Using local directories in /var/rips3/src is deprecated and should be avoided in favor of uploads. Uploads are faster and automatically take care of the permissions.
Additional to uploads of archives, the On-Premises version of RIPS also allows to scan directories. The target source code has to be copied to the source directory of RIPS (by default /var/rips3/src). This directory is shared with RIPS and mounted to /src.
In order to scan an application all files and directories that contain source code have to be writeable by user id 33, by group id 33 or by everyone. All files have to be world-readable. The user and group ids are both fixed and can not be changed. There does not have to exist a user with this ids on the system.
For security reasons we recommend to make the data directory of RIPS (by default /var/rips3) only accessible to the root user.
To start a scan you could use the path DVWA_1.9 or /src/DVWA_1.9.