You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

In this section:

Introduction

Parasoft Multi-Language Pack is a collection of extensions that enable you to integrate your third-party code analysis tools with Parasoft DTP. The Multi-Language Pack performs the following actions:

  1. Processes the result file output from your open-source static analysis tool.
  2. Generates reports showing violations and severities for the code authors.
  3. Sends the data to Parasoft DTP.

DTP presents the data in widgets, reports, and other interfaces that enable you to prioritize violations, place them into remediation workflows, and monitor progress toward improving the code quality. Benefits of using the Multi-Language Pack include:

  • Ability to collect and review reports from open source tools in a centralized interface
  • Ability to prioritize and triage violations according to your organization's development policy
  • Ability to associate code authorship with violations
  • Ability to email reports directly to development team members
  • Ability to generate reports for quality purposes

The following third-party analysis tools are currently supported:

  • Android Lint (includes Kotlin language analysis)
  • ESLint
  • GoReporter
  • JSHint
  • OCLint
  • PHPMD
  • PMD (includes Apex language analysis)
  • Pylint
  • RuboCop
  • Scalastyle
  • SonarQube
  • SwiftLint
  • TSLint

Requirements

  • Java Runtime 11
  • X-Server access (Linux only). The DISPLAY variable must be set and access control must be disabled for the xhost command (run xtest +). This is required to ensure that overview images in HTML reports display correctly.
  • A valid license for Parasoft Multi-Language Pack added to your DTP License Server. See Adding and Managing Licenses in the DTP documentation for instructions. 
  • See the requirements for individual third-party analysis extensions for additional information.

Deployment

Extract the Multi-Language Pack distribution to a directory that is accessible to non-administrator users. Some extractor tools, such as the default Windows and MacOS extractors, will create a directory that contains all Multi-Language Pack files. We recommend creating an installation home directory if your tool does not automatically create a directory to hold the extracted files.   

If you must install the pack into an admin-only directory (e.g., /opt/multi-language), you will need to create additional subdirectories and apply appropriate permissions: 

  1. Change the permissions for the <INSTALL>/etc/configEquniox directory to give non-admin users write access.
  2. Create a .mlp  directory in the Multi-Language Pack installation directory (i.e., <INSTALL>./mlp) and give non-admin users write access. This is where log files will be saved.
  3. Create a reports directory in the Multi-Language Pack installation directory (i.e., <INSTALL>/reports) and give non-admin users write access. This is where the pack will save reports it generates. 

Licensing and Configuration

You can license and configure the Multi-Language Pack by configuring the settings in the the settings.properties file located in the installation directory.

Setting the License

You can set either a network or local license.

Network License

The network license is retrieved from Parasoft DTP.  See Multi-Language Pack 2022.2 information on how to connect to Parasoft DTP.

Local License

The local license password is provided by your Parasoft representative. To use a local license, edit the settings.properties file located in the installation directory and specify the following properties:

mlp.license.use_network=false
mlp.license.local.password=<license-password>

Connecting to DTP

Configure your DTP settings to acquire a license and to send code analysis execution results to DTP. Specify the following settings in the settings.properties file located in the installation directory:

dtp.server

Specifies the host name of the DTP server.

dtp.port

Specifies the DTP port number. Default is 8443.

dtp.user

Specifies the user name for DTP authentication.

dtp.password

Specifies the user password for DTP authentication. You can encode your DTP password by running the multilanguage-pack.sh or .bat with the encodepass parameter. For example:

./multilanguage-pack.sh -encodepass mypassword

dtp.project

Specifies the name of the existing DTP project that you want to link to. This setting is optional for running the Multi-Language Pack, but required if you want to view results in DTP.

Example:

dtp.server=myhost
dtp.port=8443
dtp.user=admin
dtp.password=admin
dtp.project=my_project

See Additional Configuration for more configuration options.

Connecting to Source Control (Optional)

Connecting to source control allows you to leverage the Multi-Language Pack to determine the authors of reported violations. With source control settings properly configured, the Multi-Language Pack can query for authors of the code lines where defects were detected by the static code analyzers.

To connect to source control, specify your source control system-specific settings in the settings.properties file located in the Multi-Language Pack installation directory. See Additional Settings for the list of source control settings. 

