Page tree
Skip to end of metadata
Go to start of metadata

To perform this step, your AIP Console login must have the Application Owner role.

Introduction

This step performs many actions in one go, without the need for manual interaction. It allows you to get real results very quickly. Actions performed:

  • Validate the Version - i.e. validate the delivered source code
  • Accept the Version - accept it and allow it to be analyzed
  • Import the Version - set it as the current version to be used in the analysis
  • Run an analysis - source code analysis results are stored in the Analysis schema
  • Take a snapshot - metrics and structural rule data is generated and consolidated in the Dashboard schema - results can be viewed in an Engineering Dashboard
  • Upload the snapshot to the Measurement schema - results can be viewed in a Health Dashboard

This is ideal for a Standard rescan scenario where you just want a set of baseline results for your new source code version, using the same settings as those used for the previous version. Results can be generated very quickly.

Add a new Version

To access AIP Console, use the following URL (ensure you specify the correct server and port number): http://<server>:8081/ui/index.html. Then move to the AIP Console screen if you are not already there:


Find your existing Application - in this example it is called "MEUDON" - and click Add version:

Deliver source code

Click to enlarge

To deliver source code:

  • Drag and drop one .zip or .tar.gz  file containing your source code - or click the upload cloud icon to add a file using a traditional "open file" method.
  • If you have configured a source code folder (see Administration Center - Settings - Source Folder Location) you can click the yellow folder to add code directly from this folder - only one folder in the designated path can be selected:

If you want to deliver source code containing:

  • .NET source code: you should ensure that you define the location of the .NET Assemblies which is required for a successful analysis. See Configuring source code delivery for .NET.
  • Maven based source code: you should ensure that you define the location of the Maven repositories so that any associated JAR files can be automatically discovered and that POM dependencies can also be located - which is required for a successful analysis. See Configuring source code delivery for Maven.

In a rescan scenario, CAST highly recommends setting the following options as follows:

OptionOption positionDescription
Backup ApplicationENABLED or DISABLED

Unticked by default. Selecting the option will cause the Application to be backed up as part of the actions you choose. This may cause some additional processing time while the backup completes. Backups are stored in the following location on the relevant AIP Node and can be managed in Administration Center - Applications - Application Details:

%PROGRAMDATA%\CAST\AipConsole\AipNode\backup\<application_name>\YYYYMMDDHHMM.zip
Same configuration as previous versionENABLED

This will ensure that your configuration (Modules, Exclusion Rules and Objectives) are identical to the settings used in the previous version, therefore retaining result continuity, although you are free to make changes to Exclusion Rules and Optimizations if you require by clicking the Next button as highlighted below - note that changing other settings in the wizard may impact the stability of your results. In addition, the option Enable Automatic discovery (see below) will be available (and will be enabled).

Click to enlarge

When disabled, AIP Console will create a version ignoring any previous Version settings and options - i.e. as if it was a brand new Version.

Enable Automatic discoveryENABLED
Only available when adding a new version when a version already exists and when the option Same configuration as previous version (see above) is enabled.
  • When enabled (default position), AIP Console will perform the "code discovery" step and as a consequence, for any new source code added in the new version, new extensions may be downloaded i.e. discovered and force_install extensions (unless a specific Extension Strategy is in place), new packages may be detected and new Analysis Units may be created. Note that new releases of extensions that were used in the previous version will NOT be automatically downloaded, installed and used.
  • When disabled, AIP Console will not perform the "code discovery" step and as a consequence this ensures that the configuration of the new version is identical to the configuration used in the previous version even if new source code has been added in the new version. No new extensions will be downloaded and installed and no existing extensions will be updated.
Run AnalysisENABLED or DISABLED

Choose whether you want to run an analysis immediately after the source code is delivered. Technically the Run analysis option also includes an internal step called "Prepare analysis data" step, which allows:

  • Source code to be viewed when validating Dynamic Links
  • Architecture Models results to be checked before generating a snapshot

Standard rescan

For a Standard rescan scenario, you should enable this option. Enabling this option includes the following steps that would otherwise need to be manually actioned:

  • Validate the Version - i.e. the delivered source code
  • Accept the Version
  • Import the Version -"set as current version"

Enabling the option will also automatically expose the following options:

Advanced rescan

For an Advanced rescan scenario, you should disable this option. This will allow you to work through the process of validating/accepting the version, running an analysis and generating a snapshot as separate steps.

Take a snapshotENABLED or DISABLED
If you do not see this option, you must enable the Run analysis option.

