This topic explains how you can perform static analysis to identify code that does not comply with a preconfigured or customized set of static analysis rules. Sections include:
Static analysis is one of many technologies used to throughout the SDLC to help team members deliver secure, reliable, compliant SOA. Static analysis helps the team ensure that development activities satisfy the organization's expectations, ensuring interoperability and consistency across all SOA layers.
SOAtest can perform static analysis on both SOA artifacts and the Web interface.
For SOA, static analysis can be performed on individual artifacts (e.g., WSDL or XML files). It is also used as one of several components in a comprehensive SOA policy enforcement framework, which is discussed in SOA Quality Governance and Policy Enforcement.
For Web interfaces, SOAtest’s static analysis can perform an automated audit of Web interface content and structure, automatically scanning and analyzing a Web asset for accessibility, branding, intranet standards compliance, and consistency. It inspects and exposes issues that present potential risk to the proper functionality, usability, and accessibility of your Web-based applications.
It can cover an entire web UI or an individual component or module. Scan results are presented as actionable reports that identify erroneous objects—providing direct linkage to exposed issues for quick analysis and remediation.
The assessment analysis covers the following areas:
More specifically, to facilitate Web accessibility validation (Section 508, WAI, WCAG), SOAtest automatically identifies code that positively or possibly violates Section 508, WAI, and WCAG 2.0 Web accessibility guidelines. During its automated audit. the solution checks whether Web interfaces comply with core accessibility guidelines and helps you identify code and page elements that require further inspection and/or modification.
You can use the following procedure to perform static analysis on:
Any Web pages that are represented in SOAtest test suites within your project workspace (e.g., the Web pages that are accessed as SOAtest crawls your web UI or the Web pages that the browser downloads as web scenarios execute).
The general procedure for performing static analysis on one or more files in your project workspace is as follows:
The Scanning Perspective is designed to facilitate reviewing and retesting of resources scanned during static analysis.
To open the Scanning Perspective:
This perspective is similar to the SOAtest perspective, but has two additional features:
The Scanned Resources view will show the resources scanned by a Scanning tool. After a Scanning Tool has been run, you can select it in the Test Case Explorer, and the Scanned Resources Listing will show all items that have been scanned by that Scanning Tool.
You can right-click single files in that view, and choose to open them in an editor or a web browser.
To quickly access and scan a resource that is NOT available in your workspace:
For a step-by-step tutorial of how to perform static analysis on a web UI, see Web Static Analysis.