IBM Support

How to Scan C\C++ Code in AppScan Source

Technote (FAQ)


Question

How do you scan C\C++ code using IBM Security AppScan Source?

Answer

Configuring the Environment

The <AppScan-Source-InstallDir>/bin folder will need to be on the System Path as the desired C\C++ compiler and make utility.

Generating the Application and Project Files

  1. Open a terminal/command prompt
  2. Navigate to the directory containing the C\C++ source code
  3. Run:  ouncemake -s -r -a application_name
  4. If the scan is being performed in a 64-bit environment, modify the generated ouncemake_properties.xml file as follows:
    • Open ouncemake_properties.xml in an editor and add the following two switches to the compiler_options section:
      --targ_sizeof_long=
      --targ_size_t_type=
    • Find the following switches:
      __SIZEOF_LONG__=
      __SIZEOF_SIZE_T__=
      and copy the values of the switches to the newly added switches. For example, if the switches are set as follows:
          __SIZEOF_LONG__=8
          __SIZEOF_SIZE_T__=
      ulong
      the values of the newly added switches will be as follows:
          --targ_sizeof_long=8
          --t
      arg_size_t_type=ulong
    • After the changes have been saved, rerun the command from step #3

Scanning the Application

The generated application can be opened in Security Analysis, AppScan Source CLI or AppScan Source for Automation to perform the scan.

Document information

More support for: IBM Security AppScan Source
Scan: C/C++

Software version: 8.8, 9.0, 9.0.0.1, 9.0.1, 9.0.2

Operating system(s): Platform Independent

Reference #: 1966748

Modified date: 14 October 2015