This page describes the Kiuwan IDE Plug-In.
Contents:
Children Display |
---|
Excerpt |
---|
Kiuwan IDE Plug-InKiuwan allows for a true shift-left approach by integrating with all the main IDEs. |
Table of Contents |
---|
...
Kiuwan for Developers |
...
is a plug-in for |
...
development IDEs that facilitates and automates compliance with security normatives, quality standards and best practices for several languages. It provides the following benefits: |
...
|
...
The Kiuwan IDE Plug-in |
...
monitors and reports on the security, quality, and efficiency of your code at the point that it is written. This immediate feedback provides you with the opportunity to improve your code before it is delivered. |
Supported IDEs and Requeriments
Info | ||
---|---|---|
| ||
Kiuwan for Developers has been succesfully tested in following IDEs and minimum versions:
For others IDEs and versions, please contact Kiuwan Technical Support |
Info | ||
---|---|---|
| ||
Kiuwan for Developers (K4D) requires Java 8 or above —either JDK or JRE— is required. You may download it from http://www.oracle.com/technetwork/java/javase/downloads/index.html. Please visit Java 8 and JAVA_HOME for further info |
Info | ||
---|---|---|
| ||
If your are running Eclipse under Linux/Unix you can experience problems after install K4D. That's due to some well-known problems with GTK3 use by Eclipse distributions. Please visit next links for furhter info.
To solve this issue, please modifiy eclipse.ini : Add to your eclipse.ini: --launcher.GTK_version before the line: --launcher.appendVmargs |
Installation
To install Kiuwan for Developers just follow the steps below:
- Open Eclipse and, in the main menu, click on Help >> Install New Software...
- Select the Add... option and type the following values:
- Name: Kiuwan
- Location: https://www.kiuwan.com/pub/updatesite
- Pressing Ok will save this new update site and Eclipse will query our server to retrieve available features and plugins
- The Kiuwan for Developers feature will appear in the list below, check it and click on Next >
- Read and accept our Terms of Use
- Accept the certificate used to sign our product
- When the installation finishes and Eclipse asks to restart the IDE, please do so
If installation successfully completes, Kiuwan for Developers will be up and running upon restart!
The Welcome view will be shown with a new addition on top, Kiuwan for developers, which links with the Quick Start Guide integrated in the IDE. If you closed this view accidentally, you might open it again through Help >> Welcome.
The Quick Start Guide will help you:
- Configure your Kiuwan account and check that there are no problems with your connection and permissions.
- Add the Kiuwan Nature to the projects you want to analyze.
- Learn how and when Kiuwan for Developers analyze your sources.
- Learn about the views that display your analyses results.
Configuration
Info | ||
---|---|---|
| ||
After installation, you need to configure K4D to connect to Kiuwan servers. K4D connection settings is configured at Window -> Preferences -> Kiuwan - Connection Settings |
Fill in you User and Password of your Kiuwan Account and click Check Credentials to validate access.
In case you are using a proxy, please configure Proxy Settings.
Mapping your Eclipse project to Kiuwan Application
After K4D is installed and connection is configured, you are ready to map your Eclipse project to a Kiuwan application.
To map your Eclipse project to Kiuwan, you can do it in several ways:
- Project->Properties
- Right-click on your project and select Configure->Convert to Kiuwan Project...
- Right-click on your project and select Properties.
Next dialog will be open.
To map your Eclipse project to a Kiuwan Application allows to execute K4D analysis synced to the Kiuwan Model defined at application level.
This means that K4D analysis will be executed with the same Model (rules, configuration, etc.) defined for for the Kiuwan application.
Please visit Models Manager User Guide for further help on Kiuwan Models.
Also, mapping your project to a Kiuwan Application allows to download defect list found by Kiuwan servers to you Eclipse, so you can work locally on fixing those defects.
Working modes
The Kiuwan IDE Plug-In can work in two different modes:
- Analyzer mode
It allows you to analyze your application source code directly within (and fully integrated into) your IDE. You can analyze the whole project (or just some specific files), then review the detected vulnerabilities and defects, fix them and re-analyze, without exiting your IDE.
- Remote Viewer mode
The plug-in also lets you "download" the vulnerabilities and defects stored in Kiuwan (in the last Baseline, or in a specific Delivery, or even the issues to be fixed according to a defined Action Plan). This way, you can go directly to the issues you must fix, just double-click on the defects and go directly to the offending line of code.
