Does Boomi offer capabilities to integrate with Static Code Analysis tools like HP Fortify ? basically, what are the mechanisms available to identify any possible vulnerabilities?
Any pointers is much appreciated.
Code analysis tools make sense in an open source and non-zero code environment. Examples are platforms like Red Hat JBoss Fuse. This Java-based platform is based on Apache Camel, Karaf, ActiveMQ, CXF etc. Not so much in Boomi, assuming that Boomi does a good job here
I agree with the points Sjaak made above: as a low-to-no-code platform, there's not really a need to apply traditional code-based analysis tools.
Now if we interpret your question/intent as more generally "is there anything to enforce valid configuration / detect optimizations within MY processes", there is not exactly but that's an interesting idea--almost like a "compiler" of sorts. Of course, there are UI-level configuration validations and component reference integrity checks at deploy-time, but it sounds like you're asking more from a security and perhaps functional/performance perspective. I know type of idea has been suggested before but is a bit tricky in practice--I'd be curious to know what types of things you (and others) might be hoping to identify?
Yes, I was looking for '"is there anything to enforce valid configuration / detect optimizations within MY processes". I agree Boomi Platform provides 'Zero Code' process development, but there could be bad configuration or unoptimized processes.
Adam Arrowsmith - The UI- level configuration validation is done automatically during the compilation or deployment ? or a manual activity
I was looking for identify performance degrading configuration or setup
Hi Ram Gajawada,
Thanks for the additional insight. There isn't exactly such a utility currently but I think it's an interesting idea. I'd love to hear yours and others thoughts on this.
Regarding UI validation, I was referring to simple UI form stuff like required fields, data types, bad/deleted component reference, etc.
Test Coverage would also be a fantastic metric to have, especially for automated deployments.
Hi Paul White,
What do you think Test Coverage would mean for a Boomi process?
Hi Adam Arrowsmith,
Our automated deploy setup is based around running tests for a Parent Process, which itself will have subprocesses 2-3 levels deep.
These subprocesses follow the pattern of Get, Validate, Transform, Send (plus other bespoke subprocs as required).
In it's simplest form, it would be great to know that for each subproc, does a corresponding unit/integration test exist, e.g. Get Test, Validate Test, Transform Test, Send Test.
Even better would be if a unit test exists for every subproc, and if you wanted to go crazy, for individual components as well (but I won't be greedy).
So in the automated deploy, I can do an API call to boomi to get the test coverage value, and then if it doesn't match a threshold I define, I fail out on the deploy.
Retrieving data ...