CAST Console - How to onboard an application with Fast Scan

The main goal of onboarding with Fast Scan workflow is to get visibility about the contents of the source code, inspect it and correct it if necessary, before it is sent for analysis.  This ensures that only the correct source code has been delivered and any unwanted code is excluded.  For this

  1. An initial fast scan is first run and results of this are displayed in the Overview panel at application level where the delivered source code can be inspected (size, structure etc.),
  2. Source code filters (exclusions) can then be defined and an architecture preview diagram, software composition analysis and code readiness can be checked.
  3. If the results produced by the fast scan identifies missing source code - you can provide the missing code before you start the analysis process.
  4. Finally analysis  results can be checked in console and  published to CAST Imaging or CAST Dashboards.

An onboarding with Fast Scan always uses the rapid, without DMT version history delivery mode, thereby reducing the time required to process the uploaded source code. However, the onboarding with Fast Scan process is not a "quick" one-shot onboarding (upload source code, analysis, snapshot) publishing in one go, instead, source code is delivered and then Console will perform the initial "fast-scan" phase to determine the application's technologies/languages/frameworks etc.

 

 

Steps to follow

  1. Check whether the prerequisites for application onboarding are met before using CAST Imaging - Console. Please read Prerequisites - Application onboarding. If in Admin Center > Global Configuration > Application onboarding is unchecked, then only  select  the option for  Onboarding with Fast scan. If Application onboarding is checked, then the option for  Onboarding with Fast scan is the default.
  2. Ensure that "Onboarding with Fast Scan" is selected. 1a.JPG
  3. Click on  Onboard application in Application Management panel.  1.JPGYou must have an Admin or Application Owner role  to add an application.   
  4. In the dialogue box that opens up, enter your application name and the domain name (optional). If the domain field is left blank the application will be listed under "No Domain". If there are previously added domains you can select the appropriate domain from the drop down list. Click to upload or drag and drop the zip file with the source code. Click the "Fast Scan" button to initiate the scan. For more details please refer Define your application and source code2.JPG
  5. Once the fast scan is done contents of the Zipped source code, its Software composition, identified frameworks, and the architecture pre-view  will be displayed in the Overview panel. The main goal of this panel is to encourage source code to be inspected before it is sent for deep analysis to ensure that the correct source code has been delivered and any unwanted code can be excluded. Also the application is marked as Fast scan done in the AIP Console - Application Management panel. Please check the following before proceeding with the analysis.
          1. Check whether all the expected technology stack is ready for the next step of deep analysis in the Zip Content section. If something important is missing, upload new zip. Click on  specific files to check its contents. If there are files that should not be analyzed, you can exclude the files manually by unchecking them or use the "File Filter" option to exclude files/folders using regular expressions. NB: By default, Console will automatically filter files that are not source code, i.e. image files, therefore these files are never displayed and are never analyzed.. After setting exclusions, CAST highly recommends using the "Update Data" option in ZIP CONTENT section so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new exclusions. 4.JPG
          2. Check the project exclusion rules and select as required if in doubt use the defaults. For this click on File Filter (Please check the above screenshot ) > Rules.   After changing rules, CAST highly recommends using the "Update Data" option in ZIP CONTENT section so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new rule positions.6.JPG                                                                                               
          3. Check the Software Composition section   to know about the details of the source code like Lines of code (total lines of code per technology), File Count ( total number of files per technology) and File Size. Roll the mouse pointer over the bars to display the count per technology. On the right, the same information is displayed in table format. In addition, a column shows how the identified technology will be analyzed, using:
            • Product Extension > an extension provided and supported by CAST
            • Community Extension > an extension built by the CAST wider community (not supported by CAST)
            • No Known Extension > this technology will not be analyzed since there is no extension available to support it. 7.JPG
          4. Check the  Architecture Preview section  to find out  the completeness of the source code that has been delivered.  Identified Frameworks section next to it lists all the frameworks that have been detected by Console during the fast scan phase.  The identified framework will be analyzed, using the same legend for extensions as in the Software Composition section.
          5. Check code readiness beneath the Architecture Preview section to know  about the readiness of the delivered source code for analysis  based on the initial fast scan. If no "issues" are found then the "all clear" is given, with the estimated time for deep analysis. If issues are found, then a warning is given with an explanation, a warning may not mean that the analysis cannot proceed, however, coherent results may not be produced.9.JPG If no issues are there check the advanced settings for Run Analysis and decide on the options such as  publish to CAST Imaging, Engineering dashboard or Management Dashboard. 10.JPG

          6. Check and configure extensions   To check the extensions that are automatically installed or are available for the deep analysis, click the Extensions  tab. Also check Application - Extensions12.JPGTo ensure that all required extensions are set for installation - Use the Included panel to view the list of extensions and their release number that will be installed and used during the deep analysis: If you find that certain extensions that you would expect to be present are not listed in the Included panel, you can search for them and add them using the Available panel. Click the Include option to add the selected extension. If you see extensions in the Included panel that you do not require, you can remove them using the trash icon.

