This is the first blog of the blog series about Remote Code Analysis in ABAP Test Cockpit (ATC).
See also blogs:
ATC Introduction
For those of you, who are using Code Inspector (SCI) and are not familiar with ABAP Test Cockpit (ATC) yet, it is SAP’s central quality assurance infrastructure for static functional, performance and security code checks, which bundles together the well-known and widely used quality tools like syntax check, SLIN, ABAP Unit, security checks and is extensible for your custom checks. ATC reuses Code Inspector checks and significantly improves the code quality by offering the uniform quality criteria for the whole development landscape and establishing new quality assurance processes (quality gates, exemptions, mass regression tests) to minimize errors in productive systems. Beyond this ATC is the toolset of choice to achieve the smooth migration of ABAP code to SAP HANA and SAP S/4HANA by means of special SAP HANA and SAP S/4HANA checks.
A very good general overview about ATC is in the blog ABAP Test Cockpit – an Introduction to SAP’s new ABAP Quality Assurance Tool. ATC is also integrated in the ABAP Development Tools in Eclipse (ABAP Test Cockpit for Developers in Eclipse).
Limitations
Imagine you have older systems (SAP_BASIS >= 7.00) with your own custom code base and would like to execute the latest security checks and SAP S/4HANA readiness checks for your custom code in order to get compliant to the increased corporate security requirements and prepare your code for the SAP S/4HANA migration.
One problem is, the ATC is only available with SAP_BASIS 7.02 therefore it isn’t present in your older systems at all. Another problem is, to apply uniform quality criteria for all your systems, the same checks must be in every system you want to check, that is not the case in heterogeneous landscapes with SAP_BASIS 7.02, 7.40, 750 and so on: every release has different checks. Besides this, the security checks are only available for SAP_BASIS 7.02 and the newest checks, e.g. for SAP S/4HANA readiness are only available with the SAP NetWeaver AS for ABAP 7.51 innovation package. Therefore it looks like you cannot apply the checks at all.
In fact, the way to tackle this problem is not easy: you need to upgrade the whole system landscape to the latest SAP release and support package level and run ATC with the latest checks on each upgraded system. It means on the one side a big administration overhead, on the other side the upgrade might neither be intended currently at your company nor possible at all. As a consequence, the compliance with the increased corporate security requirements cannot be verified and your custom code cannot be prepared for the SAP S/4HANA.
Solution – Remote Code Analysis in ATC
So, how to apply the newest checks to all your systems in SAP landscape without having to upgrade each of them?
With the SAP NetWeaver AS ABAP 7.51 innovation package SAP customers and partners can perform remote code analysis in ATC which allows to analyze remotely with the latest checks custom code even in older systems using only one system for ATC (SAP_BASIS = 7.51).
You would need to set up one centralized SAP NetWeaver AS ABAP 7.51 (SAP_BASIS only) system as ATC check system and run ATC with the latest checks centrally in one system checking multiple systems in your landscape. You don’t need to upgrade your whole system landscape and can apply the latest checks.
For the problematic use case from above it means, by setting up one central ATC check system using remote code analysis, you can apply the latest security checks and SAP S/4HANA readiness checks for your whole system landscape.
Setup
All you need to do is to install and configure one ATC central check system: pure SAP Basis System (SAP_BASIS 7.51) within your SAP system landscape. ATC check variant is maintained only in the ATC central check system and must be RFC-enabled.
During ATC execution the central check system accesses remotely the systems in your landscape through so-called Remote stubs using RFC connection. Remote stubs serve as interface between ATC central check system and checked systems and return a model from custom code which needs to be checked.
Therefore RFC destinations for all checked systems must be provided in the ATC central check system and RFC-stubs must be implemented in all checked systems (SAP Notes 2270689 and 2190065).
Advantages
The advantages of using ATC remote code analysis are obvious:
- Small impact on existing system landscape: no upgrade to the latest SAP release necessary
- The central check system can be installed independently with low effort (no upgrade, no test for business processes)
- One ATC central system can be used to check multiple SAP systems
- Latest checks can be applied by upgrading the central check system only.
- One quality standard for the whole system landscape possible, independent of uses releases in the development systems
- All new checks will be implemented by SAP only in new releases
- Administrative tasks only in the central system, e.g. maintain check variant
- Centralized handling of exemptions
- Baseline concept in case you want to suppress the findings from old legacy code
Hello Olga, I would like to thank you for the excellent post series on this awesome tool, very exciting to see the possibilities.
I would also like to make some questions: we are upgrading our landscape (ECC) to SAP_BASIS 7.50 (EHP8). We willl be upgrading our SolMan to 7.2 later this year (with SAP_BASIS 7.51 if available). Would it be possible for us to use our solman as the central checker for ATC as described in your post series?
