SCM Integration
Static Reviewer provides a native Software Configuration Management (SCM) Integration with the following platforms:
GIT
SubVersion (SVN)
Concurrent Versions System (CVS)
Ibm Rational Team Concert (RTC)
Micro Focus PVCS
Other SCM platforms can used in Static Reviewer. This can be done directly from inside the tool, using the ALM Integration feature.
Further, using our DevOps plugins, the DevOps platform will provide the SCM integration, and Static Reviewer or Security Reviewer Software Composition Analysis will integrate them using standard DevOps pipelines.
ALM Process
ALM feature guarantees the integration between Static Reviewer and:
Package Managers: Anaconda, Ant, Cargo, Cocoapods, PHP Composer, Docker, GOdep, GOmod, Gradle, Maven, NPM, NuGet, PackRat, pip, RubyGEM, sbt, Swift Package Manager
Software Configuration Management: GIT, SubVersion, CVS, Microsoft TFS, IBM RTC, Micro Focus PVCS, Nexus, CA Harvest
Build Managers: Ant, Maven, Gradle
Third-party tools: 7Zip, wget, etc.
ALM is an executable process with the scope of retrieving the source code as well as all necessary dependencies for obtaining a zip file to be analyzed by Static Reviewer.
Such process must start with retrieving the source and could end with zipping. Static Reviewer needs a zip file when the analysis is launched from Team Reviewer, and instead needs a folder with unzipped source code and dependencies when the analysis is launched from command line.
For describing the process, you must use the following Simplified BPEL Executable Processes XML:
PROCESS section gives the process a description (DES)
APPLICATION section associated the process to an Application Name, an Application Version and a Working SubDirectory
EXECUTABLES section lists all executables involved in the process with a Name, a Description, an Executable path (optional, useful for Windows only), the needed Environment Variables (EnvVar, EnvironmentVariables), the Command involving the executable and a Note. Further, a Progressive number indicates the sequence on which it will be executed (1 means it will be executed first) and the Condition
-- means no condition. The command will be executed anyway.
OnFailure: the command will be executed only in case the previous executable failed.
OnFailureExit: the command will be executed only in case the previous executable failed. Once command is terminated, the process will exit.
OnSuccess:Â the command will be executed only in case the previous executable terminated successfully.
Static Reviewer will transform this simplified XML in BPEL Executable Processes format and execute it.
Any other task type, further than SCM, can be configured in the ALM workflow, including:
Ant, Maven, Gradle, BuildForge, SBT and other Software Composition Analysis | SoftwareCompositionAnalysis packagesPackageManagers
BitBucket, Mercurial and other Static Reviewer | StaticReviewer SCMIntegrations
Static Analysis results publication to Jenkins, Bamboo or to supported Dashboards
Bugtracking sites, like JIRA, BugZilla or others
Â
Â
COPYRIGHT (C) 2015-2024 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.