In this section:
Overview
Development managers can use the Violations Explorer to efficiently sort through static violations and easily facilitate remediation. All static analysis violations widgets drill-down to the Violations Explorer. This section provides an overview of the Violations Explorer’s main components. The following sections in this chapter describe how to use the Violations Explorer in greater detail.
The Violations Explorer is made up of five main parts:
- Search panel; See Searching for Violations.
- Search results panel; See Viewing Search Results.
- Sources panel; see Viewing Sources.
- Actions panel; see Addressing Violations.
- Flow Analysis Trace or Code Duplicate Detection panel (if flow analysis or code duplicate detection has been performed); see Viewing Flow Analysis Traces or Viewing Duplicate Code Violations.
Searching for Violations
Violations stored in Development Testing Platform are searchable by several parameters. Use the search area to hone in on specific types of violations. You can change the criteria in the search area to find violations throughout your development projects.
- Click the Change Search to open the search.
- Select search criteria and click Search.
- The path you took to the Violations Explorer is reflected in the search area. You can choose a different filter or a specific build from the drop down menu to change the domain of your search.
- Select/deselect search criteria and click Search; you can also search search for violations based on the file in which they were found. See Searching for Violations by File.
- To search for suppressed violations, be sure to choose Suppressions from the Type drop-down menu:
- Click on a violation in the search results table to view the violation as it exists in the code.
- DTP can be configured to display sources from source control or from sources sent by DTP Engines during analysis. See Configuring Source Code Views for additional information on how sources are displayed in DTP.
Searching for Violations by File
You can search for a file and return the violations found in the file.
- Click the Change Search button to open the Search Options overlay.
- Click the File Path option and enter your search path in the File Path bar. You can search paths containing a string or use Ant-based patterns to returns all violations found in file paths that match the pattern.
Value | Result |
---|---|
test | Returns all violations with file paths containing the string "Test", for example:
But not:
|
com/ex | Returns all violations with file paths containing the string "com/ex", for example:
|
com/parasoft/** | Returns all violations in the "com/parasoft" directory tree, for example:
But not:
|
**/test/*.java | Returns all violations in files with the ".java" suffix under test directories from anywhere in the directory tree, for example:
But not:
|
Viewing Search Results
The search results panel returns any violations found according the search parameters.
Click on a violation to view the content of the source file, details about the violation, and enable actions for remediation. When you make a selection in the violations table, the file name and the component that opened the file appears in the code panel.
You can also use the sorting mechanisms and customize the table to refine your view of the violation data. See Navigating Explorer Views for details.
By default, the maximum number of violations shown is 1000. You can change the limit by adding the &limit=[number] parameter to the URL. For example, the following URL would allow you to see up to 2000 violations:
[DTP_HOME]/grs/dtp/explorers/violations?filterId=11&limit=2000
You can set the limit parameter to any value, but changing the maximum number of violations shown to a large value may affect the performance of the Violation Explorer.
Viewing Sources
The sources panel allows you to view violation instances as they appear in the code. You must have permissions to view source code in Report Center explorer views (see Assigning Native Permissions for additional information).
Mouse over the marker in the line number margin to view a tooltip of with the violation error message.
Mouse over the information icon to see where sources are being displayed from.
You can also see paths through the code leading to the violation in the code panel when you use the flow analysis trace feature.
See Viewing Flow Analysis Traces for additional information about viewing code in the Violations Explorer.
Addressing Violations
There are several tools in the Violations Explorer to help you address violations in a way that’s consistent with your organization’s policies, needs, and goals. You can put violations into a software quality workflow through the Prioritization panel.
Users must have permissions to prioritize violations, as well as view sources. Permission to prioritize violations can be granted for all violations or limited to violations owned by the user. The following table describes a project membership scenario and how permissions may be assigned (see Assigning Native Permissions for additional information):
User Type | Additional Permission | Access Granted |
---|---|---|
Admin |
| |
Leader |
| |
Member |
| |
Non-member 1 | No access | |
Non-member 2 | project |
|
Non-member 3 | project, prioritizeOwner |
|
Non-member 4 | project, viewSources |
|
Prioritizing Violations
- Select violation(s) in the search results area; the file name appears in the code view panel
- Click the Prioritization tab and choose a priority from the drop-down menu.
- Make any other changes and click Apply; the Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Assigning Violations to Developers for Remediation
You can assign violations to other authors of violations or to a member of the Project associated with the Filter.
