Users will be able to access all the details regarding the analysis and its key aspects using these various tabs for the project’s dashboard.
The Progress tab is a view that displays all the counts of the project. This tab will give you a summarized count of Code Progress and a complete Activity log. The code progress section displays the information on the latest updates made in the last commit by the user. This section will allow the user to verify the updates made by looking at the following aspects.
- FIXED ISSUES
- NEW ISSUES
Activity Log lists all the activities performed on the project to date. This allows the users to follow the project along with the change log. Users will be able to audit all the activity log as the project progresses. The activity logs will be helpful while Troubleshooting Users won’t have to do the guesswork!, Activity log will also enable the organizations to identify any suspicious behavior on their repositories.
Bugs and Vulnerabilities of the project/code are listed in the issue tab. The Issue tab displays these bugs and vulnerabilities in a dropdown list of all the issues. They are categorized based on the type of issues. Users will be able to see a list of all the similar issues from files across the project on a click of the single drop-down list. These drop-downs also has the number of issues listed under every drop-down, the severity of that type of issue, date of scan, and an approx time that would be needed for resolving those issues. On the same dropdown, the user gets the option to remove the rule. By default, all the projects will have the default rule set assigned to every language. If the user wants to remove any rules to customize the analysis per his standards, he will have to create/assign a custom rule set to the said project.
All this issue can be filtered by the Type, Severity, and Date of the scan.
|Type of issues||Severity||Date of the scan.|
For all types of issues, the user will be able to view suggestions to rectify the respective issue. These suggestions as accessible immediately under each issue category drop-down. Codegrip provides both compliant and non-compliant solutions. In case the suggested solutions come with any exceptions, These exception conditions will also be listed under the solutions so that the user will be able to account for those as well while rectifying the issue. There are also additional references available in the same section so that the user can further refine his plausible solution to the issues.
Codegrip checks for the security vulnerabilities that are predefined by OWASP and SANS predefined threats and issues. In the Security, tab users will be able to find the list of all the security vulnerabilities categorized based on the kind of threat that they pose to the project. Clicking on the drop-down of every category will display the list of all the security vulnerabilities from all the files.
A little brief on OWASP and SANS TOP 25:
OWASP represents a broad consensus about the most critical security risks webbing and mobile applications. The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. The OWASP Top 10 Web Application Security Risks provides guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
The SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software (please note: not all vulnerability types apply to all programming languages). The vulnerabilities include insecure interaction between components, risky resource management, and porous defenses.
Analysis of the code derives aggregates for Project/Code’s Duplication and Coverage. The Code tab allows the user to review these two aggregates in detail. Users will be able to navigate through the issues in the same fashion as the “Project Structure” for the respective repository.
Users will be able to navigate through the issues using the primary indicators for the folders of the repository. This tab will show the user the following indicators:
- Issues found in various files in the respective folder.
- Vulnerability found in various files in the respective folder.
- Code Smells found in various files in the respective folder.
- Percentage of coverage for the code in the respective folder.
- Percentage of duplication in the code in the respective folder.
- Approximate efforts required in time to resolve issue’s in the respective folder.
Rule set Tab.
Users can view all the languages in the project that the user has opened. All these languages have a dropdown that shows which rule set is applied to it currently. All languages will have a default rule set unless customized. If the users have applied a custom rule set, they will also be able to remove any rules that he doesn’t want in that custom rule set. The disable rule button makes it a matter of clicks.
After adding a repository, you may want to enable Slack integration. Codegrip allows you to integrate with Slack channels for providing updates directly to your channels for easing the updates.
To integrate with Slack follow the steps:-
- Navigate to the setting tab of your repository.
- Paste your slack webhooks URL in the given section.
- Select the actions you want to get updated, from the list.
- Click “Save” and done.
A step-by-step guide is available for generating the webhooks URL, you only have to click on “How to get webhooks URL?”
Note: The user will have to set this up for every repository that he wants to be notified of on the respective Slack channels.
Adding users to the Project.
Codegrip provides the functionality to give access to the project with his team members. Using the Project users section in the Settings tab user can invite his team members to contribute to the project.
Users can delete the projects from the “Delete Project” section from the settings tab. A popup will appear on clicking the Delete button, asking for the confirmation of the delete action. If confirmed, the project will be deleted from Codegrip. The user will have to analyze the project again from the “ADD REPOSITORIES” section to view the analysis the next time.