TIBCO BW (BusinessWorks) and BE (BusinessEvents) Code Review Automation
BW Code Scanner and BE Code Scanner perform the static code review analysis for hard coded configurations, adherence to best practices, optimization opportunities and known patterns of defects. One interesting part about them is that they are very in-depth. BW Code Scanner, for example, traverses all the paths from each activity node in a process instance and evaluates the transitional conditions in all paths from Start to End while evaluating for missed configurations and missing transitions. In our case, we had a JMS Queue Receiver in client acknowledgment mode and it highlighted all the success and error paths from Start to End where there was no message confirmation. This helps to ensure that the message doesn’t end up in an infinite loop. In addition to this, it was doing dynamic global variable mapping, so, in the above case, even if the acknowledgment mode was configured as Global variable, it was able to detect based on value and highlight the paths where message confirmation is missing. Pretty comprehensive indeed.
Another interesting feature is SonarQube plugins for TIBCO BW 5.x, 6.x and BE. You can copy these plugins in the extensions folder of SonarQube and the code review results are pushed into SonarQube so that you can assign, track, add comments – all the niceties associated with SonarQube platform. In addition to these, they provide an override platform to customize the output report. This helped us reduce the severity of some of the rules, and ignore the rules that we did not agree with.
How to automate TIBCO BW Code Review with Jenkins and SonarQube – The steps
- We setup the command-line version of BWCodeScanner and BECodeScanner in one of the Jenkins slave nodes. This setup is needed to break the build.
- Copy the BW SonarQube plugin into extensions directory on Sonarqube server
- Install Sonarqube Scanner plugin for Jenkins
- In the Jenkins job, under Execute Sonarqube Scanner, configure the Analysis properties to configure Sonarqube server, any BW Code Scanner specific properties like license, override file path etc.
- We created the build parameters for source location, reports location etc. and added Build step to execute BW Code Scanner command line. They showed us similar configuration for the Enterprise Cloud version too, but we went with command line version.
- As part of the build setup, we piped these steps, so that SonarQube execution happens, pushing the results to Sonarqube server, then based on the parameter that we pass, the build is broken in command line execution for a specific threshold. For example, we configured BW Code Scanner command line to break the build whenever it finds a code violation of severity – Critical or above.
- As part of the DevOps pipeline, this would run code review analysis on the BW and BE projects, push the results to SonarQube, break the build if the code has any critical violations (customized by us) from the developers, and emails the code review report as excel sheet. Pretty nifty right !
- One interesting thing to note is that BW Code Scanner and BE Code Scanner support multiple projects even with Sonarqube plugin. So, for certain SVN repositories, we setup one job that would do a complete code review analysis across multiple projects in the repository and send one consolidated report as email.
- Enterprise on-premise version came with web version in addition to command line and we could just drop the WAR file in Tomcat and have a functional website where someone could just review the Source zip file or EAR files manually to get a consolidated Excel or PDF report.