Tutorial - Creating a taxonomy and viewing the results

From Insight-10.0

Integration build analysis > Project/build management > Configuration > Integration build analysis config > Tutorial - Creating a taxonomy and viewing the results

Contents

This tutorial shows you how to:

You need the "Change project settings" permission to perform these tasks.

For more information on taxonomies and using the Configuration Editor, see Configuring checkers for the integration build analysis.

Tip: Prior to Insight 9.2, you could filter by issue type on the desktop, or scope by issue type in Klocwork Review. This tutorial explains how you can use taxonomies and views to accomplish the same thing.

Our example company has a policy to flag and eliminate all Null-Pointer Dereference (NPD) issues, all Buffer Overflow (ABR and ABV) issues, and two specific security vulnerabilities: SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.

Setting up the Company Policy taxonomy

First, we need to set up the Company Policy taxonomy in the Configuration Editor.

  1. Launch the standalone Taxonomy Editor.
    The Taxonomy Editor appears.
  2. Right-click any white space and click New taxonomy.
  3. In the Create new taxonomy dialog, enter "Company Policy" and click OK.
  4. Expand the C and C++ taxonomy.
  5. Ctrl-click the Buffer Overflow and Null Pointer Dereference categories.
  6. Right-click and select Copy.
  7. Right-click Company Policy and select Paste.
  8. Now, we're going to add two security vulnerability checkers to the taxonomy.
    Right-click Company Policy and select Add issue.
  9. In the Issue code field, start typing SV.IN.
    Autocompletion fills in the rest of the name and suggests checkers matching your entry.
  10. Select SV.INCORRECT_RESOURCE_HANDLING.URH and click OK.
  11. Repeat the previous two steps, but this time select SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
  12. Click OK and save your new taxonomy file somewhere you can find it.
  13. Log in to Klocwork Review.
  14. In Klocwork Review's project list, click the project you want to upload the file to.
    The project details appear.
  15. In the project details, click Configuration.
  16. On the Configuration page, click Add a configuration file.
  17. In the Choose file dialog, browse to:
    <projects_root>/projects/<project_name>/rules/<yourtaxonomyfile>.tconf (or wherever you chose to save your taxonomy file)
    where <project_name> is the project whose configuration you want to copy.
  18. Click Upload.
    Your new Company Policy taxonomy appears in the tree.
  19. Expand the Company Policy taxonomy and make sure that all the NPD and ABV checkers are enabled.
  20. Add a check to SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS to enable them.
  21. Click Config editor save.png to save your changes.

Tip: To learn how to apply a taxonomy to all new projects, see Copying the configuration to all new projects.

Now we'll use our taxonomy in Klocwork Review.

Using the taxonomy in Klocwork Review for report and issue management

We'll create a view, so that you will see only issues in the Company Policy taxonomy.

  1. In Klocwork Review's project list, click the project you configured.
  2. Click views.
  3. On the Views page, click Create a new view.
  4. In the text field, enter "Company Policy".
  5. In the Search field, enter:
    taxonomy:"Company Policy"
  6. Select the public checkbox. This will make the view available to all users with access to this project.
  7. Click Create to save your view.
    Your view appears in the list. Note that the number of open issues for the Company Policy view is different from the default view.
    Review views list company policy taxonomy.png
  8. Click the link for open issues within the Company Policy view.
    Note that the Company Policy view is visible in the breadcrumb, and you can easily switch to another view.
    Review issues in company policy view.png
  9. Click reports on the upper right.
    Note that report data is also filtered by the Company Policy view.
  10. Click Top 10 Open Issues.
    The report shows only issues of the types we included in the Company Policy taxonomy.
    Review report company policy view.png

Grouping and filtering by taxonomy in connected desktops

Connected desktop users can filter and group issues by taxonomy to get a clearer picture of how they're performing against the Company Policy. For this example, we'll use Visual Studio 2008.

Grouping by taxonomy

You can group issues by taxonomy to get a picture of how issues are distributed across multiple taxonomies by clicking the VS group by taxonomy.png icon.

You'll see issues distributed across taxonomies. If the same issue is detected in more than one taxonomy, you'll see it listed under each applicable taxonomy.

Filtering by taxonomy

If you want to see only issues for a specific taxonomy, filtering by taxonomy is the way to do this.

  1. Click the Vs filter icon.png filter icon.
    Note for Visual Studio users: The filter icon filters local issues only. Use the Taxonomy list to filter by taxonomy.
  2. Under Taxonomies, deselect all but Company Policy.
  3. Click OK.

The only issues you see listed are of the types included in the Company Policy taxonomy.

See also