Starting C/C++ Applications Analysis

In DerScanner, the following methods of importing C/C++ applications for analysis are implemented:

• Upload file from a local device Upload a source code archive (as ZIP, 7Z, RAR (up to version 4.0), EAR, AAR, tar.bz2, tar.gz, tar, cpio) or the application executable file (.exe or .dll file).

If a project build is not configured, it is recommended to add file dependencies to the archive. This will improve the analysis results.

• Upload via link Specify a path to the repository with the project source code (Git and Subversion are supported). DerScanner’s server should have access to the specified repository. Via the link, it should be possible to download code from the repository using the git clone or svn export command. Example links:

  • [https://gitlab.example.com/myproject.git] (https://gitlab.example.com/myproject.git)(**Git**)
  • ssh://gitlab.example.com/myproject (Git)
  • https://svn.example.com/mysvnproject/trunk/ (Subversion)
  • svn://svn.example.com/mysvnproject/branches/my-branch (Subversion)
  • svn+ssh://svn.example.com/mysvnproject/(Subversion)

To upload code from a private repository, specify your username and password. For more information about analysis settings see Settings.

A list of supported file extensions can be found in the Appendix. To analyze nested archives, select the Analyze libraries and nested archives option.

When analyzing source code (either as an archive or by link to a repository), the project should be built without errors:

• To build C/C++ on Linux/macOS, CMake projects are supported (versions <=3.17.3), which are built by mkdir build && cd build && cmake .. && make command in the same environment as DerScanner. Supported versions of compilers include:

  • Apple Clang <= 11.0.3
  • Open source Clang <= 10.0.0
  • GCC <= 10.1

• To build C/C++ on Linux, the following options are supported in addition:

  • Makefile projects

  • Autotools projects

  • Custom non-interactive shell scripts. Executable shell script file named build.sh should be provided along with other project files. The script should be able to build the project from its location in the project file tree.

• To build C/C++ on Windows, Visual Studio projects are supported (2005, 2008, 2010, 2012, 2013, 2015, 2017, 2019) (select the corresponding option in analysis settings), which are built by the msbuild <project_name>.sln command.

Therefore, either the CMake/Visual Studio project must establish its dependencies by itself, or they must be installed on the machine with DerScanner in advance.

For advanced analysis settings click Show settings. For details, see General.