Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents

Overview

PreviousIntroductionNextAuthorizing Access to Your Source Code

Last updated 6 months ago

The following is a quick overview of how to use iCR. It is assumed that your server administrator has installed and started iCR. If you are the administrator, refer to the for details on how to install and configure iCR. It is also assumed that you know the URL or IP address of the host server where your administrator installed iCR.

Using that URL, connect to the service using a standard browser of your choice.

iCR consists of 3 major components:

  1. The Navigator is the main component with which you interact;

  2. The Analysis Engine analyzes source code and generates fixes;

  3. The Reviewer helps you to review, approve/reject and apply the fixes. Using the Navigator, you will:

  4. Direct the Analysis Engine to scan the source code of your iCR project; and

  5. Initiate the Reviewer(s) to examine the generated fixes and accept or reject them.

To understand how each of these steps is executed, let’s first look at how to select and analyze a project. The figure below outlines the steps taken to select the code to be analyzed and initiating the analysis.

  1. Select the repository that you are using to manage your source code. This may be a Version-Control System (VCS) available on the cloud or as an in-house service. iCR supports your choice of GitHub, GitLab and Bitbucket systems.

  2. The Navigator will use OAuth or your Personal Access Token (PAT) to authenticate with the VCS service. Once connected with the VCS, the Navigator will present you with a view of all the available repositories associated with your User ID. You may then clone any repository that you wish to examine, and you will have all of the branches available for analysis.

  3. Pick a branch to analyze and simply click on the Analyze button in the Navigator.

  4. Navigator will start the Analysis Engine as a background process. You may monitor the progress from the Navigator in a separate browser tab. For a long running analysis, you may choose to receive a notification and exit iCR. Only one analysis can be run at a time.

  5. The Analysis Engine analyzes the source code and prepares the fixes. You may choose to have the Navigator send you an email notification when the analysis completes and the fixes are ready.

The list of iCR supported fixers for the supported languages may be found using these links:

Once a project has been analyzed and fixes generated, they are available for review. The diagram below outlines the steps taken to perform a reviewing session.

  1. Return to the Navigator when analysis is complete to review the fixes. Select any branch that has been analyzed and click on Review button within the Navigator. You may review past results even when the Analysis Engine is currently running on a project.

  2. The Navigator starts the Reviewer component in a separate tab.

  3. The Reviewer allows you to browse all of the fixes and gives you the opportunity to accept or reject various fixes. Any number of your developers can review and approve fixes concurrently. After approving fixes, you can Apply them to your project. If there are fixes that you are not clear about or you think are incorrect, you can let our developers know by filling out a quick feedback report for that particular fix.

  4. The Reviewer creates a temporary branch in your repository with the potential fixes placed there as git commits. This gives you a standard way of choosing when you want to roll these fixes into your project branch(es).

The remainder of this guide will provide you with all the details needed to help you to run iCR on your projects. The first step to do that is to prepare your source code repositories for access by iCR.

iCR employs a suite of scalable deep analysis tools to provide a comprehensive analysis of your program’s flow with emphasis on tracking references across methods. From that analysis, iCR then employs a broad family of what we call Fixers which are focused on common programming flaws and coding standards such as the or the for Python.

SEI CERT Oracle Coding Standard for Java
PEP 8 Style Guide for Python Code
Java supported fixers
Python supported fixers
Go supported fixers
User Guide for the Administrator