...
Further, using our DevOps plugins, the DevOps platform will provide the SCM integration, and Static Reviewer or Security Reviewer Software Composition Analysis will integrate them using standard DevOps pipelines.
ALM Process
ALM feature guarantees the integration between Static Reviewer and:
Package Managers: Anaconda, Ant, Cargo, Cocoapods, PHP Composer, Docker, GOdep, GOmod, Gradle, Maven, NPM, NuGet, PackRat, pip, RubyGEM, sbt, Swift Package Manager
Software Configuration
...
The SCM platform can be selected and configured inside your ALM (Application Lifecycle Management) as follows:
...
ALM Integration
SCM configuration can be detailed:
...
ALM Schedule
Once configurated, the SCM will become a task to be scheduled in your ALM workflow:
...
Management: GIT, SubVersion, CVS, Microsoft TFS, IBM RTC, Micro Focus PVCS, Nexus, CA Harvest
Build Managers: Ant, Maven, Gradle
Third-party tools: 7Zip, wget, etc.
ALM is an executable process with the scope of retrieving the source code as well as all necessary dependencies for obtaining a zip file to be analyzed by Static Reviewer.
Such process must start with retrieving the source and could end with zipping. Static Reviewer needs a zip file when the analysis is launched from Team Reviewer, and instead needs a folder with unzipped source code and dependencies when the analysis is launched from command line.
For describing the process, you must use the following Simplified BPEL Executable Processes XML:
...
PROCESS section gives the process a description (DES)
APPLICATION section associated the process to an Application Name, an Application Version and a Working SubDirectory
EXECUTABLES section lists all executables involved in the process with a Name, a Description, an Executable path (optional, useful for Windows only), the needed Environment Variables (EnvVar, EnvironmentVariables), the Command involving the executable and a Note. Further, a Progressive number indicates the sequence on which it will be executed (1 means it will be executed first) and the Condition
-- means no condition. The command will be executed anyway.
OnFailure: the command will be executed only in case the previous executable failed.
OnFailureExit: the command will be executed only in case the previous executable failed. Once command is terminated, the process will exit.
OnSuccess: the command will be executed only in case the previous executable terminated successfully.
Static Reviewer will transform this simplified XML in BPEL Executable Processes format and execute it.
Any other task type, further than SCM, can be configured in the ALM workflow, including:
Ant, Maven, Gradle, BuildForge, SBT and other Software Composition Analysis
BitBucket, Mercurial and other Static Reviewer
Static Analysis results publication to Jenkins, Bamboo or to supported Dashboards
Bugtracking sites, like JIRA, BugZilla or others
For each task a success criteria can be defined as different return status, like OnSuccess or OnFailure, in order to navigate the workflow.
...