This topic describes projects and how the term is used in Semmle analysis.
Each project analyzed using Semmle analysis is a code base that:
- builds in a relatively uniform way
- can be tracked over time
- is written in a single programming language
- as far as possible, is a self-contained unit with few external dependencies.
Typically, there is one project for each application being developed, and each branch that you want to track. The configuration for each project is stored in a
project configuration file. This file includes information about the programming language, how to access your source code and a policy on file storage.
In the context of Semmle analysis, a "project" comprises all of the files in a single programming language stored within a single source code repository. For example, all Java files within a single repository are treated as one project. Python files within the same repository are treated as a separate project, even though both types of files may be required to build a single application.
How are projects created?
You can create a new project using one of the following methods:
Use the bootstrap command –- this command guides you through the steps required to configure and create a new project. There are also further options to help you process your source code in order to carry out analysis. This method is useful if the new code base is substantially different from any currently defined projects.
- Use createProject to copy an existing project –- creates a copy of the project configuration that you can edit to define the configuration of the new project. This method is useful if the new code base is similar to a currently defined project (for example, a different branch or a new application in the same repository or with a similar build method).
Use createProject to copy a template –- creates a project from a template that you can edit to define the configuration of the new project. This method is useful to experts if the new code base is substantially different from any currently defined projects.
When you create a new project using the bootstrap command, a new sub-directory of the
odasa/projects directory is created to store the project and all associated files. When you create a project using the
createProject command then you can define an alternative location for the new project.
Example: A team wants to monitor the quality of two applications:
AppOne is written in a single language but
AppTwo has components written in two different languages, languages
B. They create three separate projects to analyze each language component of the applications. Using the default set up, this results in the following directory structure:
Initially, each new sub-directory contains only a
project file that defines the basic properties of the project. After you have created a project file, you have the information required to generate a snapshot of your code which can be analyzed in order to generate results.
What is the
project file contains the configuration details for a single project, including:
- The programming language.
- How to access a new version of the source files for the project, typically from an SCM repository.
- How to build a snapshot of the project from the source files.
- A policy to define snapshot storage requirements.
The entire project configuration is defined using XML. Each project is monitored over time, so for a default configuration of Semmle Core each project sub-directory contains multiple snapshots of the code in addition to the
project file. Typically, a new snapshot is added every day or as the code is revised. If Semmle Core is configured for large scale deployment, you can store configuration files and output data in separate directories by assigning optional environmental variables. For further information, see large-scale deployments.
What are the main tasks for a project?
Administrator tasks for a project include: