Introduction

Thank you for choosing OpenRefactory’s Intelligent Code Repair (iCR). iCR combines source level static analysis and machine learning for examining programs to detect security, reliability, and compliance issues and combines that with behavior-enhancing code refactoring technology to create safe and reliable corrections for those flaws. This results in code free from many serious security vulnerabilities and programming errors.

iCR is offered as both an on-demand service, available through a cloud-provider like Amazon‘s AWS, and as a subscription service for private platform deployment. In both versions of the service, customers can choose to analyze and repair projects which are managed by well accepted cloud-based Version Control Systems such as GitHub, GitLab or Bitbucket, or projects which are copied into a project folder.

This User Guide will provide the details about the specific features of the private platform version.

In the private deployment version, you subscribe to the service through contact with OpenRefactory. With either a paid subscription or, possibly, a Test Drive free trial, you will be provided a package that contains everything you will need to operate iCR. You are also provided with a license that enables the operation of iCR for a maximum number of OpenRefactory Bundled Lines of Code (OBLoCs). The number of OBLoCs in your license is negotiated with OpenRefactory at the time you purchased your subscription or initiated your Test Drive trial.

The iCR package contains the iCR Navigator, Analysis Engines and Reviewer. You use the Navigator to help you to select the projects that you want to make available for processing. The Navigator launches the Analysis Engine for any of the offered languages of Java, Python and Go. The Reviewer is used to browse through the fixes that were generated and uses a “diff” window so that you can see the original code alongside the fixes that were generated. You can also use the Reviewer to browse all the source in the affected file if you wish.

iCR runs as a family of Docker images on a dedicated server that you provide. It is expected that this server has the Docker container infrastructure installed. From the Docker site: “Docker provides a way to run applications securely isolated in a container, packaged with all its dependencies and libraries.” This allows you to install iCR as part of your Development Operations infrastructure with confidence that it will not disrupt your infrastructure. The server may be dedicated hardware within your development network or could be part of private, cloud-based development environment.

The package is installed by the person who will be the Administrator for the iCR service. There is a separate User Guide for the Administrator which describes how to install the iCR package and how to configure it for users.

This guide will show you how to connect to your version-control system (VCS) with support for GitHub, GitLab and Bitbucket systems. Or you may choose to process projects which are already extracted from the VCS and positioned into project folders accessible by the server running iCR.

You select a project for analysis, initiate an analysis of that project, and then review the results. The review process presents to you all the flaws detected and allows you to review each correction whereby you can accept or reject the recommended fix. For accepted fixes, you can then incorporate them back into your project.

You may also want to consider integrating iCR into your routine CI/CD workflows. Workflow frameworks for Jenkins, GitHub Actions and GitLab CI/CD are currently supported. The section titled Integrating iCR Into Your CI/CD Workflows will describe how to prepare and configure the various elements needed to integrate the iCR server into your Jenkins, GitHub Actions or GitLab CI/CD workflows.