The CAST Admin is responsible for validating the source code delivered by the Delivery Manager(s) before accepting the delivery and proceeding with the configuration and execution of the analysis.
Why is it important?
- avoid time consuming rework and delay due to incomplete delivery
- improve accuracy of analysis
- ensure consistency with analysis scope (application boundary)
The following key tasks are involved in this step:
Typically issues at this stage are due to missing files and other deficiencies that result in an incomplete delivery. Resolution includes either a request for the missing component or the decision (wherever possible) to proceed with a redefined analysis boundary that excludes the undelivered components.
There are significant differences in the delivery validation depending on whether the validation pertains to a first time delivery during an application on-boarding or to delivery of a new version of the source code of an application previously on-boarded.
Where you are undertaking an application reanalysis, the delivery validation can often be limited to inspecting the CAST Delivery Manager Tool delivery log (see Reviewing the Delivery Log below). Examining the delta between two deliveries can help to assess if the changes are expected or are "reasonable" and therefore do not require a partial or full re-qualification and a new on-boarding of the application.
During the an initial application on-boarding, the review and acceptance of the source code delivery requires a more in depth assessment against what is discovered during the Application qualification step.
Reviewing the Delivery Log
This step involves reviewing the package log and any warnings that may be displayed. You can access the log in one of two ways:
Via the CAST Management Studio
Launching the CAST Delivery Manager Tool from the CAST Management Studio (Application editor) and inspecting the content of EACH package that has been delivered:
Launch the DMT using the above icon
Accessing the Log Viewer from the Package Content tab in the DMT
Using the CastLog2Viewer.exe
Using the command line based CastLog2Viewer.exe to directly examine each log file individually: CASTLog2Viewer.exe is provided in the DeliveryManagerTool folder at the root of your CAST installation folder:
- Open a Windows command prompt and change directory to the location of the CASTLog2Viewer.exe
- Use the following syntax to view the CastLog2 files generated during the source code packaging process executed by your Delivery Manager(s):
- CastLog2 files generated during the source code packaging process are stored in the Delivery folder, for example:
- Running the command line will open the CAST Log Viewer:
Review file catalog and alerts
You can also use the DMT (Package Content tab) to view information about the projects that have been identified, the alerts that have been generated and the files that have been found:
Please see the CAST Delivery Manager Tool help (tap F1 in any location in the DMT to open the help) for more information about the information provided in the Package Content tab.
During an application on-boarding, the validation steps include cross validation of the Package Content report with information gathered during the pre-analysis step via the 1.3. Application Qualification process and then reviewing any warning, error or alert raised.
It is important to note here that the DMT, in the current version, only provides a simple list of what has been extracted and included in the package. The inspection of this list may trigger the need for further analysis of the delivered source code and in some cases the need for pre-processing it before analysis (see).
Accepting/Rejecting the delivery
When any issue is detected and/or unresolved questions are raised, the analysis process should be halted as the delivery cannot be accepted until these issues are fully resolved. The CAST AI Admin should therefore reject the delivery in the CAST Management Studio:
When the delivery is rejected, the CAST Management Studio does not automatically notify the Delivery Manager(s) of the rejection. Moreover there is no justification why this has occurred. Thus while the Delivery Manager can discover that a prior delivery has been rejected by reopening the DMT and noting the change in status of the prior delivery, they will not know why this has been rejected by the CAST AI Admin.
CAST recommends that when a delivery is rejected, the CAST AI Admin notifies (via email) the Delivery Manager of the rejection, providing a reason and possible remediation actions that may be required before a a new delivery.
Accepting the delivery is a two step process that results in the transfer and de-archiving of the delivered package(s) into the Deployment folder (see Window > Preferences > Platform Settings in the CAST Management Studio):
- Accept the delivery
- Set the delivered version as the current version
- You will be able to directly inspect the code only after the deployment steps are completed.
By default the Deployment Path points to the Deployment folder configured in the CAST Management Studio (Window > Preferences > Platform Settings), however you are free to to choose any location you require. CAST recommends using the default suggestion to ease future source code deployment.
Note that if, for any reason, the delivery is rejected following the deployment of the delivered package, the folders created as a result of the package deployment will not be removed from the Deployment folder until a new delivery of the application is completed.
Please also refer to Set-up a file repository for your analysis data for more information.