This tutorial describes how the Static Analysis vs Coverage example flow gathers newly-introduced violations and correlates them with the coverage data in the same resource. Violations are prioritized to reflect their potential risk based on the coverage data and a configurable coverage threshold. The Risk/Impact for the violations will be set to one of the following values:
| Extreme | File has no coverage |
|---|---|
| High | File has low coverage (coverage under the specified threshold) |
| Low | File has acceptable coverage (coverage at or below the specified threshold) |
In this tutorial:
DTP REST API In Use
- GET /v1.2/staticAnalysisViolations
- POST /v1.4/staticAnalysisViolations/metadata
- GET /v1.4/metadata/priority
Requirements
- DTP and Extension Designer must be configured correctly. See Server Settings.
- The Violation Events flow must be deployed to the service. See About the Violations Event Flow.
- DTP should have collected test coverage data from a Parasoft code analysis and test execution tool (i.e., C/C++test, dotTEST, or Jtest).
- Static Analysis data should sent as new violations after the example is deployed.
About the Violations Event Flow
This example uses the Violations Event, which is a common utility flow shipped with Extension Designer. This flow is used to subscribe to events related to new or fixed static analysis violations sent into DTP. Choose Import > Library > Common > Violation Events to deploy the flow to the service.
Setting Up the Examples
- Click on a an existing service or create a new service in Extension Designer (see Working with Services).
- Create a new flow (see Working with Flows) and choose Import> Library> Examples> Static Analysis vs Coverage from the Extension Designer menu to import the Static Analysis vs Coverage flow.
- Click Deploy.
- Send new static analysis violations data to DTP (see the Parasoft tool documentation). The violations should be for the same project that contains the coverage data.
Configuring the File Coverage Threshold
Double-click the Set the file coverage threshold node. The coverage threshold is defined the the Rules section of the node. By default it is set to 30.0, which represents a file coverage threshold of 30.0%.
Filtering Violations for Applying the Coverage Calculation
Double-click the Filter and group violations node and review the JavaScript. By default, violations related to code formatting are removed from the calculation. This is to avoid raising the Risk/Impact on violations that may not necessarily pose a significant risk compared to resource leaks, null pointer exceptions, and similar types of violations.
You can apply additional filtering strategies to further refine the violations you want to apply coverage risk analysis to. Filtering can also be removed so that all the new violations are subject to coverage risk calculation.
After the module coverage data has been obtained and the violations are filtered, the violations are grouped by projectResourcePath. This parameter represents the file containing the violation. For each set of violations, file coverage for the projectResourcePath is obtained and the set of violations is passed to a DTP REST API node so that the Risk/Impact can be set for the entire set of violations.
