The main goal of onboarding with Fast Scan workflow is to get visibility about the contents of the source code, inspect it and correct it if necessary, before it is sent for analysis. This ensures that only the correct source code has been delivered and any unwanted code is excluded. For this
- An initial fast scan is first run and results of this are displayed in the Overview panel at application level where the delivered source code can be inspected (size, structure etc.),
- Source code filters (exclusions) can then be defined and an architecture preview diagram, software composition analysis and code readiness can be checked.
- If the results produced by the fast scan identifies missing source code - you can provide the missing code before you start the analysis process.
- Finally analysis results can be checked in console and published to CAST Imaging or CAST Dashboards.
An onboarding with Fast Scan always uses the rapid, without DMT version history delivery mode, thereby reducing the time required to process the uploaded source code. However, the onboarding with Fast Scan process is not a "quick" one-shot onboarding (upload source code, analysis, snapshot) publishing in one go, instead, source code is delivered and then Console will perform the initial "fast-scan" phase to determine the application's technologies/languages/frameworks etc.
Steps to follow
- Check whether the prerequisites for application onboarding are met before using CAST Imaging - Console. Please read Prerequisites - Application onboarding. If in Admin Center > Global Configuration > Application onboarding is unchecked, then only select the option for Onboarding with Fast scan. If Application onboarding is checked, then the option for Onboarding with Fast scan is the default.
- Ensure that "Onboarding with Fast Scan" is selected.
- Click on Onboard application in Application Management panel. You must have an Admin or Application Owner role to add an application.
- In the dialogue box that opens up, enter your application name and the domain name (optional). If the domain field is left blank the application will be listed under "No Domain". If there are previously added domains you can select the appropriate domain from the drop down list. Click to upload or drag and drop the zip file with the source code. Click the "Fast Scan" button to initiate the scan. For more details please refer Define your application and source code
- Once the fast scan is done contents of the Zipped source code, its Software composition, identified frameworks, and the architecture pre-view will be displayed in the Overview panel. The main goal of this panel is to encourage source code to be inspected before it is sent for deep analysis to ensure that the correct source code has been delivered and any unwanted code can be excluded. Also the application is marked as Fast scan done in the AIP Console - Application Management panel. Please check the following before proceeding with the analysis.
-
-
-
- Check whether all the expected technology stack is ready for the next step of deep analysis in the Zip Content section. If something important is missing, upload new zip. Click on specific files to check its contents. If there are files that should not be analyzed, you can exclude the files manually by unchecking them or use the "File Filter" option to exclude files/folders using regular expressions. NB: By default, Console will automatically filter files that are not source code, i.e. image files, therefore these files are never displayed and are never analyzed.. After setting exclusions, CAST highly recommends using the "Update Data" option in ZIP CONTENT section so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new exclusions.
- Check the project exclusion rules and select as required if in doubt use the defaults. For this click on File Filter (Please check the above screenshot ) > Rules. After changing rules, CAST highly recommends using the "Update Data" option in ZIP CONTENT section so that the details in the Application - Overview with Fast Scan page are updated based on the existing source code and the new rule positions.
- Check the Software Composition section to know about the details of the source code like Lines of code (total lines of code per technology), File Count ( total number of files per technology) and File Size. Roll the mouse pointer over the bars to display the count per technology. On the right, the same information is displayed in table format. In addition, a column shows how the identified technology will be analyzed, using:
- Product Extension > an extension provided and supported by CAST
- Community Extension > an extension built by the CAST wider community (not supported by CAST)
- No Known Extension > this technology will not be analyzed since there is no extension available to support it.
- Check the Architecture Preview section to find out the completeness of the source code that has been delivered. Identified Frameworks section next to it lists all the frameworks that have been detected by Console during the fast scan phase. The identified framework will be analyzed, using the same legend for extensions as in the Software Composition section.
-
Check code readiness beneath the Architecture Preview section to know about the readiness of the delivered source code for analysis based on the initial fast scan. If no "issues" are found then the "all clear" is given, with the estimated time for deep analysis. If issues are found, then a warning is given with an explanation, a warning may not mean that the analysis cannot proceed, however, coherent results may not be produced. If no issues are there check the advanced settings for Run Analysis and decide on the options such as publish to CAST Imaging, Engineering dashboard or Management Dashboard.
