Create custom-configuration.md #40967
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding public documentation for how to provide custom config files to customize AppCAT code analysis
|
ping @alexwolfmsft @CamSoper for review |
|
I'll give this a review Friday. Thanks, @mckennabarlow! |
CamSoper
requested changes
Aug 2, 2024
There was a problem hiding this comment.
Overall, looks great, @mckennabarlow! I made a few suggestions for readability. I'll also send a PR to this branch to add this doc to the TOC.
| title: How to customize analysis with JSON run configurations | ||
| description: Learn how to include a JSON file to configure your code assessment | ||
| ms.topic: conceptual | ||
| ms.date: 5/16/2024 |
There was a problem hiding this comment.
Suggested change
| ms.date: 5/16/2024 | |
| ms.date: 08/02/2024 |
| ms.topic: conceptual | ||
| ms.date: 5/16/2024 | ||
| author: mckennabarlow | ||
| ms.author: mckennabarlow |
There was a problem hiding this comment.
Suggested change
| ms.author: mckennabarlow | |
| ms.author: mcbarlow |
Use your MS alias for ms.author 🙂
Comment on lines
+23
to
+34
| ## How to provide run config | ||
|
|
||
| For CLI: | ||
|
|
||
| - in the interactive mode CLI will ask if you want to provide run config and then if you said yes, asks to type/paste path to the run config file. | ||
| - in non-interactive mode there is new argument `-c|--config` which allows to provide the path to the run config json. | ||
|
|
||
| For VS: | ||
|
|
||
| - at the step where we allow to edit analysis settings we added a text box and `Browse` button to let you specify a run config json. | ||
|
|
||
| After analysis is done, run config is stored in the report and re-used if user opens report again and refreshes. |
There was a problem hiding this comment.
Suggested change
| ## How to provide run config | |
| For CLI: | |
| - in the interactive mode CLI will ask if you want to provide run config and then if you said yes, asks to type/paste path to the run config file. | |
| - in non-interactive mode there is new argument `-c|--config` which allows to provide the path to the run config json. | |
| For VS: | |
| - at the step where we allow to edit analysis settings we added a text box and `Browse` button to let you specify a run config json. | |
| After analysis is done, run config is stored in the report and re-used if user opens report again and refreshes. | |
| ## How to provide a JSON run configuration | |
| ### Using the CLI | |
| - **Interactive mode**: The CLI will ask if you want to provide run configuration. Upon selecting *yes*, it prompts the user to type/paste the path to the run configuration file. | |
| - **Non-interactive mode**: Use the `-c|--config` argument. This allows you to provide the path to the JSON run configuration. | |
| ### Using Visual Studio | |
| - When editing analysis settings, use the UI to specify JSON run configuration. | |
| After analysis is done, run configuration is stored in the report. The configuration is re-used if the user reopens the report and refreshes. |
Comment on lines
+13
to
+21
| Before running an analysis we discover all rules and analyzers provided to AppCAT and then use all that match current project's `traits`. However some results could be too noisy for some applications. | ||
|
|
||
| To control/scope rules and/or analyzers used, you can provide a json run config file which would allow you to: | ||
|
|
||
| - change default settings to include or exclude some binaries | ||
| - disable existing specific rules or specific analyzers | ||
| - change properties in existing rules | ||
| - add new rules | ||
| - add new analyzers for existing or new rules |
There was a problem hiding this comment.
Suggested change
| Before running an analysis we discover all rules and analyzers provided to AppCAT and then use all that match current project's `traits`. However some results could be too noisy for some applications. | |
| To control/scope rules and/or analyzers used, you can provide a json run config file which would allow you to: | |
| - change default settings to include or exclude some binaries | |
| - disable existing specific rules or specific analyzers | |
| - change properties in existing rules | |
| - add new rules | |
| - add new analyzers for existing or new rules | |
| Before running an analysis, AppCAT discovers all rules and analyzers provided to it and then uses that information to match the project's `traits`. However, the analysis results can be overly verbose when using the default configuration. | |
| To control/scope rules and/or analyzers used, you can provide a JSON run configuration file. This allows you to: | |
| - Change default settings to include or exclude some binaries. | |
| - Disable existing specific rules or specific analyzers. | |
| - Change properties in existing rules. | |
| - Add new rules. | |
| - Add new analyzers for existing or new rules. |
Comment on lines
+90
to
+94
| `Settings` section contains globing includes or excludes applied to filter in or out binaries that are going to be analyzed. It probably makes sense to run binary analysis once to see any red flags, however results for binaries are pretty verbose. Some findings could indeed flag a real problem inside binary dependency application is using without realizing it. However others could be (although valid) but in code paths not used by the application and could be ignored. To avoid being overwhelmed by amount of results for binaries, users could include only ones they really interested in instead of scanning all of them. | ||
|
|
||
| `Rules` section contains rules definitions which could override existing rules' properties, disable existing rule or even define new ones. | ||
|
|
||
| `Analyzers` section contains analyzers, which similarly to rules could be disabled or new analyzers could be added. |
There was a problem hiding this comment.
Suggested change
| `Settings` section contains globing includes or excludes applied to filter in or out binaries that are going to be analyzed. It probably makes sense to run binary analysis once to see any red flags, however results for binaries are pretty verbose. Some findings could indeed flag a real problem inside binary dependency application is using without realizing it. However others could be (although valid) but in code paths not used by the application and could be ignored. To avoid being overwhelmed by amount of results for binaries, users could include only ones they really interested in instead of scanning all of them. | |
| `Rules` section contains rules definitions which could override existing rules' properties, disable existing rule or even define new ones. | |
| `Analyzers` section contains analyzers, which similarly to rules could be disabled or new analyzers could be added. | |
| Looking at the JSON objects contained in the preceding example: | |
| - `analysis.settings` contains global includes or excludes. These include and exclude binaries to be analyzed. It's recommended to run binary analysis once to see any red flags, but results for binaries tend to be verbose. Some of the results could flag problems inside dependencies your application is consuming. Other results could be valid problems in your app, but located in unused code paths. These can be ignored to reduce the verbosity of the results. | |
| - `analysis.rules` contains rules definitions. These definitions override or disable existing rules, as well as define new rules. | |
| - `analysis.analyzers` contains analyzers. Similarly to the rules definitions, these can be disabled, overridden, or added on to. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding public documentation for how to provide custom config files to customize AppCAT code analysis
Summary
Fixes #Issue_Number (if available)
Internal previews