            NB: In the scan and subsequent checks, if you have found out that source code is missing, CAST highly recommends that you upload new source code / add the correct source code to the source code location and then run a new Fast Scan on this new source code using the New Scan button. 11.JPG
  6. Click on Run Analysis to initiate the deep analysis of the pre-checked code. The Progress window will indicate that the analysis is in progress. The analysis is complete when the Progress window indicates a successful completion.
    If your job is interrupted for whatever reason (network issue, issue on the Node etc.), CAST Console is able to resume the job from the same point or a previous point. For this return to the Application - Overview with Fast Scan page, a Resume button will be available in place of Run analysis resume2.jpg
  7. Once the deep analysis is over scroll down the Overview panel to view the Analysis Reports. In  the analysis report it can be checked  whether all the files are correctly analyzed.  Click on the numbers to see the details of the files. The Analysis Report can be downloaded in a csv format by clicking on    the cloud icon on the top left of the Analysis Report section. 14.JPGBeneath the Analysis Report in the Overview panel Analysis Results Indicators section can be seen. The Analysis Results Indicators section displays a set of indicators for a given analysis/snapshot.  so that the analysis/snapshot can be validated. If the Analysis Results Indicators section is not seen check if the feature is enabled - see Configuring Indicators.16.JPG
        1. Select the snapshot. By default the most recent snapshot for the Application will be displayed.
        2. If you want see all the indicators regardless of its value use the toggle switch to select. By default only Indicators that have a positive value are shown.
        3. Some Indicators are clickable, clicking the link will take you to the relevant configuration page within Console.  Individual indicators in Administration Center - Settings - Analysis Results Indicators  can be enabled or disabled- this requires the global "Admin" role. 
              • The value shown is the value generated for the current snapshot which can be a ratio or a percentage. For some indicators when only one snapshot exists, the value may be N/A.
              • For status of the indicator - the more the stars the better the results. Rolling the mouse over the stars will show the thresholds that are required to improve.
              • Justification is a free text field enabling you to enter a justification for the result. Free text is saved and is retained for the next snapshot that is generated. Justifications can only be edited for the most recent snapshot.
              • Remedy Action provides a suggestion for how to improve the result in the next analysis/snapshot.
              • Click the Details option to download the CSV file. This can help you work out why a poor result has been produced,
        4. Click the cloud icon    to  download Excel reports containing detailed information about the indicators in each category.
        5. Click the re-compute icon    If you want to re-compute all the indicators without needing to generate an entire new analysis/snapshot. Re-compute icon will not be visible if the banner is visible.  This banner is displayed when Console detects that a configuration change has been made and that your data should be updated. If the "Update" button is clicked, then a job will run to ensure that all Analysis Results Indicator data is correct. The triggers for this banner are identical to the triggers described in the section Update Banner in Application - Config.
  8. Validate the results of this initial analysis to ensure that they meet your expectations and if not, make any advanced configuration changes that may be needed. Please refer Application onboarding with Fast Scan - validate the results. For validation
  9. If you have made any configuration changes after validation then re-run the deep analysis so that these changes are reflected in the results. There are two ways to do this 
          1. Run all actions Re-run the analysis by  using the Run Analysis option in the Application - Overview with Fast Scan panel. Using this option will  automatically include the following if they are configured and available (i.e. CAST Console can access them):
                • Upload to CAST Imaging
                • Upload for CAST Engineering/CAST Health Dashboards (if configured)run_analysis_section.jpg
          2. Run specific actions Depending on your configured environment, the options Semantic analysis, publish to CAST Imaging, Engineering dashboard or Management Dashboard. can be selected independently. For this

                1. Access the  the specific actions dialog box. 17.JPG

                2. Select the options that should be run independently. 18.JPG

References

Workflow - Application onboarding with Fast Scan

 

Have more questions? Submit a request

Comments

Powered by Zendesk