Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2024.2

...

  • GET /v1.2/staticAnalysisViolations
  • POST /v1.4/staticAnalysisViolations/metadata
  • GET /v1.4/metadata/priority

Table of ContentsIn this section:

Table of Contents
maxLevel12

Requirements

  • DTP and Extension Designer must be configured correctly. See Server Settings.
  • DTP should have collected static analysis data from a Parasoft code analysis and test execution tool (C/C++test, dotTEST, or Jtest). 

Setting Up the Example

  1. Get the build ID for a static analysis execution. You can get the build ID from several interfaces in DTP, including from the dashboard:
  2. Click on an existing service or create a new service in Extension Designer (see Working with Services).
  3. Create a new flow (see Working with Flows) and choose Import from the Extension Designer menu.
  4. Click the Library tab and choose Examples > Static Analysis Prioritization.
  5. Click Import and drop the flow into the tab.
  6. Click Deploy and double click the set flow.buildID node.
  7. Enter the build ID value in the to field and click Done
    Anchor
    specify-build-id
    specify-build-id

  8. Deploy the updated flow to finish preparing the example.

...

If the info tab is hidden, choose View from the ellipses menu and enable the Show sidebar option.

Example 1 - Set Assignee

The nodes in Example #1 provide a method for assigner all retrieved violations to a new user. 

Retrieving Static Analysis Violations from DTP

The flow retrieves static analysis data via the /staticAnalysisViolation REST API provided by DTP. See Using DTP REST APIs for details.

...

Double-click the Get violations for Build node. This node is a DTP REST API node, which is a specific type of node for making requests to the DTP REST API (see Working with Nodes for all available nodes). The endpoint in the node points to /v1.2/staticAnalysisViolations?buildId={{payload}}. This node retrieves data based on the build ID specified when you set up the flow. It returns the static analysis violations payload to msg.staticAnalysis.

Processing Data from DTP to Set New Assignee

Double-click the Set the assigneeName function node. The node contains JavaScript that processes the violations and prepares for a new payload from the next REST API call.

...

Click on a violations dashboard widget in DTP to open the Violations Explorer. The widget should be configured to show the build ID specified in the set flow.buildID node. The Assigned to field for violations will be set to johndoe.

Example 2 - Set Priority

All logic flows in this example differ only in terms of preparation of the Prioritization payload.

...

 Lines 10 through 18 contain the JavaScript for setting the priority. In the example, priority is set to Critical for all violations passed.

Example 3 - Set Action

Double-click the Set the violationAction function node. 

...

This metadata can be customized and every DTP server may have different set of actions. Review the /metadata/violationAction API documentation for additional information. 

Example 4 - Set Risk/Impact 

This example is very similar to Example 2 - Set Priority and Example 3 - Set Action. In this example, all violations are classified as Extreme. Double-click the Find and set the classificationId function node and review the JavaScript.

Example 5 - Set Due Date

Double-click the Set the dueDate function node and review the JavaScript. The Moment JavaScript library is initialized in line 2. Moment is used in this example to get the date and time in a string. Moment is also used to calculate tomorrow's date as a string to set dueDate field.

Example 6 - Set Reference Number

Double-click the Set the referenceNumber function node and review the JavaScript. In this example, the referenceNumber field is set in the violation metadata.

...

The reference number could be used for the ID of external systems, such as JIRA and Bugzilla, for later use.

Example 7 - Add a Comment

Double-click the Set the comment function node and review the JavaScript. In this example, a comment is added to the violation.

...

Notice that comments are not part of the fields object. A comment is an additional property associated with the prioritize object.

Example 8 - Prioritize by Severity

This is an advanced example that demonstrates how you can group static analysis violations based on severity and process the violations accordingly. 

Double-click the Group violations and set relevant priorityId function node and review the JavaScript. Instead of returning an array from the msg array, the node.send() method is used to push a msg object to the next node asynchronously (see https://nodered.org/docs/writing-functions#sending-messages-asynchronously for additional information about sending messages asynchronously).

...