This hardware-independent, Web-based service provides the capabilities to improve software assurance by streamlining the management of the analysis tools, the code being analyzed, and the results that are generated. The service is a GUI (graphical user interface) application that addresses the needs of software developers and supporting analysts by presenting a single interface from which multiple static code analysis tools can be configured and executed. It also provides the means to automate consistent periodic analysis of each release of code, has the capability to track code change and identified issues in the code through progressive build releases, and provides tools for identifying and rejecting false-positives from results while identifying quickly what the real issues are within the source code.
The graphical user interface provides an administrative back-end and a secure user account system to safeguard both project code and analysis results. The service is built upon a user-selectable database to manage analysis tool configuration files, execution schedules for each tool, and management of imported source code and the results of the analysis. It is highly configurable so that new projects can be readily added, progressive build releases imported, and the tools’ configurations and execution schedules readily adapted to changing needs.
Support services are provided by MySQL as the database server, Apache as the Web server, and SVN for version control of source code build releases. The graphical user interface is constructed in JAVA using the Google Web Toolkit. Supporting servers, toolkits, and frameworks were selected from a choice of only open-source software. Python scripts and XML files are created by the BugView administrator to support any tool a project has selected for execution through BugView. Such scripts are reusable and reconfigurable.
This work was done by Guillaume Brat of Ames Research Center, Sarah Thompson and Timothy Reyes of Stringer Ghaffarian Technologies, Inc., and Matthew Knudson of Carnegie Mellon University.