SAP Security Tool Now Enables Automated QA & Security Checks for SAPUI5
April 2018 by Marc Jacob
Virtual Forge announced its CodeProfiler for HANA is now able to scan the SAPUI5 programming language. The company also announced new patents pending for the technology. CodeProfiler for HANA enables companies to run automated quality and security checks on their custom developments as lines of code are being developed on the SAP HANA platform.
Virtual Forge’s CodeProfiler for HANA provides developers with detailed feedback on the code quality of SAPUI5-based business applications, even as developers write the code – similar to the spell-checking functionality of a word processor. HANA differs fundamentally from other SAP technologies, making it difficult for programmers to maintain the security, performance levels, overall code quality and compliance necessary for custom SAP-developed programs.
CodeProfiler for HANA supports the programmers in an effective way.
The average ERP system based on SAP’s ABAP language contains two million lines of custom programming, and the numbers for customers using the newer HANA technology will probably reach similar statistics. CodeProfiler for HANA is designed to pinpoint and eliminate critical deficiencies in security, compliance, and performance early in the process of creating HANA programs. The technology interfaces with the two development environments used for HANA: Eclipse and SAP’s home-grown Web IDE tool1. It supports the programming languages used in SAP HANA, including SQLScript, XSJS, and SAPUI5.
The content-checking component offered by both CodeProfiler for ABAP and CodeProfiler for HANA includes key areas of security, compliance and data loss prevention. It also offers quality checks to ensure maintainability, robustness, and performance. Developers can also take advantage of detailed documentation of the test cases at hand. For each test case, CodeProfiler provides extensive documentation that allows a developer to understand the identified problems and associated risks. It also enables the developer to easily mitigate them.
Virtual Forge filed new technology patents for CodeProfiler, which include the following highlights:
• Overcoming SAST limitations for dynamically typed languages by using a hybrid approach to execute the source code to be analyzed in a controlled execution environment in the form of a virtual machine.
• Allowing code analysis during the early stages of software development.
• Reliably reproducing tests and scans of DAST/IAST without side effects.