Versions Compared

Old Version 23

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 24

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If installation successfully completes, Kiuwan for Developers will be up and running upon restart!

Configuration

 

Connection Settings

 

Info
titleK4D Configuration

After installation, you need to configure K4D to connect to Kiuwan servers.

K4D connection settings is configured at Window >> Preferences >> Kiuwan >> Connection Settings



Fill in you User and Password of your Kiuwan Account and click Check Credentials to validate access.

In case you are using a proxy, please configure Proxy Settings.

 

Analysis Filters

You can configure file inclusion and exclusion patterns for the analysis. Please visit Source Code Filters for further help on this.
By default, it's only configured Exclude patterns (containing a list of file patterns commonly containing not relevant source to be analyzed).
Also, you can modify the default extensions associated to available language engines.

Image Added

 

This configuration is general to K4D installation, but you can configure analysis filters per-application. 

To do it,  go to Project >> Properties >> Kiuwan >> Analysis Filters and click on Enable project specific settings

 

Image Added


Mapping your Eclipse project to Kiuwan Application

After K4D is installed and connection is configured, you are ready to map your Eclipse project to a Kiuwan application.

To map your Eclipse project to Kiuwan, you can do it in several ways:

  1. Project >> Properties
  2. Right-click on your project and select Configure >> Convert to Kiuwan Project...
  3. Right-click on your project and select Properties.

Next dialog will be open.

 

 

To map your Eclipse project to a Kiuwan Application allows to execute K4D analysis synced to the Kiuwan Model defined at application level.

This means that K4D analysis will be executed with the same Model (rules, configuration, etc.) defined for for the Kiuwan application.

Please visit Models Manager User Guide for further help on Kiuwan Models.

 

Also, mapping your project to a Kiuwan Application allows to download defect list found by Kiuwan servers to you Eclipse, so you can work locally on fixing those defects.

 

...

 

Local defects list

Local defects list displays defects found during local analysis executed within your Eclipse by K4D.

Info
titleLocal defects list

Local defects list displays defects found during local analysis executed within your Eclipse by K4D.

 

 

Info

Double-clicking on a defect will open associated file in Eclipse editor and place cursor on affected line.

Right-clicking and selecting a defect will allow you to inspect Rule Information for a better understanding of the defect.

This option will open an internal browser to display Rule Information.

In case you are presented with Kiuwan Login page, please use the same credentials than used in K4D Connection Settings.

 

Vulnerabilities details (Source and Sink) 

 

Info
titleSource and Sink

Security defects (i.e. vulnerabilites) are prefixed by a > icon. 

Clicking on > icon will open details on associated Source and Sink of the defect.
Just double-click on any of them to open source file and line.

 

 

Configuring Contents 

Although K4D will execute the analysis with the model associated to the mapped Kiuwan application, you can further limit the scope of the K4D analysis to a subset of that model.

This would allow you to concentrate on a specific set of rules or files, reducing the number of defects that appear in the list. Only defects matching those filters will be displayed.

Filters can be configured based on Priority, Characteristic or Language. Also, you can set a filter for defects of files whose file path contains some substring.

 

Info
titleMax number of defects

An important point is to set a limit for the number of defects displayed in the list

By default, it's set to 100. You can increase such limit, but performance of your Eclipse can be seriously damaged. Take care not to set that limit to a high number.

 

 

Configuring Filters

Regardless of you have configured the subset of defects of K4D analysis (see above), you can further reduce that subset by defining additional filtering conditions.

Most important filter is Scope:

  • File option will only display defects of the selected file in the Eclipse source file editor
  • Project option will display the defects of the entire project

Additionally, you can define filters based on Priority, Characteristic and Language.

 

Server defects list

 

Info
titleLocal defects list

Server defects list displays defects of the application stored at the Kiuwan servers.

This utility allows developers to download defects found during Kiuwan analysis of the application in a centralized environnment.


For example, let's consider that at some predefined point in application life cycle (for example, previoulsy to commit a new release to a pre-production environment), the application is analyzed in a centralized environment.
This analysis finds some defects that must be fixed before deploying to next phase. So, you, as a developer,will be notified that you must fix some blocking defects. 
When you start working on it, you need to have full and easy access to those "server" defects. 
Why do you need to have access to server defects ? Because it's very likely that you Local defect list be different to Server defect list:
  • Your current source code could be different to the source code of the server (you or other might already have modified that version)
  • The list of defects to be fixed will be more probably a subset of all defects found during the server analysis (more on this topic below)

In these cases, you will need to have access to server defects.

 

Source of Server defects list

 

Depending on your needs, the source of server defects could be different :
  • Last baseline analysis
    • All the defects found during last complete application analysis (i.e. the Application Baseline)
  • Action plan
    • Defects included within an Action Plan (you can select the plan from the app's list of available action plans)
  • Audit Delivery
    • Defects that must be fixed so the Audit of a delivery can be successfull (you can select the delivery among the list of executed deliveries)

Please, visit Kiuwan Life Cycle documentation for a full explanation of Baseline, Delivery and Audit concepts).

 

 

Besides to configure the source of server defects, you can further filter server defects to be downloaded based on Priority, Characteristic, Language or File Pattern

Info
titleMax number of defects

An important point is to set a limit for the number of defects displayed in the list

By default, it's set to 100. You can increase such limit, but performance of your Eclipse can be seriously damaged. Take care not to set that limit to a high number.

 

...