jQAssistant 1.0.0 released by Dirk Mahler.
From the webpage:
We’re proud to announce the availability of jQAssistant 1.0.0 – lots of thanks go to all the people who made this possible with their ideas, criticism and code contributions!
Feature Overview
- Static code analysis tool using the graph database Neo4j
- Scanning of software related structures, e.g. Java artifacts (JAR, WAR, EAR files), Maven descriptors, XML files, relational database schemas, etc.
- Allows definition of rules and automated verification during a build process
- Rules are expressed as Cypher queries or scripts (e.g. JavaScript, Groovy or JRuby)
- Available as Maven plugin or CLI (command line interface)
- Highly extensible by plugins for scanners, rules and reports
- Integration with SonarQube
- It’s free and Open Source
Example Use Cases
- Analysis of existing code structures and matching with proposed architecture and design concepts
- Impact analysis, e.g. which test is affected by potential code changes
- Visualization of architectural concepts, e.g. modules, layers and their dependencies
- Continuous verification and reporting of constraint violations to provide fast feedback to developers
- Individual gathering and filtering of metrics, e.g. complexity per component
- Post-Processing of reports of other QA tools to enable refactorings in brown field projects
- and much more…
Get it!
jQAssistant is available as a command line client from the downloadable distribution
jqassistant.sh scan -f my-application.war jqassistant.sh analyze jqassistant.sh serveror as Maven plugin:
<dependency> <groupId>com.buschmais.jqassistant.scm</groupId> <artifactId>jqassistant-maven-plugin</artifactId> <version>1.0.0</version> </dependency>For a list of latest changes refer to the release notes, the documentation provides usage information.
Those who are impatient should go for the Get Started page which provides information about the first steps about scanning applications and running analysis.
Your Feedback Matters
Every kind of feedback helps to improve jQAssistant: feature requests, bug reports and even questions about how to solve specific problems. You can choose between several channels – just pick your preferred one: the discussion group, stackoverflow, a Gitter channel, the issue tracker, e-mail or just leave a comment below.
Workshops
You want to get started quickly for an inventory of an existing Java application architecture? Or you’re interested in setting up a continuous QA process that verifies your architectural concepts and provides graphical reports?
The team of buschmais GbR offers individual workshops for you! For getting more information and setting up an agenda refer to http://jqassistant.de (German) or just contact us via e-mail!
Short of wide spread censorship, in order for security breaches to fade from the news spotlight, software quality/security must improve.
jQAssistant 1.0.0 is one example of the type of tool required for software quality/security to improve.
Of particular interest is its use of Neo4j, enables having named relationships of materials to your code.
I don’t mean to foster the “…everything is a graph…” any more than I would foster “…everything is a set of relational tables…” or “…everything is a key/value pair…,” etc. Yes, but the question is: “What is the best way, given my requirements and constraints to achieve objective X?” Whether relationships are explicit, if so, what can I say about them?, or implicit, depends on my requirements, not those of a vendor.
In the case of recording who wrote the most buffer overflows and where, plus other flaws, tracking named relationships and similar information should be part of your requirements and graphs are a good way to meet that requirement.