Advanced configuration

version2.3 or later

1. Send the analysis results using the SMTP server managed by user

The mail server settings for Sider Scan to send the analysis results are written in the Sider Scan configuration file (.siderscan.json). The available mail servers are:

1. The mail server managed by Sider
2. The mail server (SMTP server) managed by user.

This section explains how to configure the settings to use the SMTP server managed by user. Please refer to the example .siderscan.json file below.

{
  "report": {
    "mail": {
      "to": ["yourname@example.com"],
      "provider": {
        "type": "smtp",
        "port": 2525,
        "host": "smtp.example.com"
      }
    }
  },
  "scan": {
    "result": {
      "url": "${BUILD_URL}artifact"
    }
  },
  "enableSiderScanTracing": {
    "userEmail": "managername@example.com"
  }
}

In this JSON file, you need to modify some strings for your environment.

Line #4: Modify yourname@example.com enclosed in double quotation marks to the email address for receiving the analysis report from Sider Scan. You can input multiple email addresses for receiving reports separated by commas. Here is the example.

"to": ["alice@siderlabs.com", "bob@siderlabs.com", "carol@siderlabs.com"]

Line #7: Input the port number used by your SMTP server. In the above example, it is 2525.

Line #8: Enter the hostname of the SMTP server to be used. In the example above, it is smtp.example.com.

Line #18: Modify managername@example.com enclosed in double quotation marks with the email address of the administrator of the repository to be analyzed by Sider Scan. For example, it will look like this

"userEmail": "david@siderlabs.com"

This information will be used by Sider for the license management of Sider Scan. It is not the destination of the analysis results.

2. Change language settings

Sider Scan allows you to select Japanese or English for the analysis result email and the text in the code detail viewer. The default is Japanese. This section explains how to switch the language to English.

The language setting is written in the Sider Scan configuration file, .siderscan.json . A sample of the .siderscan.json is shown below.

{
  "report": {
    "mail": {
      "to": ["alice@siderlabs.com"],
      "useBuiltInProvider": true
    },
    "language": "en"
  },
  "scan": {
    "result": {
      "url": "${BUILD_URL}artifact"
    }
  },
  "enableSiderScanTracing": {
    "userEmail": "david@siderlabs.com"
  }
}

In the JSON file above, the language setting is done on line number 7, where we write “en” enclosed in double quotation marks as the value of the language key inside the report object. The other lines in the above JSON are just for your reference. Please rewrite them according to your environment.

3. Change the upper limit for the input source code size

The analysis processing time of Sider Scan depends on the file size of the input source code and the amount of duplicate codes. If an extremely large number of source codes are input, the analysis takes long time or may not be completed. Therefore, Sider Scan sets an upper limit for the total file size of input source codes. The default value is 300MB.

To analyze 300MB of source code, Sider Scan uses approximately 3GB of physical memory. To process a larger number of source codes, increase the memory size of the server on which Sider Scan is running and edit the Sider Scan configuration file (.siderscan.json) with the new upper limit value. See example below.

{
  "report": {
    "mail": {
      "to": ["alice@siderlabs.com"],
      "useBuiltInProvider": true
    }
  },
  "scan": {
    "totalFileSizeLimitInMegabytes": 800
  }
}

In the above json file, the value of the scan object’s child object, totalFileSizeLimitInMegabytes (800 in the above example), is the upper limit (unit: MB) for the total number of input source codes.

Note that the “input source code file size” is different from the size of the Git or SVN repository. The repository size is larger than the source code file size because it contains historical information of past versions. For reference, the total source code size of a relatively large open source project is about 136MB for Spring Framework and 88MB for Neo4j.

4. Manage the transmission of usage data from Sider Scan (Only for Professional version)

Sider Scan is installed in a CI system or local server, and the analysis process and the saving of the analysis results are completed within the system managed by the user, and the user-specific data such as source code is never sent to the external server. However, some data is sent to the server managed by Sider Corporation, mainly for the purpose of improving the quality of Sider Scan products and license management. The information we send is as follows:

  1. When the analysis by Sider Scan is started
  • E-mail registered as the repository administrator
    (The email address given as the value of the “userEmail” key in the .siderscan.json file)

2. When the analysis by Sider Scan is finished

  • E-mail registered as the repository administrator
    (The email address given as the value of the “userEmail” key in the .siderscan.json file)
  • Number of problematic code detected by Sider Scan
    (Just number. not including information such as source code)

If you want to restrict the information that Sider Scan sends to the outside due to the security policy of your environment, you can control it by setting the values of the onStartup and onComplete keys in the enableSiderScanTracing key in the .siderscan.json file to true or false. The default value for both keys is true. onStartup key is used to control the data sent when “Sider Scan analysis is started”. onComplete key is used to control the data sent when “Sider Scan analysis is finished”. The following is an example of the .siderscan.json file.

{
  "report": {
    "mail": {
      "to": ["alice@siderlabs.com"],
      "useBuiltInProvider": true
    },
    "language": "en"
  },
  "scan": {
    "result": {
      "url": "${BUILD_URL}artifact"
    }
  },
  "enableSiderScanTracing": {
    "userEmail": "david@siderlabs.com",
    "onStartup": true,
    "onComplete": false
  }
}

In the above example, line #16 permits data transmission when the analysis by Sider Scan starts, and line #17 denies data transmission when the analysis by Sider Scan finishes. The other lines are examples. Please rewrite them according to your environment.