AppScan Source application and project files

AppScan® Source applications and projects have corresponding files that maintain configuration information required for scanning, as well as triage customization. It is recommended that these files reside in the same directory as the source code, since configuration information (dependencies, compiler options, and so forth) required to build the projects is very similar to that required for AppScan Source to scan them successfully. Best practice includes managing these files with your source control system.

Applications and projects created in AppScan Source for Analysis have a .paf and .ppf extension respectively. These files are generated when you manually create and configure an application or project in AppScan Source for Analysis, AppScan Source for Automation, and the AppScan Source command line interface.

On Windows™, when you import Visual Studio solutions and projects into AppScan Source for Analysis, AppScan Source for Automation, and the AppScan Source command line interface, files with .sln.gaf and .vcproj.gpf extensions are created for them.

Note: As of version 9.0.3.11, AppScan Source no longer supports macOS or iOS Xcode project scanning.
Note: When an Eclipse Importer runs on an Eclipse or Rational® Application Developer for WebSphere® Software (RAD) workspace, AppScan Source creates intermediate files with .ewf and .epf extensions. These files are required for the initial import into AppScan Source for Analysis and for future scans.
Important: If you are working with an AppScan Source project that has dependencies in a development environment (for example, an IBM® MobileFirst Platform project), ensure that you build the project in the development environment before importing it. After importing the project, if you modify files in it, be sure to rebuild it in the development environment before scanning in AppScan Source (if you do not do this, modifications made to files will be ignored by AppScan Source).
Table 1. AppScan Source files
AppScan Source File Extension Description
ppf
  • AppScan Source project file
  • Generated when you create a project with AppScan Source for Analysis or supported AppScan Source utilities
  • User-named
paf
  • AppScan Source application file
  • Generated when you create an application with AppScan Source for Analysis or supported AppScan Source utilities
  • User-named
sln.gaf
  • AppScan Source application file that is generated when you import Visual Studio solutions
  • Used to hold custom application information such as exclusions and bundles
  • Adopts the name of the imported workspace or solution. For example:
    d:\my_apps\myapp.sln
    d:\my_apps\myapp.sln.gaf
vcproj.gpf
  • AppScan Source project file that is generated when you import Visual Studio projects
  • Used to hold custom project information such patterns and exclusions
  • Adopts the name of the imported project. For example:
    d:\my_projects\myproject.vcproj
    d:\my_projects\myproject.vcproj.gpf
ewf
  • Eclipse workspace file
  • Produced when you import an Eclipse workspace into AppScan Source
  • The Eclipse exporter creates the file based on information in the Eclipse workspace - AppScan Source then imports the file
epf
  • Eclipse project file
  • Produced when an Eclipse project is imported into AppScan Source
  • The Eclipse exporter creates the file based on information in the Eclipse project - AppScan Source then imports the file
Tip: When you use supported build integration tools (for example, Ounce/Ant or Ounce/Maven) to generate AppScan Source applications and project files, it is recommended that you update these files in source control as part of your build automation, to facilitate sharing them across the development team. When a developer updates the local view of the files in source control, the AppScan Source application and project files update as well. This ensures that the entire team is working with a consistent set of files.
Note: To learn which versions of imported files are supported by AppScan Source for Analysis, AppScan Source for Automation, and the AppScan Source command line interface, see System requirements and installation prerequisites. At this page, select the tab for the version of AppScan Source that you are using - and then select the AppScan Source component that you are using. If AppScan Source supports opening and scanning files from other development environments, that support is listed in the Compilers and Languages section of the Supported Software tab.