How it would work?
for example:
1 – we configure ATC in solman;
2 – programmer develop in DEV;
3 – programmer run ATC check in DEV;
4 – DEV calls RFC to solman (?);
5 – solman executes ATC in the objects in DEV(?);
6 – Solman send results to the programmer in DEV (?).
The last few steps (4,5,6) I am not sure how it would work with the central check system described.
Thanks in advance.
Hi Fabio,
we recommend a really new system as ATC central system. The Solution Manager is currently based on a low SAP NetWeaver release (SolMan 7.2 is based on SAP NetWeaver 7.4). Besides this you would need to upgrade Solution Manager system each time you want to apply new ATC checks, that is the unnecessary effort.
The answer to your question is also in our FAQ blog: https://blogs.sap.com/2016/12/22/remote-code-analysis-in-abap-test-cockpit-atc-faq/#_Toc470164256
I hope it clarifies your question.
Best Regards,
Olga.
Thanks for your answer Olga, I’ll work with my basis team to see the possibility to create a separeted system for ATC.
Is it possible, to trigger an ATC check within the developer system in the remote ATC Hub, like as in the local ATC?
Hi Stefan,
see the blog Remote Code Analysis in ATC for Developers.
Best regards,
Olga.
Hello Olga,
Imagine the case when one of the “Checked” systems is completely isolated, and it can´t be connected to ATC (NW 7.51) via RFC.
Is it possible to perform SAP S/4HANA readiness check in ATC (NW 7.51) for the Checked system, same way like it was possible in ATC NW 7.50? Export files from ERP and import in ATC NW 7.51 and then run the check?
On the Code Inspector: Check variant, I can see the checkboxes “RFC-based” and “Extract-based”. Can I switch S/4HANA Custom code checks from RFC-based to Extract based? Will it work in NW 7.51?
Thanks in advance!
Hi Tetyana,
yes, for your isolated system you can still perform the S/4HANA readiness checks in the AS ABAP 7.51 system using export/import procedures as in AS ABAP 7.50 and Extract-based check variant. Please note, in this case your isolated system will not be participate in the ATC remote analysis scenario, which is the recommended way to go.
Best Regards,
Olga.
Thanks, Olga!
Could you confirm, please, that the Custom Code Check can be performed in NW 7.51 system as “Extract-based” and will issue the Custom Code Worklist as if it would be executed with RFC-based variant? Will the result be the same Worklist?
Many thanks in advance!
Best regards,
Tetyana
Hi Tetyana,
yes, if you use the same check variant and the same ERP system. RFC-based check variant means only, that this check variant is executable for remote systems (7.51 Remote ATC scenario). Extract-based check variant means, you use the 7.50 ATC check procedure with export of ERP files into 7.51 ATC check system and running the check.
Best regards,
Olga.
Olga, Thank you for share that!
Dear Olga,
The blog says “RFC-stubs must be implemented in all checked systems (SAP Notes 2270689 and 2190065). ”
Could you please confirm on the SAP Note 2190065 , This link does not seem to work and I could not find SAP note with that number either.
Hi Ilyas,
yes, the SAP Note 2190065 is correct. It’s status is currently “in process” therefore it’s not visible for a short time, but will be for sure visible again soon. Sorry for this inconvenience.
Best regards,
Olga.
Thank you Olga for the confirmation. We will wait for the Note to be available.
We are facing “tool failure” errors. So I guess that note should have fix for it. I posted the issue here in your blog for ATC set up.
Dear Olga
Good morning, would like to get your expertise, our central ATC system was NW 7.51 FOR S/4HANA OP1610 and we did some custom code check.
Is it possible to ‘made’ this custom code check has [RFC-based] and [EXTRACT-based] ?
Many thanks.
Best Regards,
Kuan.
Hi Kuan,
you can see it in the code inspector (SCI) for all checks: if a check is RFC- and Extract-based or only RFC-based. But you cannot change this settings.
Best Regards,
Olga.
Dear Olga,
Thx for the very good Blog for this topic.
We have set up now our Central ATC Remote Server with 7.51. But we have problems to implement the needed SAP Note 2270689 . When trying to download via SNOTE we always got a Timeout. Are there any known Problems with this Note at the moment ? Because we can’t implement this Note we think we have the actual Problems, that we can’t configure the Object Providers without RFC Error and to create Run Series, because we got an Error here too, regarding the RFC Connection to the Remote Systems (SM59 says, that RFC connections are working fine)
Best regards
Mario
Hi Mario,
please increase the Timeout time. The SAP Note 2270689 is very large and lasts accordingly.
Best regards,
Olga.