Introduction
The AIP Super Operator is responsible for validating the source code delivered before accepting the version and proceeding with the configuration and execution of the analysis.
Why is it important?
- avoid time consuming rework and delay due to incomplete delivery
- improve accuracy of analysis
- ensure consistency with analysis scope (application boundary)
Typically issues at this stage are due to missing files and other deficiencies that result in an incomplete source code delivery. Resolution includes either a request for the missing component or the decision (wherever possible) to proceed with a redefined analysis boundary that excludes the undelivered components.
There are significant differences in the validation process depending on whether the validation pertains to a first time delivery during a new application on-boarding or to a delivery of a new version of the source code of an application previously on-boarded (rescan). Where you are undertaking an application "rescan", the delivery validation can often be limited to inspecting the log. Examining the delta between two deliveries can help to assess if the changes are expected or are "reasonable" and therefore do not require a partial or full re-qualification and a new on-boarding of the application.
Checks
Check execution message
When all actions have been completed, you should check the Progress window for a "success" message. A success message indicates that the steps have been processed correctly and completed without error. Any other message means that the version has not been added correctly and you should investigate why this is using the logs. Even if you have a "success" message, CAST highly recommends that you also investigate the logs to check for warning messages.
Success | |
---|---|
Error | If some steps have failed or there are errors, the status message will indicate this: |
Stopped | If you manually stop the process the status will also indicate this: |
Note that if the Progress window is not visible, you can access it by clicking the View last action outcome option in the AIP Console window:
Check status
You should ensure that the status of the version is set to Delivered in the Version Management screen:
Check logs
To check the logs, you can click the View log option in the Progress window for each individual step that has been actioned:
Click to enlarge
The log will be displayed in Summary mode:
Click to enlarge
Switch to Content mode to view the actual log file:
Click to enlarge
Logs can be downloaded to file using the download button while in Content mode:
Click to enlarge
- See AIP Console - Logging mechanisms for more information.
- You can also use the Log Console at Application level to view all logs.
Check source code organization details
Move to the AIP Console screen if you are not already there:
Scroll to the Overview > Source code organization section. The displayed diagram is based on an initial evaluation of the content of your source code delivery and this should be used only to help you validate the delivery.
Check version reports (deliver alerts) and exclusions
To check what has actually been delivered in the version and what has been excluded from analysis, use the Version details page. Move to the AIP Console screen if you are not already there:
Click the Versions icon in the left panel to access the Application - Versions page:
Click the version in the list that you have just delivered and check the reports (this includes information about the files that have been delivered in the source code ZIP file and any delivery alerts that may have been raised). For example:
Click to enlarge
Check extensions
Extensions are automatically installed for EVERY single source code Version you deliver - this means that each Version will have a specific set of extensions enabled and installed, tailored to the source code that needs to be analyzed. AIP Console will also automatically install extensions it thinks are required, based on the initial "scan" of the source code uploaded in the ZIP file. You should therefore check to ensure that all the extensions you require are installed using the Included tab in the Application - Extensions screen. If you think additional extensions are required, use the Available tab to add more:
Accepting/Rejecting the delivery
Rejection
When any issue is detected and/or unresolved questions are raised, the analysis process should be halted as the delivery cannot be accepted until these issues are fully resolved. The AIP Super Operator should therefore reject the delivery using the Version details page:
Click to enlarge
When the delivery is rejected, AIP Console does not automatically notify all those involved of the rejection (notifications can be enabled on a per-user basis, see AIP Console - User Profile options). Moreover there is no justification as to why this has occurred. CAST therefore recommends that when a delivery is rejected, the AIP Super Operator notifies (via email) any others involved in the version delivery about the rejection, providing a reason and possible remediation actions that may be required before a a new delivery.
Acceptance
Accepting the delivery is a two step process that results in the transfer of the delivered source code into the Deployment folder, and sets the version as "current", ready for analysis. Use the Version details page to first accept the version:
Click to enlarge
Ensure this action is successful and that the version's status changes to Accepted:
Click to enlarge
Then set the version as current (i.e. will be used for any subsequent analysis):
Again ensure that the action is successful (the status will remain at Accepted) and that the green icon is displayed for the version indicating that it is now "current":
Note that:
- The Accept and Set as current version actions can be run together using just the Set as current version action, which also includes Accept (see Version details page).
- If for any reason, the delivery is rejected following the set as current version, the source code will not be removed from the Deployment folder until a new version is delivered and accepted/set as current version.