Category Archives: Open Source

SWAMP SCMS Plug-In Update

The SWAMP’s plug-in for SCMS (source control management systems) was updated recently. The 1.3 release makes the plug-in easier to use and increases stability and correctness. The 1.3.3 version contains bug fixes. Noteworthy changes are listed below. More information about our plug-ins (https://continuousassurance.org/plug-ins/) can be found on our website.

SCMS plug-in versions 1.3 and 1.3.3:

  1. Added complete verification of the entire plug-in configuration through enhancement of the –verify option. Always run the uploader with –verify after making configuration changes to verify that everything is correct. If it can’t pass –verify, the configuration will not work.
  2. Support for newer SWAMPs with os-ver-bits platform names.
  3. Java used by the plug-in can be configured in the plug-in config file; this allows development with java which is not compatible with the swamp-cli used by the SCMS plug-in.
  4. Added update capabilities to the installer to update current and already installed plug-ins to a newer version. Any changed “config” files will be installed with a “.instnew” extension so it is easy to manually diff and configure existing config files.
  5. Installer updated to allow login and querying of information from a SWAMP to assist in configuring the plug-in.
  6. Extensive notes and examples added to the default configuration file.
  7. Global config and credential files are no longer installed by default unless the –global option is added.
  8. New swamp-java-cli 1.3.3 added to plug-in.
  9. RELEASE_NOTES.md updated.
  10. General enhancements and bug fixes.

SWAMP Plug-Ins Update

The SWAMP’s open source software and plug-ins for Eclipse and Jenkins were updated recently. Noteworthy changes are listed below. More information about our plug-ins (https://continuousassurance.org/plug-ins/) and open source software (https://continuousassurance.org/open-source-software/) can be found on our website.

Eclipse plug-in version 1.0.5:

  1. Fixed a bug that was causing executable bits in the file permissions to not be preserved in the uploaded archives
  2. Fixed a bug that causes results to not be displayed for tools that don’t have bugGroup
  3. Enhanced to use the new platform names that were introduced in SWAMP version 1.31

Jenkins plug-in version 1.0.5:

  1. Enhanced to use the new platform names that were introduced in SWAMP version 1.31
  2. Enhanced assessment status reporting on the console
  3. Fixed a bug that was causing intermittent logouts from SWAMP

Java-cli version 1.3.1:

  1. Added documentation and javadoc for SwampApiWrapper
  2. Added -—quiet Mode for each sub-command
  3. UUID is now printed as the first segment in the output; this should make automation easier.
  4. Changed —-XXX-name options for various sub-commands, now renamed to —name
  5. The undocumented 1.2 version was deprecated.

SWAMP-in-a-Box Update 1.31

SWAMP-in-a-Box version 1.31.151 is now available for download! The latest files are on GitHub, or you can download the install files here.

Noteworthy changes include:New

  • Synopsys Static Analysis (Coverity), a tool for assessing C/C++ packages, can now be added to a SWAMP-in-a-Box installation. You must license Synopsys Static Analysis and obtain either the 32-bit or 64-bit tool archive files separately from Synopsys, Inc.
  • Documentation for SWAMP-in-a-Box has been reorganized into an Administrator Manual and a Reference Manual. Each comes as a PDF and HTML document, which can be found in `/opt/swamp/doc` on the SWAMP-in-a-Box host.
  • New versions of the CentOS and Scientific Linux 6.7 (32-bit and 64-bit) assessment platforms are available. If any of these platforms were previously installed as an add-on, we recommend you download and install the updated versions.
  • The CentOS and Scientific Linux 5.11 (32-bit and 64-bit) assessment platforms are no longer supported. If any of these platforms were previously installed as an add-on, they will be removed as part of the upgrade to SWAMP-in-a-Box 1.31.
  • Added new versions and/or updates for the following assessment tools: Checkstyle, error-prone, Findbugs, PMD, and XML Lint.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

SWAMP Plug-Ins for Eclipse, Git/SVN, Jenkins

Make sure you are taking advantage of everything the SWAMP has to offer! The SWAMP has created a variety of plug-ins to integrate into the software development lifecycle and to support continuous integration. The SWAMP’s plug-ins are open-source and can connect to the SWAMP site or to your own SWAMP-in-a-Box. Find them here: https://continuousassurance.org/plug-ins/.

