By Alan Ashley | Feb 15th 2022
In software development today, there is always less time and more work. Combining the two is never a good result. So, when there are tools that can automate the work and do that work well – as a business, this is something you need to explore. For ensuring code quality and security on IBM i, ARCAD Code Checker will be that tool.
How protected is your legacy and new code on IBM i?
Do your processes safeguard code quality and security, and meet your compliance goals?
Do you need to remove bottlenecks in peer review and give developers more time to develop?
Do you need to make code checking continuous?
Do you need to decrease the learning curve for new developers?
When you begin your process to develop a new application or an enhancement to an existing application, one of the areas that is often at the bottom of the list is security. Why is this? Well, security is hard. Security is time consuming. Security is resource dependent. So, this is where ARCAD CodeChecker can step in. CodeChecker is designed to slide into your current process even if you don’t currently use the ARCAD for DevOps suite of tools.
As you continue to produce new lines of code, new interfaces, or new databases, your developers follow a standard for coding quality. This is usually a combination of industry-standard rules and some specific rules for your business. As most developers can attest, they are always under a deadline, and when time becomes a factor, steps can be skipped. Vulnerabilities can be left undiscovered, even if they are as simple as a copyright line in a piece of code. This is where you hope and trust that peer review will catch the errors. What happens when your developer must peer review their own code? In any case, whoever is tasked with a manual review is also under time pressure and liable to human error. Again, this is where ARCAD CodeChecker can step in.
Are you wondering how to bring your new developer up to speed and ready to use the policies and processes set forth in your code development guidelines? Do you wonder how secure is your older RPG or COBOL code? Or how solid is your SQL security, does it guard against injections?
Now that you have seen some of the problems that are out there, or even the problems you may not even know you have, let’s review what ARCAD CodeChecker can really do for you.
Figure 1 – Finding those Bugs
Let us start with the Code Quality aspect of CodeChecker. The tool comes packaged with hundreds of rules, such as finding GOTO statements to checking for security vulnerabilities like SQL injection or dynamic SQL. These rules are out of the box ready to check your code. If you find that a rule doesn’t exist for your needs, you can easily create a new rule. Within the tool you can have it scan all the source code, only the new code, or a rule that is specific for your business. As you can see, CodeChecker is very flexible.
Now that you have the tool to help your business, the next question is where to run it. Nice thing is, CodeChecker can be part of your ‘shift left’ strategy and developers can run the tool on the code directly as they write it, even before it goes into peer review or testing. CodeChecker can also be initiated by a testing team so that your developers can continue to develop. If any issues are found, they can just be routed back to the developer to resolve. Ultimately CodeChecker slots into your CI/CD pipeline when using tools like Jenkins, which eliminates any bottlenecks in your review process.
You can see below where CodeChecker fits into the ARCAD for DevOps pipeline. If you are a current ARCAD user, it will just drop into the process. Or, if you want to use CodeChecker as a stand-alone tool, just slide it into your current development process. Configure it to point to your source code and you are off and running.
Figure 2 – Arcad Development Pipeline
Lastly, as many shops are bringing in new developers that may not be up to speed with all the industry best standards in coding, CodeChecker can be used as that on-the-fly ‘educational’ tool. As they begin to use CodeChecker, they will learn the desired best practices not only for the industry but for your business and applications. And since CodeChecker integrates with RDi via plugins, it has the fit and feel of a modern interface, helping your new developer to quickly ramp up.
At the start, I mentioned a few bullet points. If you answered yes to any or all of those points, then ARCAD CodeChecker is the tool you need to add into your development pipeline. With ARCAD CodeChecker you will continue to shift code and bug detection to the left – and the further left you can push those defects, the higher the cost savings.
If you would like more information on Arcad’s CodeChecker, please contact Arcad Software for a Demonstration.
Solution Architect, ARCAD Software
Alan has been in support and promotion of the IBM i platform for over 30 years and is the Presales Consultant for DevOps on IBM i role with ARCAD Software. Prior to joining ARCAD Software, he spent many years in multiple roles within IBM from supporting customers through HA to DR to Application promotion to migrations of the IBM i to the cloud. In those roles, he saw first hand the pains many have with Application Lifecycle Management, modernization, and data protection. His passion in those areas fits right in with the ARCAD suite of products.
Request a demo
Let’s talk about your project!
Speak with an expert