Choose whether you want to generate a snapshot immediately after the source code is delivered:

Standard rescan

For a Standard rescan scenario, you should enable this option. It includes the following steps that would otherwise need to be manually actioned:

  • Validate the Version - i.e. the delivered source code
  • Accept the Version
  • Import the Version -"set as current version"
  • Run an analysis - source code analysis results are stored in the Analysis schema
  • Generate a snapshot - metrics and structural rule data is consolidated in the Dashboard schema - results can be viewed in an Engineering Dashboard
  • Optionally Publish to Health Dashboard - results can be viewed in a Health Dashboard instance
  • Optionally Publish to CAST Imaging - results can be viewed in a CAST Imaging instance

Advanced rescan

For an Advanced rescan scenario, you should disable this option. This will allow you to work through the process of validating/accepting the version, running an analysis and generating a snapshot as separate steps.

Publish to Health DashboardENABLED or DISABLED
If you do not see this option, you must enable the Run analysis option.

Choose whether you want to publish the snapshot in the Health Dashboard immediately after the source code is delivered. This option is enabled by default:

Standard rescan

For a Standard rescan scenario, you should enable this option.

Advanced rescan

For an Advanced rescan scenario, you should disable this option. This will allow you to work through the process of validating/accepting the version, running an analysis and generating a snapshot as separate steps.

Publish to CAST ImagingENABLED or DISABLED
  • If you do not see this option, you must enable the Run analysis option.
  • If this option is visible, but is unavailable for selection, this means that a corresponding CAST Imaging instance has not been configured. See Administration Center - Settings - Imaging Settings for more information.

Choose whether you want to publish the snapshot in your CAST Imaging instance immediately after the source code is delivered. This option is enabled by default:

Standard rescan

For a Standard rescan scenario, you should enable this option.

Advanced rescan

For an Advanced rescan scenario, you should disable this option. This will allow you to work through the process of validating/accepting the version, running an analysis and generating a snapshot as separate steps.

Start analysis/snapshot

When you have made your option choices, click:

  • PROCEED, any subsequent steps will be skipped and:
    • if the Take a snapshot option is disabled, the version will be added and will appear in the Application - Versions screen.
    • if the Take a snapshot option is enabled, the analysis/snapshot will be actioned immediately.

Optionally click NEXT

Optionally, you can click NEXT to change Manage Exclusions/Objectives:

Manage exclusions

Click to enlarge

Manage Exclusions is an optional step in the source code upload process - it allows you to use to exclude specific files and/or folders in the uploaded archive file and manage project exclusion rules (available in AIP Console ≥ 1.26).

Ignore Patterns

In this section, any excluded items will be ignored during the source code analysis. A set of exclusion rules will be predefined via the "default" Exclusion Template which contains the most common items that should be excluded (see Administration Center - Settings - Exclusion templates for more information):

You are free to set whatever exclusion rules you require:

  • You can remove existing exclusions using the trash icon
  • You can add new existing exclusions using the Add Expression option (see below)

When you have made your option choices, click:

  • PROCEED, any subsequent steps will be skipped and:
    • if the Run Analysis option is disabled, the version will be added and will appear in the Application - Versions screen.
    • if the Run Analysis AND Take a snapshot options are enabled, the analysis/snapshot will be actioned immediately.
  • NEXT, see Choose Objectives.

Options available

Overwrite existing exclusion rules

This option is only visible in rescan mode in AIP Console ≥ 1.25, when the Same configuration as previous version option is enabled.

This option should be typically left in the disabled position if you have imported an application from CAST Management Studio (see Import an Application managed with CAST Management Studio into AIP Console) and are re-analyzing the source code with AIP Console: exclusion rules are different in CAST Management Studio/Delivery Manager Tool and in AIP Console, and if you use the AIP Console interface to add the exclusion rules, these will overwrite the exclusion rules managed in CAST Management Studio/Delivery Manager Tool.

If the Application was created from scratch in AIP Console, you can enable this option if you want to modify the exclusion rules created in the initial version delivery.

Expression: Add a new pattern using a glob pattern expression

The pattern matching system uses glob patterns (see https://docs.oracle.com/javase/tutorial/essential/io/fileOps.html#glob for examples of how this system works). Enter an expression to match the folders you want to exclude and then click ADD to add the expression to the list of excluded items:

For example:

  • *.txt will exclude all files with the extension .txt
  • tests/ will exclude any folders named tests and everything inside them - e.g. root_folder/tests, root_folder/another_folder/tests
  • *.Tests/ will exclude any folders whose name includes .Tests (for example C:\Support\Delivery\Sample.Tests\sample\)
  • patterns starting with / will exclude starting only from the root folder. In other words, /tests/ will exclude everything in the specific folder root_folder/tests but not root_folder/another_folder/tests
You can add multiple expressions.