  • Eclipse: The Eclipse plug-in allows Java and C/C++ Eclipse users to perform static code assessments in the SWAMP and view the results within the Eclipse Integrated Development Environment (IDE).
  • Git and Subversion: This script is a Git and Subversion hook. Any commit or push of a new version will upload that version of code in the SWAMP. Results are viewable from the SWAMP website.
  • Jenkins: The Jenkins plug-in allows projects using Jenkins to perform static code assessments in the SWAMP as part of a build. Results and trend data can be viewed on the SWAMP website or directly in Jenkins.

SWAMP Software Is Open Source

Software from the SWAMP is open source! You may already have your own SWAMP-in-a-Box, a private/local instance of SWAMP, or our plug-ins for Eclipse, Jenkins, and Git/Subversion. But did you know that more of our software is also available on GitHub?

  • The assessment frameworks help to build and assess software in the SWAMP.
  • The results parser converts the output of software assessment tools into the SWAMP Common Assessment Result Format (SCARF).
  • Other software puts SCARF into a database.
  • Our libraries let clients read/write SCARF and perform common operations in the SWAMP.

To learn more and to review or download our code, visit the new Open Source Software page!

SWAMP-in-a-Box Update 1.30.114

We have released an update to SWAMP-in-a-Box (SiB) version 1.30. SiB release v1.30.114 contains a few bug fixes and a patch to allow the SWAMP plug-ins to work with SiB. If you have already downloaded or installed SiB v1.30 (v1.30.113), you are not required to download the latest update unless you would like to use the SWAMP plug-ins with your SiB instance.

The updated SWAMP-in-a-Box v1.30.114 is now available for download here or on GitHub. Note that you may still see the version reflected as 1.30, as not all files received the updated 1.30.114 version number, but all appropriate files have been updated.

Let us know if you have any questions at sib@continuousassurance.org.

SWAMP-in-a-Box Update 1.30

SWAMP-in-a-Box version 1.30 is now available for download! The latest files are on GitHub, or you can download the install files here.

Noteworthy changes include:New

  • SWAMP-in-a-Box can now be configured to use an LDAP or LDAP-compatible Active Directory server for managing user accounts.
  • SWAMP-in-a-Box can now be configured to allow GitHub, Google, and CILogon accounts to be linked to SWAMP user accounts, allowing users to sign into the SWAMP using their third-party credentials.
  • The GrammaTech CodeSonar tool for assessing C/C++ packages can now be added to a SWAMP-in-a-Box installation. You must license CodeSonar and obtain either the 32-bit or 64-bit installers for CodeSonar separately from GrammaTech, Inc.
  • SWAMP users can now add Application Passwords to their SWAMP accounts. These passwords can be used with the SWAMP plugins for Eclipse and Jenkins to allow them to connect to the SWAMP without using the users’ main passwords.
  • Java 8 is now the default Java version when creating new Java source and Java bytecode packages.
  • The SWAMP now uses the “recursive” option to include linked sub-modules when pulling code from GitHub to create a new package or when adding a new package version.
  • The Native viewer for assessment results now includes information about the package, tool, and platform used, along with start and completion times, for the assessment.
  • SWAMP users can now change their SWAMP username when editing their profile page.
  • Added new versions and/or updates for the following assessment tools: Brakeman, Dawn, Reek, RuboCop, and ruby-lint.
  • The SWAMP-in-a-Box install and upgrade scripts now configure the web server (Apache) to disallow HTTP connections. The SWAMP must be accessed using HTTPS.
  • The SWAMP-in-a-Box install and upgrade scripts no longer attempt to configure firewall settings on the host. Required configuration is now documented in the `README-BUILD-SERVER.md` file that is included with the SWAMP-in-a-Box installer.
  • General enhancements and bug fixes.

Let us know if you have any questions at sib@continuousassurance.org.

« Older Entries