-
Check and configure extensions To check the extensions that are automatically installed or are available for the deep analysis, click the Extensions tab. Also check Application - ExtensionsTo ensure that all required extensions are set for installation - Use the Included panel to view the list of extensions and their release number that will be installed and used during the deep analysis: If you find that certain extensions that you would expect to be present are not listed in the Included panel, you can search for them and add them using the Available panel. Click the Include option to add the selected extension. If you see extensions in the Included panel that you do not require, you can remove them using the trash icon.
NB: In the scan and subsequent checks, if you have found out that source code is missing, CAST highly recommends that you upload new source code / add the correct source code to the source code location and then run a new Fast Scan on this new source code using the New Scan button.
-
-
-
- Click on Run Analysis to initiate the deep analysis of the pre-checked code. The Progress window will indicate that the analysis is in progress. The analysis is complete when the Progress window indicates a successful completion.
If your job is interrupted for whatever reason (network issue, issue on the Node etc.), CAST Console is able to resume the job from the same point or a previous point. For this return to the Application - Overview with Fast Scan page, a Resume button will be available in place of Run analysis - Once the deep analysis is over scroll down the Overview panel to view the Analysis Reports. In the analysis report it can be checked whether all the files are correctly analyzed. Click on the numbers to see the details of the files. The Analysis Report can be downloaded in a csv format by clicking on the cloud icon on the top left of the Analysis Report section. Beneath the Analysis Report in the Overview panel Analysis Results Indicators section can be seen. The Analysis Results Indicators section displays a set of indicators for a given analysis/snapshot. so that the analysis/snapshot can be validated. If the Analysis Results Indicators section is not seen check if the feature is enabled - see Configuring Indicators.
-
-
- Select the snapshot. By default the most recent snapshot for the Application will be displayed.
- If you want see all the indicators regardless of its value use the toggle switch to select. By default only Indicators that have a positive value are shown.
- Some Indicators are clickable, clicking the link will take you to the relevant configuration page within Console. Individual indicators in Administration Center - Settings - Analysis Results Indicators can be enabled or disabled- this requires the global "Admin" role.
-
-
- The value shown is the value generated for the current snapshot which can be a ratio or a percentage. For some indicators when only one snapshot exists, the value may be N/A.
- For status of the indicator - the more the stars the better the results. Rolling the mouse over the stars will show the thresholds that are required to improve.
- Justification is a free text field enabling you to enter a justification for the result. Free text is saved and is retained for the next snapshot that is generated. Justifications can only be edited for the most recent snapshot.
- Remedy Action provides a suggestion for how to improve the result in the next analysis/snapshot.
- Click the Details option to download the CSV file. This can help you work out why a poor result has been produced,
-
-
- Click the cloud icon to download Excel reports containing detailed information about the indicators in each category.
- Click the re-compute icon If you want to re-compute all the indicators without needing to generate an entire new analysis/snapshot. Re-compute icon will not be visible if the banner is visible. This banner is displayed when Console detects that a configuration change has been made and that your data should be updated. If the "Update" button is clicked, then a job will run to ensure that all Analysis Results Indicator data is correct. The triggers for this banner are identical to the triggers described in the section Update Banner in Application - Config.
-
-
- Validate the results of this initial analysis to ensure that they meet your expectations and if not, make any advanced configuration changes that may be needed. Please refer Application onboarding with Fast Scan - validate the results. For validation
-
-
-
-
-
- Validate using progress window and log messages
- Validate using the Overview panel
- Validate technology specific settings
- Validate dependency configuration
- Validate modules and content
- Validate Dynamic Links
- Validate and configure transactions - optional
- Validate in CAST Imaging
- Validate Assessment Model - optional
- Validate in CAST Dashboards - optional
-
-
-
-
-
- If you have made any configuration changes after validation then re-run the deep analysis so that these changes are reflected in the results. There are two ways to do this
-
-
-
- Run all actions Re-run the analysis by using the Run Analysis option in the Application - Overview with Fast Scan panel. Using this option will automatically include the following if they are configured and available (i.e. CAST Console can access them):
-
-
- Upload to CAST Imaging
- Upload for CAST Engineering/CAST Health Dashboards (if configured)
-
-
-
Run specific actions Depending on your configured environment, the options Semantic analysis, publish to CAST Imaging, Engineering dashboard or Management Dashboard. can be selected independently. For this
-
-
-
Access the the specific actions dialog box.
- Select the options that should be run independently.
-
-
-
- Run all actions Re-run the analysis by using the Run Analysis option in the Application - Overview with Fast Scan panel. Using this option will automatically include the following if they are configured and available (i.e. CAST Console can access them):
-
-
-
References
Workflow - Application onboarding with Fast Scan
Comments