Versions Compared

Old Version 10

changes.mady.by.user Marco Security

Saved on

compared with

New Version 11

changes.mady.by.user Marco Security

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Developer’s Artifacts typically involved in COBOL programming are COBOL sources, COPYBOOKS, DCLGEN, MAP and JCL.  Security Reviewer analyzes the source code of a group of programs selected by the userthem all.

Table of Contents
minLevel1
maxLevel7

...

Normally you should download your source code yourself and analyse it manually. Security Reviewer will help you on automating it. Security Reviewer ALM can download your source code from DEV, QA/Stage or PROD Environments at the push of a button, through integration with Broadcom CA-AllFusion Endevor CM (Mainframe) and AllFusion Harvest SCM (UNIXWindows, Linux or Windows)

...

It also integrates with GIT, SVN, Microsoft TFS, IBM Rational Team Concert, Micro Focus PVCS and CVS (UNIXWindows, Linux or Windows). It provides :

...

a

...

.

...

NET Core Command Line:

...

a multi-platform (Windows, Linux) simple-syntax command line for being launched or scheduled in your AllFusion Harvest Workbench or into your preferred IDE, as an external command. That can be useful for integrating Security Reviewer’s Static Analysis in your Development Life Cycle.

COBOL Options

Security Reviewer supports most of COBOL Language platforms:

...

  • Statement Length: 88, 132 or free format

  • Consider the Working Storage as Untrusted

  • Allow/Disallow CICS System Programming

  • COPYBOOKS folder location

SQL Dialects

Different SQL Dialects are supported for COBOL:

...

Rules for each SQL Dialect will be applied differently.

Further, suppose you have a Java Front End and a COBOL Back End. Security Reviewer can analyse the whole source code simultaneusly, applying different rules for each programming language, and giving a single Result and Report.

...

Once the analysis is terminated, you can view and manage the results. You can mark some vulnerabilities as False Positive, Suppress Vulnerabilities, and you can add Notes or change the Vulnerability’ Status.

...

Dead code - Best Practices

The same you can do for Dead Code, Best Practices, and Resilience.

...

Reports

Our reporting system provides a bunch of options:

...

Security Reviewer provides a Quality feature, 100% compatible with McCabe IQ, able to calculate COBOL Software Quality Metrics, and focused to manage COBOL Programs on a Quality point-of-view as well as some significant Performance issue. COBOL metrics are automatically calculated, such as: LOC, SLOC, Cyclomatic Complexity, Essential Complexity, Developer Effort, Comment Ratio, #Subroutines, #Parameters, SQL Quality, etc.

...