The following example shows the settings required to connect to Git:

settings.properties
scontrol.rep.type=git
scontrol.rep.git.url=https://mygit.mycompanycom/myrepo/myrepo.git
scontrol.rep.git.branch=master
scontrol.rep.git.workspace=c:\\development\\workspace\\JavaScript\\myrepo

Shallow Clones

If you are going to retrieve authorship information from Git, the cloned repository should not be shallow. A Git repository is considered shallow if the file .git/shallow exists. Git may not accurately produce authorship data when checking out shallow clones from a repository. You should check out full clones to retrieve accurate authorship information.

Usage

  1. If you have not already done so, execute your third-party analysis tool. 
  2. Open a command prompt and navigate to the Multi-Language Pack installation directory.
  3. Execute the .BAT or .SH script with the necessary parameters all on one line:
multilanguage-pack.bat -tool <tool> -results.file "<path to analysis results file>" -source.dir "<path to source code>"

Internal technical log files from the Multi-Language Pack execution are generated in the <INSTALL>/.mlp subdirectory.

Required Parameters

The following parameters are required.

tool

This parameter specifies the third-party code analysis tools you want to execute. One of the following values is required:

  • androidlint
  • goreporter
  • jshint
  • oclint
  • phpmpd
  • pmd
  • pylint
  • rubocop
  • scalastyle
  • sonarqube
  • swiftlint
  • tslint

results.file

This parameter specifies the path to the results file generated by the third-party analysis tool. 

source.dir

This parameter specifies the path to the source code of the project analyzed by third-party code analysis tools. This is used to collect source control metadata (e.g., authorship, last updated, etc.) for DTP reporting and processing.

Optional Parameters

The following parameters are not required.

settings

By default, the Multi-Language Pack will reference to the settings.properties file in the installation directory, but you can use this setting to point to alternate configuration files. Example:

settings=C:\my-team-configs\my-settings.properties

Example

./multilanguage-pack.sh -tool scalastyle -results.file "/Projects/MyProject/scalastyle-results.xml" -source.dir "/Projects/MyProject/src"

Viewing Results

After executing the Multi-Language Pack, results are output in two ways:

 You can also configure the Multi-Language Pack to email reports to project team members (see Report Settings).

HTML Reports

The local HTML report (and XML data that feeds the report) are saved to the <INSTALL>/reports directory after execution. The following sections are included in the report by default.

Header

Findings

The first part of the report covers the static analysis findings. A finding is a static analysis violation originally detected by the third-party static analysis tool (JSHint, Scalastyle, etc.) and processed by the Multi-Language Pack to include code authorship metadata.

Findings are displayed in the report as a color-coded pie chart indicating different severity types. Different analysis tools have different systems for assigning severities to violations. In many instances, all violations may be assigned to single severity, such as Severity 3, by default. You can change the severities associated with specific code analysis rules to meet your development objectives. See Customizing Rule Details and Metadata for details. 

Static Analysis Details

This section presents findings from several perspectives, including findings by severity, author, and file. 

You can navigate the analyzed code to the reported findings in the Findings by File section. Each node begins with a value that indicates the total number of findings in the node. The value in brackets shows the number of suppressed rules in the node. You can click nodes marked with a plus sign (+) to expand them. 

Setup and Test Parameters

The setup problems section reports errors that may have affected execution and/or data collection. The test parameters section outputs the full command used to run the Multi-Language Pack.

Viewing Results in DTP

Open a dashboard in DTP and choose a filter associated with your project from the Filter drop-down menu. A filter named after the project is added to each project in DTP by default. If your DTP administrator has not set up filters, then your filter will be Project Name> Project Name. See Multi-Language Pack 2022.2 for information on connecting to your project.  

You may also need to select the correct build ID form the Target Build drop-down menu. This will only be necessary if there are several build IDs associated with the project. Refer to DTP Concepts in the DTP documentation for background information about build IDs, filters, and other concepts associated with DTP.

If your dashboard already has static analysis widgets configured to view data according to the dashboard settings, then you will see the results.

You can also click on widgets to open additional interfaces, such as the Violations Explorer to prioritize violations, assign them to team members for remediation, and more.

Refer to the DTP documentation for details on using the features in DTP.

  • No labels