This topic explains how you can perform static analysis to identify code that does not comply with a preconfigured or customized set of static analysis rules. Sections include:

About Static Analysis

Static analysis is one of many technologies used to throughout the SDLC to help team members deliver secure, reliable, compliant SOA. Static analysis helps the team ensure that development activities satisfy the organization's expectations, ensuring interoperability and consistency across all SOA layers.

SOAtest can perform static analysis on both SOA artifacts and the Web interface. 

For SOA, static analysis can be performed on individual artifacts (e.g., WSDL or XML files). It is also used as one of several components in a comprehensive SOA policy enforcement framework, which is discussed in SOA Quality Governance and Policy Enforcement.

For Web interfaces, SOAtest’s static analysis can perform an automated audit of Web interface content and structure, automatically scanning and analyzing a Web asset for accessibility, branding, intranet standards compliance, and consistency. It inspects and exposes issues that present potential risk to the proper functionality, usability, and accessibility of your Web-based applications.

It can cover an entire web UI or an individual component or module. Scan results are presented as actionable reports that identify erroneous objects—providing direct linkage to exposed issues for quick analysis and remediation.

The assessment analysis covers the following areas:

More specifically, to facilitate Web accessibility validation (Section 508, WAI, WCAG), SOAtest automatically identifies code that positively or possibly violates Section 508, WAI, and WCAG 2.0 Web accessibility guidelines. During its automated audit. the solution checks whether Web interfaces comply with core accessibility guidelines and helps you identify code and page elements that require further inspection and/or modification.

Moreover, Parasoft's pattern-based code analysis monitors whether Web language code follows industry-standard or customized rules for ensuring that code meets uniform expectations around security, reliability, performance, and maintainability. We provide an extensive rule library with hundreds of configurable rules for Web languages (JavaScript, VBScript/ASP, HTML, CSS, XML, and so on), as well as a graphical RuleWizard module that makes it very simple to construct and maintain customized rules. 

Analyzing Resources From Your Project Workspace

You can use the following procedure to perform static analysis on:

The general procedure for performing static analysis on one or more files in your project workspace is as follows:

  1. Ensure that the files you want to analyze are available within SOAtest. The files must be available as a project in your workspace.
  2. Select or create a Test Configuration with your preferred static analysis settings.

    • The selected Test Configuration must have Test Execution enabled (this is the default setting for all built-in Test Configurations).
    • By default, SOAtest will statically analyze the individual HTTP messages that the browser made in order to construct its data model—the content returned by the server as is (before any browser processing). If you prefer to analyze the browser-constructed HTML (the real-time data model that the browser constructed from all of the HTML, JS, CSS, and other files it loaded) you can change this by modifying the Test Configuration’s Execution settings.

  3. Select the resource you want to analyze, then run the appropriate Test Configuration.
  4. Review and respond to the results using the appropriate static analysis results layout option.
  5. (Optional) Fine-tune static analysis settings as needed.

Reviewing and Retesting Scanned Resources

The Scanning Perspective is designed to facilitate reviewing and retesting of resources scanned during static analysis.

Opening the Scanning Perspective

To open the Scanning Perspective:

This perspective is similar to the SOAtest perspective, but has two additional features:

Reviewing Scanned Resources

The Scanned Resources view will show the resources scanned by a Scanning tool.  After a Scanning Tool has been run, you can select it in the Test Case Explorer, and the Scanned Resources Listing will show all items that have been scanned by that Scanning Tool. 

You can right-click single files in that view, and choose to open them in an editor or a web browser. 

Analyzing Files Outside of Your Project Workspace

To quickly access and scan a resource that is NOT available in your workspace:

  1. Open the Scanning perspective by choosing Window> Perspective> Open Perspective> Parasoft Scanning.
  2. Start the test with the Quick Test tool bar button: 
  3. Specify the how to access the resource you want to scan (you can specify a URL or a file path).


For a step-by-step tutorial of how to perform static analysis on a web UI, see Web Static Analysis.