Page tree
Skip to end of metadata
Go to start of metadata

Error rendering macro 'redirect'

Invalid URL: "TECHNOS:.NET - Packaging, delivering and analyzing your source code". Please provide a valid URL to redirect to.

On this page:

Summary: This section describes how to package, deliver and analyze your .NET application source code using the CAST Delivery Manager Tool.

Packaging and delivering your source code

Once the extension is installed, no further configuration changes are required before you can package your source code and run an analysis. The process of packaging and delivering your source code is as follows:

What you should package?

When creating packages to discover and extract your .NET application you should create them as follows:

Package

Package name/type

Mandatory?

Location/path

Notes

1

Source code

(tick)

Source code root folder

Use the "Files on your file system" / SVN / TFS options in the CAST Delivery Manager Tool:

Click to enlarge

2

External assemblies (third party DLL)

If required, one package per vendor.

N/A: depends on the third party

Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool:

Click to enlarge

When to create this package

This package should only be created when your application uses third party assemblies.

3

.NET framework (system assemblies)

(tick)

C:\Windows\Microsoft.NET\Framework64\<use the version used by your projects>

Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool:

Click to enlarge

If "C:\Windows\Microsoft.NET\Framework64\<use the version used by your projects>" is NOT available on the machine, please use the most recent framework installed on the machine instead: "C:\Windows\Microsoft.NET\Framework64\<use the most recent>".

Unlike in previous releases of CAST AIP, the .NET analyzer no longer tries to extract the .NET framework assemblies during the analysis: this is why a specific package for external assemblies must be created in the CAST Delivery Manager Tool. If this package is not created and delivered, the .NET analyzer will skip all projects having a dependency to .NET assemblies, leading to incomplete analysis results.

4

Custom assemblies 

If required (typically when there are unresolved alerts)

Source code root folder (or "bin" sub-folder)

Use the "Automated extraction of .NET assemblies on your file system" option in the CAST Delivery Manager Tool:

Click to enlarge

When to create this package

  • When the custom assemblies are stored in the correct location as specified in the project definition, then package #1 will retrieve them. In this case no alert will be raised by the CAST Delivery Manager Tool about missing assemblies, so in this case, there is no need to create package #4.
  • When the custom assemblies are not stored in the correct location as specified in the project definition, then package #1 will not be able to retrieve them. "Missing assemblies" alerts will be raised for package #1, so the creation of package #4 for custom assemblies located either in the source code root folder or in the "bin" sub-folder is required to clear these alerts.

Information extracted during the packaging

C# and VB.NET

  • Source files and their associated BuildAction (e.g. Compile, Content, EmbeddedResource, None, etc) - benefit: no longer rely on extensions to know which files to compile
  • Assembly name (can be different from the project name)
  • .NET framework version
  • Compilation constants, including their values for VB.NET

C# specific

  • Default namespace (the default namespace to be used when creating new files; will be used when processing .xsd files)
  • Option "Allow unsafe code"

VB.NET specific

  • Root namespace (the default namespace to be used instead of the global namespace)
  • Option explicit (On / Off)
  • Option strict (On / Off)
  • Option infer (On / Off)
  • Imported namespaces (namespaces that are automatically imported by each file in the project)

Discovery and extraction

Discovery is a process whereby the CAST Delivery Manager Tool will attempt to automatically identify projects within your application using a set of predefined rules. When the Package action is complete, you can view the projects that have been identified in the Package Content tab.

When a successfully Packaged application is subsequently deployed in the CAST Management Studio, an Analysis Unit will be created for each project that has been identified during the Discovery process and is not excluded by a rule or filter. For .NET source code, the following is supported:

C#/VB.NET project supportConfigures one project for each Microsoft Visual Studio C# project (*.csproj file) or VB.NET project (*.vbproj file) identified.
C#/VB.NET Web Site support

Configures one project for each Microsoft Visual Studio C#/VB.NET Web Site identified. In order to be identified as a Web Site project, the root folder must contain a web.config file.

If a .csproj or .vbproj file is found in a sub-folder of the root Web Site project folder, a corresponding C# or VB.NET project will be created and the sub-folder will not be included in the Web Site delivery.