- Select violation(s) in the search results area; the file name appears in the code view panel
- Click the Prioritization tab and click the Assigned To field.
- Enter an assignee user name. The form will auto-fill based on the users in the system.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Assigning Violation Risk and Impact Levels
The Violations Explorer allows you to flag violations that pose a risk or have an impact on the policy goals associated with your application.
- Select violation(s) in the search results area.
- Click the Prioritization tab and choose a value from the Risk/Impact drop-down menu.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Assigning Actions to Violations
Actions are strings of metadata that you can use to define how you choose to remediate reported violation. DTP ships with set of pre-defined actions: None, Fix, Reassign, Review, Suppress, and Other. You can edit or remove the pre-defined action types (except for the None type) using the API. For details on configuring actions, choose API Documentation from the Help drop-down menu in the Report Center navigation bar.
- Select violation(s) in the search results area
- Click the Prioritization tab and choose a value from the Action drop-down menu.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Assigning Due Dates to Violations
- Select violation(s) in the search results area
- Click the Prioritization tab and click the calendar icon in the Due Date field to choose a date.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Assigning Reference Numbers to Violations
- Select violation(s) in the search results area
- Click the Prioritization tab and enter a value in the Reference # field.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Adding Comments to Violations
- Select violation(s) in the search results area
- Click the Prioritization tab and enter a value in the Comments field.
- Make any other changes and click Apply. The Apply to All Branches option is enabled by default. Disable this option if you want to apply changes to only the selected instance of the violation; see Applying Changes to Violations.
Applying Changes to Violations
When you update a violation, you can apply the change to single instance of the violation or apply the changes to the violation in all source control branches in which it occurs. A confirmation message appears when your changes are applied:
Reviewing Violations Information
All changes applied to violations can be viewed in the actions panel, which provides a detailed view of historical information associated with selected violations. Rule documentation for a selected violation is also available.
Modification History
Click the Modification History tab in the actions panel for a concise sumary of updates to a selected violation. You can not view the modification history of two or more violations.
Enable the Only show comments option to hide all updates except for the comments log.
Violation History
Click the Violation History tab in the actions panel to view the static analysis runs and the dates in which the selected violation was detected. You can not view the violation history of two or more violations.
You customize the modification history panel view:
- Click a column header and choose Sort Ascending or Sort Descending to resort the table.
- Choose Columns and enable/disable parameters.
- Click on the margin between two column headers and drag it to the desired width.
Documentation
Click the Documentation tab to view the static analysis rule that the code violates. You can not view the rule documentation for two or more violations.
Timeline
Click the Timeline tab in the actions panel to see how the code containing the violation has evolved over time. The timeline shows the most recent information at the top. Red sections of the timeline indicate that the violation was detected during that period. Green sections indicate that the violation was resolved during that period. You can not view the timeline for two or more violations.
Details
Click the Details tab in the actions panel to view current information about the location, owner, rule ID, and message associated with the selected violation.
The Violation ID field appears if a violation is selected in the search results table. The ID links directly to the violation and the selected filter. You can share this link so that others can directly access view the violation in DTP.
You can not view history information for two or more violations.
Viewing Flow Analysis Traces
If data flow analysis (dynamic analysis) has been performed, then you can view the path leading up to a violation in the flow analysis trace panel. Flow analysis can help you make decisions about how the code is structured, understand why the violation may have occured, and determine the significance of the violation.
Click on a trace to view the violation path in the code panel.
To open or close the flow analysis trace panel, click the disclosure button at the bottom of the actions panel.
Users must have permissions to view source code. See Assigning Native Permissions.
Viewing Duplicate Code Violations
If violations were detected by CDD (code duplicate detection) analysis rules, then you can view them in the Code Duplications Detected panel. Duplicate code may indicate poor application design, as well as increase maintenance costs. If violations were detected by CDD (code duplicate detection) analysis rules, DTP shows each instance of duplicate code in the Code Duplications Detected panel. Click on a CDD violation in the Violations Explorer search results panel to open the violation path.
This panel shows the file name, line number, and path to each instance of the duplicated code. DTP also shows the sources containing the duplicate code in the sources panel.
The line that contains the original instance of the duplicated code is highlighted. You can mouse over a the marker for a tool tip showing which rule was violated.
Users must have permissions to view source code. See Assigning Native Permissions for additional information.
Click on entries in the Code Duplications Detected panel to view instances of the duplicated code.
You can perform normal violation remediation actions, such as setting a priority and assigning the violation to a developer. See Addressing Violations.