 Use exclusion template

This option enables you to choose from a template that has been predefined in the Administration Center - Settings - Exclusion templates panel under Exclusion Templates:

When a template is selected, the list of exclusions will be populated with those defined in the template. You can delete items if you prefer:

 Using the GUI to select items

Click  to access a screen where you can select the files and folder from the uploaded archive file you want to exclude (the archive will be unpacked by AIP Console) - place a check mark in the items that must be excluded, then click SAVE to add them to the list of exclusions:

Project Exclusion Rules

Available in AIP Console ≥ 1.26.

This section enables you to configure the "exclusion" rules for specific projects identified during the source code delivery. When an exclusion rule is matched, then the project in question will be ignored. The aim of these rules is to avoid a situation where multiple projects (and therefore Analysis Units) are generated for a given piece of source code when more than one is not needed. If you are unsure, you should leave the default settings as they are and review them before accepting delivery. 

  • for an Application's first version, all options are selected except Exclude Maven Java projects when an Eclipse project also exists
  • for an Application's subsequent versions, exclusion rules are pre-selected according to the options chosen in the previous version delivery.
  • the option Exclude all empty projects refers to projects that do not have associated source code.
  • the option Exclude Test code will exclude all folders named "test" that are discovered during the source code delivery

Choose Objectives

Objectives is an optional feature that is designed to pre-configure an analysis (install specific extensions, set specific settings etc.) based on the results you require:

When you have made your option choices (see below), click PROCEED:

  • if the Run Analysis option is disabled, the version will be added and will appear in the Application - Versions screen.
  • if the Run Analysis AND Take a snapshot options are enabled, the analysis/snapshot will be actioned immediately.
  • When enabling any of the Objectives, it is recommended to allow Alpha and Beta extensions to be installed via the Extension Strategy option, because some of the extensions that are installed automatically via the Objectives feature are currently only in Alpha/Beta release. If Alpha/Beta extensions are not permitted to be installed, the results of the selected objectives will not be produced.
  • When an extension whitelist is in use via the Extension Strategy option, any extensions that are automatically installed by a selected Objective and which are not present in the white list will cause the analysis to stop.
  • If you do not wish to use any of the objectives offered, untick all options. This will ensure that no additional extensions (over and above what you have defined and what has been automatically discovered) will be installed and no additional options will be enabled automatically.
  • If you are adding a version N+1 (i.e. you have already created a version and generated a snapshot and are now working on the next version) and you tick the option Same as previous configuration in Step 1, the same objectives will be applied as in the previous version.
  • If you have generated a snapshot and enabled various objectives, and you then edit the version and generate a new snapshot, the same objectives will be applied.

Options available

OptionDefault settingsDescription
Global risk assessmentActive

This option focuses on risk assessments by adding additional structural rules to the analysis. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

Security assessmentInactive

This option focuses on user input security assessments for JEE/NET technologies. Selecting this option will currently:

Functional points measurementActive

This option focuses on function points measurement. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

If you are using a CAST global license that does not include EFP, then this option will not produce any results.

Blueprint designInactive

This option focuses on architecture identification and links between layersSelecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

Data safety investigationInactive

This option focuses on flow of data identification and will deliver associated resultsSelecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

GDPR / PCI DSS

Two additional options are available (in AIP Console ≥ 1.26) specifically enabling a check of a set of predefined sensitive key words related to GDPR (General Data Protection Regulation) and/or PCI-DSS (Payment Card Industry Data Security Standards) data:

 

Each option corresponds to one .datasensitive file located in the following location on the AIP Node:

%PROGRAMDATA%/CAST/AipConsole/AipNode/datasafetychecks

In other words, enabling the GDPR option (for example) will force the check using the keywords defined in GDPR_Keywords.datasensitive. When the analysis runs, the predefined .datasensitive file corresponding to the chosen option is sent to the LISA folder (LISA/{appGuid}/DataSafety) and any key words defined in them will be checked. If any key words are found in the source code a flag will be added in the analysis results on the object in question. This can be seen as below:

Click to enlarge

Click to enlarge

  • No labels