Following are the best practices that can be followed to get more focused insights for Software Health & Cloud Readiness. Here the focus is to analyse Software Health and Cloud Readiness of custom source code that composes of app/product, by making sure scores are not biased with third-party software (e.g. Open Source, COTS), as your development team generally can’t modify this external code base
The Scan Steps are
- Scan the source code
- Upload the source code scan results
- Submit the application result
-
Source Code Scan need include Source code only
- Source Code Scan should exclude: - Third-party component sources (typically in “lib”, “third-party”, “3rd-party”, “COTS”, “external”, “node_modules” folders, etc.) , Tests , Generated code (e.g. t.ds, .flow.js) , Deployment, SCM folders and files (e.g. .git, .svn, gradlew, .vscode, etc.)
- For Source Code Scan CAST Highlight files to uploaded are : {ScanName}.{Technology}_{timestamp}.csv {ScanName}.{Technology}_{timestamp}.CloudReady.csv
- Deployed/Build Scan is not required
NB: Minified files are excluded from the health analysis. To detect minified files the analyzer calculates a ratio between instruction lines and total lines of code. If this ratio reaches a specific value, the analyzer considers it as minified and exclude it. It is also indicated in the logs as INFO perl: out: Abort : Wrapped: minified file (ratio=80.4155220396804
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Ticket
39711
Comments