These are specific guidelines for the successful scan of an RPG application.
See the master compilation guidelines for instructions for other platforms.
- PF: physical database file
- LF: logical database file
- DSPF: display file (screen mask for interactive input)
- PRTF: printer file
- ICF: program to program communication file
Supported RPG Versions
|RPG||IBM iSeries, pSeries||RPG III, RPG IV, RPGLE|
Code Extraction and Preparation
Unlike Windows and Linux systems that keep source code in files on a file system, many RPG systems have source code in a database or in libraries. To transfer source code to the Veracode data center for scanning, you must first extract the RPG source code from the database on a host system into source files that Veracode can scan.
The system management team with the necessary system administration privileges can extract the code from the host system using tools such as IBM iAccess, iSeries Navigator, CPYTOIMPF, or CPYTOSTMF.
If you use the IBM iSeries tool, the code is organized into libraries (similar to directories) and source physical files with multiple members containing the source code items. The extraction script uses system commands to extract code from libraries to system files that you can transfer to an external system for upload to Veracode. Due to the mainframe security restrictions and implementation differences between different systems, Veracode recommends contacting your IT system management team to discuss the extraction process and scanning of RPG programs.
You must compress all RPG source files of the same application in a supported archive file format such as ZIP. When uploaded to an application profile on the Veracode Platform, RPG source files are automatically recognized and correctly routed for scanning.