Remote Code Analysis in ATC – One central check system for multiple systems on various releases
This is the first blog of the blog series about Remote Code Analysis in ABAP Test Cockpit (ATC).
See also blogs:
ATC Introduction
For those of you, who are using Code Inspector (SCI) and are not familiar with ABAP Test Cockpit (ATC) yet, it is SAP’s central quality assurance infrastructure for static functional, performance and security code checks, which bundles together the well-known and widely used quality tools like syntax check, SLIN, ABAP Unit, security checks and is extensible for your custom checks. ATC reuses Code Inspector checks and significantly improves the code quality by offering the uniform quality criteria for the whole development landscape and establishing new quality assurance processes (quality gates, exemptions, mass regression tests) to minimize errors in productive systems. Beyond this ATC is the toolset of choice to achieve the smooth migration of ABAP code to SAP HANA and SAP S/4HANA by means of special SAP HANA and SAP S/4HANA checks.
A very good general overview about ATC is in the blog ABAP Test Cockpit – an Introduction to SAP’s new ABAP Quality Assurance Tool. ATC is also integrated in the ABAP Development Tools in Eclipse (ABAP Test Cockpit for Developers in Eclipse).
Limitations
Imagine you have older systems (SAP_BASIS >= 7.00) with your own custom code base and would like to execute the latest security checks and SAP S/4HANA readiness checks for your custom code in order to get compliant to the increased corporate security requirements and prepare your code for the SAP S/4HANA migration.
One problem is, the ATC is only available with SAP_BASIS 7.02 therefore it isn’t present in your older systems at all. Another problem is, to apply uniform quality criteria for all your systems, the same checks must be in every system you want to check, that is not the case in heterogeneous landscapes with SAP_BASIS 7.02, 7.40, 750 and so on: every release has different checks. Besides this, the security checks are only available for SAP_BASIS 7.02 and the newest checks, e.g. for SAP S/4HANA readiness are only available with the SAP NetWeaver AS for ABAP 7.51 innovation package. Therefore it looks like you cannot apply the checks at all.
In fact, the way to tackle this problem is not easy: you need to upgrade the whole system landscape to the latest SAP release and support package level and run ATC with the latest checks on each upgraded system. It means on the one side a big administration overhead, on the other side the upgrade might neither be intended currently at your company nor possible at all. As a consequence, the compliance with the increased corporate security requirements cannot be verified and your custom code cannot be prepared for the SAP S/4HANA.
Solution – Remote Code Analysis in ATC
So, how to apply the newest checks to all your systems in SAP landscape without having to upgrade each of them?
Starting with the SAP NetWeaver AS ABAP 7.51 innovation package SAP customers and partners can perform remote code analysis in ATC which allows to analyze remotely with the latest checks custom code even in older systems using only one system for ATC (SAP_BASIS >= 7.51).
You would need to set up one centralized SAP NetWeaver AS ABAP 7.51 or 7.52 (SAP_BASIS only) system as ATC check system and run ATC with the latest checks centrally in one system checking multiple systems in your landscape. You don’t need to upgrade your whole system landscape and can apply the latest checks.
For the problematic use case from above it means, by setting up one central ATC check system using remote code analysis, you can apply the latest security checks and SAP S/4HANA readiness checks for your whole system landscape.
Setup
All you need to do is to install and configure one ATC central check system: pure SAP Basis System (SAP_BASIS >=7.51) within your SAP system landscape. ATC check variant is maintained only in the ATC central check system and must be RFC-enabled.
During ATC execution the central check system accesses remotely the systems in your landscape through so-called Remote stubs using RFC connection. Remote stubs serve as interface between ATC central check system and checked systems and return a model from custom code which needs to be checked.
See the blog Remote Code Analysis in ATC – Technical Setup Step by Step for more details.
Advantages
The advantages of using ATC remote code analysis are obvious:
- Small impact on existing system landscape: no upgrade to the latest SAP release necessary
- The central check system can be installed independently with low effort (no upgrade, no test for business processes)
- One ATC central system can be used to check multiple SAP systems
- Latest checks can be applied by upgrading the central check system only.
- One quality standard for the whole system landscape possible, independent of uses releases in the development systems
- All new checks will be implemented by SAP only in new releases
- Administrative tasks only in the central system, e.g. maintain check variant
- Centralized handling of exemptions
- Baseline concept in case you want to suppress the findings from old legacy code
Hello Olga, I would like to thank you for the excellent post series on this awesome tool, very exciting to see the possibilities.
I would also like to make some questions: we are upgrading our landscape (ECC) to SAP_BASIS 7.50 (EHP8). We willl be upgrading our SolMan to 7.2 later this year (with SAP_BASIS 7.51 if available). Would it be possible for us to use our solman as the central checker for ATC as described in your post series?
How it would work?
for example:
1 – we configure ATC in solman;
2 – programmer develop in DEV;
3 – programmer run ATC check in DEV;
4 – DEV calls RFC to solman (?);
5 – solman executes ATC in the objects in DEV(?);
6 – Solman send results to the programmer in DEV (?).
The last few steps (4,5,6) I am not sure how it would work with the central check system described.
Thanks in advance.
Hi Fabio,
we recommend a really new system as ATC central system. The Solution Manager is currently based on a low SAP NetWeaver release (SolMan 7.2 is based on SAP NetWeaver 7.4). Besides this you would need to upgrade Solution Manager system each time you want to apply new ATC checks, that is the unnecessary effort.
