Setting up the Company Policy taxonomy

First, we need to set up the Company Policy taxonomy in the Configuration Editor.

1. Launch the standalone Taxonomy Editor.

   The Taxonomy Editor appears.

2. Right-click any white space and click New taxonomy.
3. In the Create new taxonomy dialog, enter "Company Policy" and click OK.
4. Expand the C and C++ taxonomy.
5. Ctrl-click the Buffer Overflow and Null Pointer Dereference categories.
6. Right-click and select Copy.
7. Right-click Company Policy and select Paste.
8. Now, we're going to add two security vulnerability checkers to the taxonomy.

   Right-click Company Policy and select Add issue.

9. In the Issue code field, start typing SV.IN.

   Autocompletion fills in the rest of the name and suggests checkers matching your entry.

10. Select SV.INCORRECT_RESOURCE_HANDLING.URH and click OK .
11. Repeat the previous two steps, but this time select SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
12. Click OK and save your new taxonomy file somewhere you can find it.
13. Log in to Validate.
14. In Validate's project list, click the project you want to upload the file to.

    The project details appear.

15. In the project details, click Configuration.
16. On the Configuration page, click Add a configuration file.
17. In the Choose file dialog, browse to:

    <projects_root>/projects/<project_name>/rules/<yourtaxonomyfile>.tconf (or wherever you chose to save your taxonomy file)

    where<project_name> is the project whose configuration you want to copy.

18. Click Upload.

    Your new Company Policy taxonomy appears in the tree.

19. Expand the Company Policy taxonomy and make sure that all the NPD and ABV checkers are enabled.
20. Add a check to SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS to enable them.
21. Click to save your changes.

Now we'll use our taxonomy in Validate.

See also