Skip to main content

Scan Agent Framework

The Scan Agent Framework comprises a set of Java APIs that provide the ability to scan codebases at various phases of the development process on remote Engineering systems, within the appropriate context. The Framework provides the backbone for all the processing that a user-created scan-agent plugin requires.

The source code for a generic scan-agent plugin is provided in the toolkit to demonstrate the API flow. By creating a plugin that takes advantage of the Scan Agent Framework, you can tailor Code Insight’s powerful scanning capabilities to your computing environment and incorporate them into your business process flow.

Features Provided by the Framework

The Scan Agent Framework provides the following functionality for the custom scan-agent plugin:

  • Tests the connection from your plugin to the Code Insight server and provides error handling with error messages. These messages include the Code Insight version, any invalid URLs passed, invalid user access tokens, and invalid project names.

  • Passes environmental and system properties.

  • Downloads and installs a remote scanner on the Engineering system where the scan-agent plugin is executed.

  • Invokes the scan called for in the plugin, and sends the scan results back to Code Insight.

  • Processes and displays logging content to a system console in the scan-agent plugin environment.

  • Generates a verbose scanner log for further information and debugging of failed scans.

  • Automatically uploads the output of the plugin to the Code Insight server, where it is then available for inventory review, management, and security alerting via the Code Insight user interface.