By using both modes, you can get a comprehensive understanding of:
- the server view of the application, and
- your local view of the defects according to the changes you are making to the source code
Info |
---|
Analyzer and Remote Viewer modes are separately licensed. Please check your Kiuwan License to see available modes. |
Supported IDEs
The Kiuwan IDE Plug-In is available for following IDEs:
- Eclipse-based (Analyzer and Viewer)
- Eclipse
- RAD (Rational Application Developer for WebSphere)
IBM Rational Developer for i Systems
IBM Rational Developer for z Systems
- Microsoft Visual Studio (Viewer)
- JetBrains (Viewer)
- IntelliJ IDEA,
- PhpStorm,
- PyCharm
- WebStorm
- Android Studio
- CLion
- Microsoft VS Code (Viewer)
For others IDEs and versions, please contact Kiuwan Technical Support
K4D execution modes
Info | ||
---|---|---|
| ||
K4D can be configure to run in different execution modes:
By configuring K4D, you can decide when Kiuwan will be executed and what files will be analyzed. |
Manual analysis
Info |
---|
If your Eclipse project is NOT configured to "Build Automatically", Kiuwan will only run on-demand. |
...
Info |
---|
In this case, to manully execute the analysis, left-click on the selected item (file, folder, project) and select "Run Kiuwan Analysis". Kiuwan will then execute the analysis on the selected item(s). |
Automatic analysis
Info |
---|
If your Eclipse project is configured to "Build Automatically", Kiuwan will run automatically and you can configure when the analysis will run and on what files. K4D execution mode is configured at Window -> Preferences -> Kiuwan - Analysis Options |
Info | ||
---|---|---|
| ||
If your Eclipse project is configured to "Build Automatically and "Automatic quality analysis" is checked, Kiuwan will analyze a file after you save the file. Only the selected file will be analyzed. |
Info | ||
---|---|---|
| ||
If your Eclipse project is configured to "Build Automatically and "Do full builds" is checked, Kiuwan will analyze the complete project when you Clean the project. Please note that this option is only available if "Automatic quality analysis" is checked. |
K4D Defects List
To view the analysis' defects list, go to Window -> Show View -> Other -> Kiuwan
Local defects list
Local defects list displays defects found during local analysis executed within your Eclipse by K4D.
Info | ||
---|---|---|
| ||
Local defects list displays defects found during local analysis executed within your Eclipse by K4D. |
Configuring Contents
Although K4D will execute the analysis with the model associated to the mapped Kiuwan application, you can further limit the scope of the K4D analysis to a subset of that model.
This would allow you to concentrate on a specific set of rules or files, reducing the number of defects that appear in the list. Only defects matching those filters will be displayed.
Filters can be configured based on Priority, Characteristic or Language. Also, you can set a filter for defects of files whose file path contains some substring.
Info | ||
---|---|---|
| ||
An important point is to set a limit for the number of defects displayed in the list. By default, it's set to 100. You can increase such limit, but performance of your Eclipse can be seriously damaged. Take care not to set that limit to a high number. |
Configuring Filters
Regardless of you have configured the subset of defects of K4D analysis (see above), you can further reduce that subset by defining additional filtering conditions.
Most important filter is Scope:
- File option will only display defects of the selected file in the Eclipse source file editor
- Project option will display the defects of the entire project
Additionally, you can define filters based on Priority, Characteristic and Language.
Server defects list
Updates
Kiuwan for Developers checks automatically for updates on Eclipse startup and on a daily basis after that.
If you need to check it manually, you can do so through the standard Eclipse mechanisms, or by simply going to Window >> Preferences >> Kiuwan and pressing the Check for updates button.
Support
If you experience problems with the Kiuwan plugin for Eclipse, you can read our documentation to try to fix it yourself, or if you prefer you can collect troubleshooting information and send it to us.
Context-sensitive help
A focused set of help topics that is related to the current context can be shown to users on demand using context-sensitive help. This form of user assistance is delivered to users when a platform-specific trigger is activated (e.g. F1 key on Windows, Ctrl+F1 on GTK, Help key on Carbon). Some contexts where help is available are preferences dialogs, project properties dialogs or views.
Troubleshooting
Important information for troubleshooting is scatered across several log and configuration files. To make this process easier to you, just go to Window >> Preferences >> Kiuwan >> Support and press the Extract support data button. Choose the folder where you want to save this information, and submit to our technical support team the compressed file generated there.
See contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.
...