drive (such as the WD Raptor) or an SSD drive is better.
· Memory—See Memory Tuning for more information about how to determine the amount of memory required for optimal performance.
· CPU—Fortify recommends a 2.1 GHz or faster processor.