On this page:
Summary: This section describes how to package, deliver and analyze your .NET application source code using the CAST Delivery Manager Tool.
Packaging and delivering your source code
Once the extension is installed, no further configuration changes are required before you can package your source code and run an analysis. The process of packaging and delivering your source code is as follows:
You can refer to the existing official CAST AIP documentation for more information about the CAST Delivery Manager Tool packaging and delivery process - see: .NET Analyzer - Packaging, delivering and analyzing your source code.
What you should package?
When creating packages to discover and extract your .NET application you should create them as follows:
Package | Package name/type | Mandatory? | Location/path | Notes |
---|---|---|---|---|
1 | Source code | Source code root folder | Use the "Files on your file system" / SVN / TFS options in the CAST Delivery Manager Tool: Click to enlarge | |
2 | External assemblies (third party DLL) | If required, one package per vendor. | N/A: depends on the third party | Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool: Click to enlarge When to create this package This package should only be created when your application uses third party assemblies. |
3 | .NET framework (system assemblies) | C:\Windows\Microsoft.NET\Framework64\<use the version used by your projects> | Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool: Click to enlarge If "C:\Windows\Microsoft.NET\Framework64\<use the version used by your projects>" is NOT available on the machine, please use the most recent framework installed on the machine instead: "C:\Windows\Microsoft.NET\Framework64\<use the most recent>". Unlike in previous releases of CAST AIP, the .NET analyzer no longer tries to extract the .NET framework assemblies during the analysis: this is why a specific package for external assemblies must be created in the CAST Delivery Manager Tool. If this package is not created and delivered, the .NET analyzer will skip all projects having a dependency to .NET assemblies, leading to incomplete analysis results. | |
4 | Custom assemblies | If required (typically when there are unresolved alerts) | Source code root folder (or "bin" sub-folder) | Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool: Click to enlarge When to create this package
|
Information extracted during the packaging
C# and VB.NET
- Source files and their associated BuildAction (e.g. Compile, Content, EmbeddedResource, None, etc) - benefit: no longer rely on extensions to know which files to compile
- Assembly name (can be different from the project name)
- .NET framework version
- Compilation constants, including their values for VB.NET
C# specific
- Default namespace (the default namespace to be used when creating new files; will be used when processing .xsd files)
- Option "Allow unsafe code"
VB.NET specific
- Root namespace (the default namespace to be used instead of the global namespace)
- Option explicit (On / Off)
- Option strict (On / Off)
- Option infer (On / Off)
- Imported namespaces (namespaces that are automatically imported by each file in the project)
Discovery and extraction
Discovery is a process whereby the CAST Delivery Manager Tool will attempt to automatically identify projects within your application using a set of predefined rules. When the Package action is complete, you can view the projects that have been identified in the Package Content tab.
When a successfully Packaged application is subsequently deployed in the CAST Management Studio, an Analysis Unit will be created for each project that has been identified during the Discovery process and is not excluded by a rule or filter. For .NET source code, the following is supported:
C#/VB.NET project support | Configures one project for each Microsoft Visual Studio C# project (*.csproj file) or VB.NET project (*.vbproj file) identified. |
---|---|
C#/VB.NET Web Site support | Configures one project for each Microsoft Visual Studio C#/VB.NET Web Site identified. In order to be identified as a Web Site project, the root folder must contain a web.config file. If a .csproj or .vbproj file is found in a sub-folder of the root Web Site project folder, a corresponding C# or VB.NET project will be created and the sub-folder will not be included in the Web Site delivery. |
Note that an exclusion rule is active by default, which will force basic .NET web site projects to be discovered but ignored when a full .NET project exists:
When using the extension ≤ 1.0.x with CAST AIP ≥ 8.3.5
When using the the .NET Analyzer ≤ 1.0.x with CAST AIP ≥ 8.3.5 and if your source code contains .NET Core 2.0 / .NET Standard 2.0 projects, then these projects will be discovered during the packaging in the CAST Delivery Manager Tool. This is due to a change in the existing .NET discoverers for the .NET Analyzer that are embedded in the CAST Delivery Manager Tool. These discoverers have been modified in CAST AIP ≥ 8.3.5 to take into account .NET Core 2.0 / .NET Standard 2.0 projects in preparation for .NET Core 2.0 /.NET Standard 2.0 analysis support in the forthcoming version 1.1.x of the .NET Analyzer.
What constitutes a .NET Core 2.0 / .NET Standard 2.0 project?
The CAST Delivery Manager Tool will discover .NET Core 2.0 / .NET Standard 2.0 projects when the .csproj or .vbproj files contains the following:
<Project sdk=""> ... </Project>
All source code in the root folder (and any sub-folders) selected for the package will be included in the project.
Analysis of . NET Core 2.0 / .NET Standard 2.0 projects when using the extension ≤ 1.0.x
Analysis of these projects/Analysis Units will be successful (i.e. no errors), however, the analysis will be incomplete:
- There will be no links to the .NET Core 2.0 / .NET Standard 2.0 framework
- No client server/links links
- Frameworks are not handled
- Some Rule may produce false negatives
Using the CAST Delivery Manager Tool
- create a new Version
- create a new Packages for your .NET application source code / assemblies using the appropriate options (as explained in What you should package?)
- define the location settings (root folder, assembly location, SVN/TFS details) of your Application source code in each package
- Run the Package action (click to enlarge) on the entire version:
- On completion, check the following:
What to check | Description |
---|---|
Package Content tab for your .NET source code package | The Package Content tab for your .NET source code package to see how the CAST Delivery Manager Tool has discovered and interpreted your .NET application. You need to pay particular attention to the following items:
Click to enlarge: |
Package Alert tab for your .NET source code package | The Package Alert tab for your .NET source code package indicates whether any alerts have been found during the packaging process. Alerts generally indicate that the source code package is incomplete, that there is a configuration issue or simply that there is something wrong in the source code. If these alerts are not dealt with and the Version is delivered, then there is a risk that the source code analysis executed in the CAST Management Studio will be erroneous or may not even complete. It is up to you as the Delivery Manager to manage these alerts. Initially, you should always attempt to remediate alerts using the following methods:
If you still have alerts after performing the above actions, you may need to use an ignore action or remediate them manually. |
Delivery Report | Use the View delivery report to check the delivery at a global level. This option will generate an XML based report that can easily be exported and lists all items in the delivery, for example:
The report will open with the default application assigned to open XML files. The report will only contain information once the Package action has been run. |
- When you are happy that the extraction accurately reflects your .NET application source code, deliver the Version:
Analyzing your source code
Using the CAST Management Studio:
- Accept and deploy the Version in the CAST Management Studio. Any projects that were discovered in the CAST Delivery Manager Tool will be transformed into Analysis Units:
- You should now check and edit (if necessary) the default automated analysis configuration settings that have been set for you during the package deployment. See .NET Analyzer - Packaging, delivering and analyzing your source code.
When you are satisfied that you have configured your analysis correctly, we suggest that you run a test analysis at Application level before you generate a new snapshot (no results will be saved to the CAST Analysis Service):
- On completion, you should check the test analysis log file and then clear up any warning or error messages that have been returned by reconfiguring the analysis - see .NET Analyzer - Packaging, delivering and analyzing your source code messages for more information about log messages:
- When all issues and problems have been resolved, you can then use the Run Analysis only option to perform an analysis AND save the results in the CAST Analysis Service: