Running Local Analyzer with Kiuwan

Kiuwan’s great advantage is its possibility to analyze your code in your own infrastructure without having to upload your code to the cloud. For this, we can download Kiuwan Local Analyzer, which will allow you to run a local analyses (or as many as you want) from any machine and view the results on KIUWAN with all the functionality it provides. It also allows to integrate analyses and code quality and security measurement tasks with your continuous integration or deployment process.

All resulting data is securely uploaded to KIUWAN platform, where you can see the results on the dashboards, generate reports, see the metrics and defects lists. Just as if you had uploaded your code and run the analysis in the cloud.

For complex analyses, using Kiuwan Local Analyzer you have the possibility to set the memory to be used, determine an estimate of time (which, by default, is 1 hour) or configure the extensions for each desired technology.

 

Requirements

First of all, it is important to review some basic requirements for the proper performance of the analyzer:

  1. Operating systems supported by Kiuwan Local Analyzer are: Windows, Linux, MacOS or any UNIX operating system that supports Java.
  2. Have permission on your computer to download the .zip file, unzip it and execute it.
  3. Internet connection is required for account validation, data synchronization between the platform and the agent, for automatic agent updates, downloading the quality model and uploading the results to KIUWAN.
  4. A 1.6 or higher Java version, JDK or JRE installed and properly configured.

 

First analysis

Once verified the requirements, download the analyzer and run a local analysis on an application:

  1. Click New on the top right.
  2. On A Analyze locally: download analyzer option click on Download now.Local analysis
  3. Once downloaded, we unzip it.
  4. Execute it with %KiuwanLocalAnalyzer%/kiuwan.cmd.
    Problems executing the analyzer:
    “It is very important that Java installation is correct, since if it is not properly configured, it may have problems to execute the analyzer or during the analysis”
  5. If needed, verify proxy options (Proxy Configuration) and configure it.
  6. Sign in with your KIUWAN account credentials.
    Local analysis
  7. Select the application to analyze or create a new one, which will be automatically done with the standard settings.
  8. Introduce the Label you deem.
  9. In Select folder(s) to analyze, indicate the directory where the sources to analyze are, which should not be compressed.
  10. Click on Continue.
  11. Before starting the analysis, you can check the amount of files and how many of them were found. You can also enable the technologies you want to be analyzed.
    Local analysis
  12. Clic on Analyze to run the local analysis.
  13. When the analysis ends, if a problem occurs, you can check the log with all its information, that you can also find in the analyzer folder: %kiuwanlocalanalyzer%/temp, in agentGUI.log file.
    Local analysis
  14. Once the analysis ends, click on View results button, which will take you directly to KIUWAN.

 

Settings

After running your first local static analysis and check how easy to use the analyzer is, let’s dive a little deeper into the existing settings.

First, we learn how to set the time and memory to be used in the analysis:

  1. Once the application is selected with the code to analyze, click on Configuration.Local analysis
  2. Timeout is 1 hour by default, 3 600 000 milliseconds. If you need more time to analyze, modify this property extending it to, for example, 7 200 000 milliseconds and click Save. You need to configure the timeout when an analysis fails and a ‘timeout error’ is in the log file.
  3. The memory to use, Max memory size, is, by default, 1024m. If you need to use more, modify this property extending it to, for example, 2048m and click Save. You need to configure the Max memory when an analysis fails and a ‘OutOfMemoryError error’ is in the log file.

 

Now we see how to configure an extension. For this example, we have used Transact-SQL:

  1. Sometimes, we have unusual file extensions, considering the technology we have written them in. Let’s see how to analyze some code without its usual extension.
  2. We have three files: test1.sql, test2.sql and test3.txt (this last one has .txt extension, but we know it has Transact-SQL code).
  3. Note that when selecting the sources to analyze, Kiuwan Local Analyzer only recognizes those with .sql extension.
    Local static analysis
  4. To recognize the .txt file, click on Configuration, go to Extensions editor tab, select Transact-SQL and add .txt extension.
  5. Check that the extension does not appear in Extensions ignored.
  6. Then, Save.Local analysis
  7. Then, you will see that Kiuwan Local Analyzer recognizes the three files, when selecting the technology.
    Local analysis

 

Another option to analyze is from command line, CMD in Windows (agent.cmd) or some LINUX/UNIX console (agent.sh).

  1. Let’s see a CMD example:
    1. Access by console to %kiuwanlocalanalyzer%/bin/ folder.
    2. Execute:
      agent.cmd -n APP_NAME -s C:\Code_Path\ -c supported.technologies=”java,plsql,javascript,php”

 

Security options

If you choose not to upload your code, with Kiuwan Local Analyzer you can expand the confidentiality level of your source code, so it does not indicate fragments of code in the violations found, and it just shows the line where the violation is.

To better understand this option, let’s first see an example when the local analysis is run with its standard settings:

  • On Defects screen, when we review the violations found in an analysis, it indicates the file name, the line of code and the fragments of code to be reviewed or repaired.

Static analysis

 

Now let’s see how it would result by changing the analyzer settings:

  • On Defects screen, we see that it just shows us the file and the line where the violation were found. Line of code not available (optional)”.

Local analysis

 

To perform this process, we follow these steps to configure the analyzer:

  1. Once selected the application and its code to analyze, click on Configuration.
  2. In Upload fragment of code for defects and duplications, you can select True (file, line and fragment) or False (file and line).
  3. Click on Save and run the local analysis..

Local analysis
There are several options to run the local analysis from command line. To do this, you can check this guide.

On KIUWAN you can find all the documentation.

And last, but not least, here you have some video tutorials.