Hudson is a Java based tool for continuous integration of software projects. It runs inside a servelet-based container such as GlassFish or Tomcat. It’s designed to deliver a development environment in which builds are quickly and easily compiled, and either released or put into testing. However, when it comes to Hudson Static Code Analysis it’s necessary to add an integration kit as Hudson does not support static code analysis in its native format.
Checkmarx provides an integration kit for this very purpose, and ensures that when you use Hudson for your continuous integration, you can continue to report on static code at all levels of granularity. In particular, it’s simple to run a build summary which delivers a report on the numbers of warnings (both new and fixed) within the build. There’s also good support for overall trend reporting so builds can be compared against each other to see if there are specific areas that are adding more than their fair share of coding issues.
When the integration kit is in use, you can use a remote API to export the reports on build quality and the warnings identified to other applications. Hudson Static Code Analysis also allows you access to a colored HTML console that identifies which areas of the source code a particular warning applies to. Your development team can also set “failure thresholds” that enable a build to be automatically tagged as either a failure or one that is inherently unstable. This means that you can choose Hudson to compile your code on a regular basis without compromising your test cycle. Regular tests are the key to delivering bug-free, usable code time and time again.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.