Introduction

Thank you for choosing OpenRefactory’s Intelligent Code Repair (iCR). iCR combines source level static analysis and machine learning for examining programs to detect security, reliability, and compliance issues and combines that with behavior-enhancing code refactoring technology to create safe and reliable corrections for those flaws. This results in code free from many serious security vulnerabilities and programming errors.

iCR is offered as an on-demand service, executing on a cloud server such as Amazon‘s AWS or Microsoft's Azure, or an on-premise private platform deployment. Customers can choose to analyze and repair projects which are managed by well accepted cloud-based Version Control Systems such as GitHub, GitLab or Bitbucket, or projects which are copied onto the privately deployed platform.

You system administrator can install iCR on a standard Linux platform such as Ubuntu or RedHat Enterprise Linux (RHEL). You would use either the apt package management system for Debian-base versions of Linux, such as Ubuntu, or RPM/dnf for RHEL operating systems.

To execute iCR on your platform, your administrator will need to obtain a license from OpenRefactory. The license enables the operation of iCR for a maximum number of OpenRefactory Bundled Lines of Code (OBLoCs) for a specified time period. The number of OBLoCs in your license is negotiated with OpenRefactory at the time you purchased your subscription or initiated your Test Drive trial.

The iCR server implements 3 main components:

• Navigator You use the Navigator to help you to select the projects that you want to make available for processing

• Analysis Engine The Navigator launches the appropriate analysis engine for any of the offered languages of Java, Python and Go

• Reviewer The reviewer is used to browse through the fixes that were generated and uses a “diff” window so that you can see the original code alongside the fixes that were generated. You can also use the Reviewer to browse all the source in the affected file if you wish.

iCR runs as a suite of Docker images. It is expected that your administator has properly configured your server platform with the Docker container infrastructure installed. From the Docker site: “Docker provides a way to run applications securely isolated in a container, packaged with all its dependencies and libraries.” This allows you to install iCR as part of your Development Operations infrastructure with confidence that it will not disrupt your infrastructure. The server may be dedicated hardware within your development network or could be part of a cloud-based development environment.

The iCR server software is installed by the person who will be the Administrator for the iCR service. There is a separate User Guide for the Administrator which describes how to install the iCR softwre and how to configure it for users.

This guide will show you how to connect to your version-control system (VCS) with support for GitHub, GitLab and Bitbucket systems. Or you may choose to process projects which are already extracted from the VCS and copied into project folders accessible by the server running iCR.

You select a project for analysis, initiate an analysis of that project, and then review the results. The review process presents to you all the flaws detected and allows you to review each correction whereby you can accept or reject the recommended fix. With the Buddy option, you have additional help with understanding the risk associated with the bug through a more thorough explanation offered by the AI companion as well as improved recommendations for fixing the problem. If you accept an offered fix, you can then incorporate them back into your project.

You may also want to consider integrating iCR into your routine CI/CD workflows. Workflow frameworks for Jenkins, GitHub Actions and GitLab CI/CD are currently supported. The section titled Integrating iCR Into Your CI/CD Workflows will describe how to prepare and configure the various elements needed to integrate the iCR server into your Jenkins, GitHub Actions or GitLab CI/CD workflows.