Adding a new C/C++ project

The New Project Wizard helps you manually create a C/C++ project and add it to an application. We strongly recommend direct import of Visual Studio solutions and projects, and subsequent import of makefile configurations using the Ounce/Make tool. While manual configuration is possible, it requires users to have significant and detailed knowledge of their compiler environment.

About this task

When you add a new C/C++ project to the application, you specify a collection of source files to scan:

  • include path
  • preprocessor definitions
  • options

The steps in this topic direct you to complete all pages in the New Project Wizard (or New Application Wizard, if you are creating the project in it). However, some of the pages in the wizard are optional (required settings are complete when the Finish button is activated). Settings made in the wizard can be modified after project creation in the Properties view for a selected project. If you complete the New Project Wizard without completing optional pages, you can change the settings from those pages later on in the Properties view.

Important: In order to scan a C++ project, the project must compile and link without errors.

Procedure

  1. In the Explorer view, select the application that you want to add the project to (if you have not already added an application, see Configuring applications).
  2. Complete one of these actions to open the New Project Wizard:
    1. Select File > Add Project > New Project from the main workbench menu.
    2. Right-click the selected application and choose Add Project > New Project from the context menu.
  3. In the Select Project Type page of the wizard, select C/C++ as the project type and then click Next to advance to the next wizard page.
  4. In the Project Sources wizard page:
    1. Identify the project sources. Project sources consist of the directories in which you find project files, and any additional individual files to include in the project.

      Name the project and specify the working directory. The Working Directory is the location in which the AppScan® Source project file (.ppf) will reside. It is also the base for all relative paths.

    2. Select Enable secrets for scanner to invoke scanning for secrets along with other relevant scanners.
      When invoked, the engine checks for hardcoded passwords, credit card numbers, and Social Security numbers (SSN) when those secrets are detected in the code being scanned.
    3. Click Add Source Root to specify a source code root and the directories or files to include or exclude from the scan.
      After adding the source root, you can exclude certain directories or files from it. To do this, select the directory or file (or multiselect these items) in the source root, right-click the selection, and then choose Exclude from the menu. If you include or exclude files, the icon to the left of the file name changes.
  5. Click Next to advance to the next wizard page.
  6. In the C/C++ Project Dependencies page, add project dependencies by specifying the project configuration and include path.
    Project Dependencies dialog box
    • Configuration: List of all available configurations for the project. Add new or delete existing configurations. Define all remaining settings for each configuration.

      You may define multiple configurations for a C/C++ project, such as Debug and Release. Configuration 1 is the default project configuration name.

    • Include Path: Use this section to add the fully-qualified path names to directories containing #include files required for the project.
    • Preprocessor Definitions: Use this field to add preprocessing symbols defined for the project. Preprocessor definitions are specific to C/C++ code. When specifying preprocessor definitions, do not include the compiler's -D option (for example, specify a=definition1 instead of -Da=definition1). When specifying multiple definitions, use a semicolon-delimited list.
    • Options: Additional required compiler parameters for the project configuration.
  7. Click Finish.