Note that an exclusion rule is active by default, which will force basic .NET web site projects to be discovered but ignored when a full .NET project exists:

When using the extension ≤ 1.0.x with CAST AIP ≥ 8.3.5

When using the the .NET Analyzer ≤ 1.0.x with CAST AIP ≥ 8.3.5 and if your source code contains .NET Core 2.0 / .NET Standard 2.0 projects, then these projects will be discovered during the packaging in the CAST Delivery Manager Tool. This is due to a change in the existing .NET discoverers for the .NET Analyzer that are embedded in the CAST Delivery Manager Tool. These discoverers have been modified in CAST AIP ≥ 8.3.5 to take into account .NET Core 2.0 / .NET Standard 2.0 projects in preparation for .NET Core 2.0 /.NET Standard 2.0 analysis support in the forthcoming version 1.1.x of the .NET Analyzer.

What constitutes a .NET Core 2.0 / .NET Standard 2.0 project?

The CAST Delivery Manager Tool will discover .NET Core 2.0 / .NET Standard 2.0 projects when the .csproj or .vbproj files contains the following:

<Project sdk="">
...
</Project>

All source code in the root folder (and any sub-folders) selected for the package will be included in the project.

Analysis of . NET Core 2.0 / .NET Standard 2.0 projects when using the extension ≤ 1.0.x

Analysis of these projects/Analysis Units will be successful (i.e. no errors), however, the analysis will be incomplete:

  • There will be no links to the .NET Core 2.0 / .NET Standard 2.0 framework
  • No client server/links links
  • Frameworks are not handled
  • Some Rule may produce false negatives

Using the CAST Delivery Manager Tool

  • create a new Version
  • create a new Packages for your .NET application source code / assemblies using the appropriate options (as explained in What you should package?)
  • define the location settings (root folder, assembly location, SVN/TFS details) of your Application source code in each package
  • Run the Package action (click to enlarge) on the entire version:

  • On completion, check the following:
What to checkDescription
Package Content tab for your .NET source code package

The Package Content tab for your .NET source code package to see how the CAST Delivery Manager Tool has discovered and interpreted your .NET application. You need to pay particular attention to the following items:

  • Content State: displays the current state of the source code - if any alerts are listed, then this means that the CAST Delivery Manager Tool was not able to find all the application's source code based on configuration files such as .vpproj or .csproj. See Package Alerts tab below.
  • Projects Found: all projects found that are listed as Selected will be transformed into an Analysis Unit in the CAST Management Studio when you deliver the source code. Any that are marked as Ignored will not be automatically transformed into Analysis Units

Click to enlarge:

Package Alert tab for your .NET source code packageThe Package Alert tab for your .NET source code package indicates whether any alerts have been found during the packaging process.

Alerts generally indicate that the source code package is incomplete, that there is a configuration issue or simply that there is something wrong in the source code. If these alerts are not dealt with and the Version is delivered, then there is a risk that the source code analysis executed in the CAST Management Studio will be erroneous or may not even complete.

It is up to you as the Delivery Manager to manage these alerts. Initially, you should always attempt to remediate alerts using the following methods:

  • by altering the source code package configuration (for example the root path defined in Package Configuration tab - Where is your source code? may be incorrect) and then repeating the Package action
  • by creating additional source code packages that target the missing projects, files and folders and then repeating the Package action
  • by altering your original source code and then repeating the Package action

If you still have alerts after performing the above actions, you may need to use an ignore action or remediate them manually.

Delivery Report

Use the View delivery report to check the delivery at a global level. This option will generate an XML based report that can easily be exported and lists all items in the delivery, for example:

  • Projects found
  • Alerts
  • etc.

The report will open with the default application assigned to open XML files. The report will only contain information once the Package action has been run.

  • When you are happy that the extraction accurately reflects your .NET application source code, deliver the Version:

Analyzing your source code

Using the CAST Management Studio:

  • Accept and deploy the Version in the CAST Management Studio. Any projects that were discovered in the CAST Delivery Manager Tool will be transformed into Analysis Units:

  • You should now check and edit (if necessary) the default automated analysis configuration settings that have been set for you during the package deployment. See .NET Analyzer - Packaging, delivering and analyzing your source code.
  • When you are satisfied that you have configured your analysis correctly, we suggest that you run a test analysis at Application level before you generate a new snapshot (no results will be saved to the CAST Analysis Service):

  • When all issues and problems have been resolved, you can then use the Run Analysis only option to perform an analysis AND save the results in the CAST Analysis Service:

  • No labels