ALM Settings
Code Insight 2021 R1
Code Insight integrates with application lifecycle management (ALM) systems, enabling Code Insight users to create and manage external work items associated with inventory directly from Code Insight. In this way, inventory requiring further review and remediation can be tracked externally as part of the user’s existing issue-tracking system.
For example, a Code Insight scan might uncover security vulnerabilities or “copyleft” licenses requiring further review by the Security and Legal teams. With an ALM integration, these issues can be quickly converted into work items that point to corresponding issues in the ALM instance.
Integration with a specific ALM system is enabled through a corresponding Code Insight connector that supports pre-populated data (in the form of one or more instances) used to connect to the ALM system and to set up work items. Additionally, a given ALM instance controls the synchronization of data between Code Insight and the server based on a configured synchronization frequency.
To configure an ALM connector, the Project Administrator defines one or more of these instances in Code Insight, a process described in the “Integrating with Application Life Cycle Management” chapter in the Code Insight Installation and Configuration Guide.
Then, in order to create and manage work items for a given project, you must associate the project with a specific ALM instance. The following sections describe how to associate (and unassociate) a project with an ALM instance. Currently, Code Insight is installed with a Jira connector. Future releases will provide additional support for other ALM systems.
| • | Associating a Jira Instance to a Project |
| • | Using Code Insight Variables |
| • | Unassociating an ALM Instance from a Project |
Associating a Jira Instance to a Project
Use the following instructions to associate a Code Insight project with a Jira instance.
To associate a Jira instance to a project, do the following:
| 1. | As the Project Administrator, navigate to the Summary tab (see Opening the Project Summary Tab). |
| 2. | Click Manage Project and select Edit Project from the popup menu. The Edit Project page opens. |
| 3. | Select the ALM Settings tab. |
| 4. | From the ALM Instance dropdown, select the Jira instance to associate to this project. The current settings for the Jira instance are displayed on ALM Settings tab. |
If no instances are available in the dropdown, ensure that at least one instance is configured at the application level. Instructions for configuring a Jira instance are found in the Code Insight Installation and Configuration Guide.
| 5. | Complete the fields on the ALM Settings tab. See the inline help for explanations of the fields. |
| • | Certain fields might already contain a value based on the global application defaults set when the Jira instance was created (as described in the Code Insight Installation and Configuration Guide.) However, you can override any global defaults with the information you enter here. For example, if you change the Default Issue Type from Task to Bug, the value Bug becomes the new default for this project. See ALM Tab for field details. |
| • | You can include (or override) Code Insight variables in the Default Summary and Default Description fields. These variables will be replaced by actual values in descriptive text that displays for a newly created Jira issue and work item. For more information, see the next section, Using Code Insight Variables. |
| 6. | When you have completed the settings, click Save to associate the Jira instance to the project. |
Validation for these field values takes place during work item creation. If the information entered here is invalid (for example, the Assignee value does not exist in the Jira system), the information will still be saved, but users will not be able to create the work item in the future.
Once you have associated the Jira instance with the project, all work items created in this project will have a corresponding Jira issue on the provided instance.
The Default Summary Text and Default Description Text fields support Code Insight variables that communicate details about the Code Insight project, inventory item, and other relevant information in the work item and associated Jira issue.
Supported Variables
The following table lists the available variables for use in the text entered in the Default Summary Text and Default Description Text fields:
|
|
|
|
$PROJECT_NAME |
Name of the Code Insight project containing the issue |
|
$INVENTORY_ITEM_NAME |
Name of the inventory item containing the issue |
|
$COMPONENT_NAME |
Name of the component associated with the inventory item |
|
$VERSION_NAME |
Version of the component associated with the inventory item |
|
$LICENSE_NAME |
Name of the selected license for the inventory item |
|
$NUMBER_VULNERABILITIES |
Total number of security vulnerabilities associated with the inventory item |
|
$NUMBER_FILES |
Total number of files associated with the inventory item |
|
$INVENTORY_URL |
Link to the inventory item |
When the work item is created, the included variables are replaced by their respective values.
Example Use of Variables
The following is example text you might enter in the Default Summary Text field. The text includes some of the available variables.
The $INVENTORY_ITEM_NAME inventory item in the project $PROJECT_NAME contains $NUMBER_VULNERABILITIES vulnerabilities that require review. Go to $INVENTORY_URL to see the vulnerable inventory item.
If your Code Insight project name is “MySampleProject” and the name of the inventory item name for which you create a work item is “Apache Commons BeanUtils”, the work item and Jira issue will display the following summary:
The Apache Commons BeanUtils 1.7.0 (Apache 2.0) inventory item in the project MySampleProject contains 18 vulnerabilities that require review. Go to https://my.sample.server:8888/codeinsight to see the vulnerable inventory item.
Unassociating an ALM Instance from a Project
The Project Administrator can unassociate an ALM instance from a project at any time. If the association is removed, any existing work items will remain with the project, but the Create Work Item option becomes disabled.
To unassociate an ALM instance from a project, do the following:
| 1. | As the Project Administrator, navigate to the Summary tab (see Opening the Project Summary Tab). |
| 2. | Click Manage Project and select Edit Project from the popup menu. The Edit Project page opens. |
| 3. | Select the ALM Settings tab. |
| 4. | In the ALM Instance dropdown, change the selection to None. |