The answer to your question is also in our FAQ blog: https://blogs.sap.com/2016/12/22/remote-code-analysis-in-abap-test-cockpit-atc-faq/#_Toc470164256
I hope it clarifies your question.
Best Regards,
Olga.
Thanks for your answer Olga, I’ll work with my basis team to see the possibility to create a separeted system for ATC.
Is it possible, to trigger an ATC check within the developer system in the remote ATC Hub, like as in the local ATC?
Hi Stefan,
see the blog Remote Code Analysis in ATC for Developers.
Best regards,
Olga.
Hello Olga,
Imagine the case when one of the “Checked” systems is completely isolated, and it can´t be connected to ATC (NW 7.51) via RFC.
Is it possible to perform SAP S/4HANA readiness check in ATC (NW 7.51) for the Checked system, same way like it was possible in ATC NW 7.50? Export files from ERP and import in ATC NW 7.51 and then run the check?
On the Code Inspector: Check variant, I can see the checkboxes “RFC-based” and “Extract-based”. Can I switch S/4HANA Custom code checks from RFC-based to Extract based? Will it work in NW 7.51?
Thanks in advance!
Hi Tetyana,
yes, for your isolated system you can still perform the S/4HANA readiness checks in the AS ABAP 7.51 system using export/import procedures as in AS ABAP 7.50 and Extract-based check variant. Please note, in this case your isolated system will not be participate in the ATC remote analysis scenario, which is the recommended way to go.
Best Regards,
Olga.
Thanks, Olga!
Could you confirm, please, that the Custom Code Check can be performed in NW 7.51 system as “Extract-based” and will issue the Custom Code Worklist as if it would be executed with RFC-based variant? Will the result be the same Worklist?
Many thanks in advance!
Best regards,
Tetyana
Hi Tetyana,
yes, if you use the same check variant and the same ERP system. RFC-based check variant means only, that this check variant is executable for remote systems (7.51 Remote ATC scenario). Extract-based check variant means, you use the 7.50 ATC check procedure with export of ERP files into 7.51 ATC check system and running the check.
Best regards,
Olga.
Olga, Thank you for share that!
Dear Olga,
The blog says “RFC-stubs must be implemented in all checked systems (SAP Notes 2270689 and 2190065). ”
Could you please confirm on the SAP Note 2190065 , This link does not seem to work and I could not find SAP note with that number either.
Hi Ilyas,
yes, the SAP Note 2190065 is correct. It’s status is currently “in process” therefore it’s not visible for a short time, but will be for sure visible again soon. Sorry for this inconvenience.
Best regards,
Olga.
Thank you Olga for the confirmation. We will wait for the Note to be available.
We are facing “tool failure” errors. So I guess that note should have fix for it. I posted the issue here in your blog for ATC set up.
Dear Olga
Good morning, would like to get your expertise, our central ATC system was NW 7.51 FOR S/4HANA OP1610 and we did some custom code check.
Is it possible to ‘made’ this custom code check has [RFC-based] and [EXTRACT-based] ?
Many thanks.
Best Regards,
Kuan.
Hi Kuan,
you can see it in the code inspector (SCI) for all checks: if a check is RFC- and Extract-based or only RFC-based. But you cannot change this settings.
Best Regards,
Olga.
Hi Olga,
Is there any way to do check on Naming conventions from ATC central system? When we check in SCI, “naming conventions” checks are not RFC based. We really want to have this naming convention check along with other ATC central capability checks.
Thanks,Sana
Hi Sana,
please apply the SAP Note 2423013.
Best regards,
Olga.
Hi Olga,
Thank you very much for that. Now naming conventions are RFC enabled.
There are many basic checks like “SQL trace checks’ are not RFC based. Is there any list of notes to be applied for all the checks to be enabled as RFC checks?
Thanks in advance.
Sana
Hi Sana,
the 2364916 – Recommended SAP Notes for using ATC to perform remote analysis lists all checks with SAP Notes, which can be currently RFC-enabled.
Generally we recommend to apply the notes listed in the 2364916 before executing remote ATC analysis (see “Further recommendations” chapter in the Remote Code Analysis in ATC – Technical Setup step by step).
Best Regards,
Olga.
Dear Olga,
Thx for the very good Blog for this topic.
We have set up now our Central ATC Remote Server with 7.51. But we have problems to implement the needed SAP Note 2270689 . When trying to download via SNOTE we always got a Timeout. Are there any known Problems with this Note at the moment ? Because we can’t implement this Note we think we have the actual Problems, that we can’t configure the Object Providers without RFC Error and to create Run Series, because we got an Error here too, regarding the RFC Connection to the Remote Systems (SM59 says, that RFC connections are working fine)
Best regards
Mario
Hi Mario,
please increase the Timeout time. The SAP Note 2270689 is very large and lasts accordingly.
Best regards,
Olga.
Hello,
Is this functionality also included in NW 7.52?
Hi Matias,
yes, if you mean Remote Code Analysis with ATC.
Regards,
Olga.
Yes, that includes also the baseline functionality right?
Yes, all Remote ATC features in 7.51 are also in 7.52 incl. baseline.
Thank you!
Hello Olga,
i want to confirm right now we all still using 4.7 with SAP_BASIS 6.2 and i want to move all the program from 4.7 to HANA with SAP_BASIS 7.51 but before that i planned to use remote ATC to check compatibility of the code. Is it possible for me to do it?
Thank you.
Hi Michael,
unfotunately not. Your system must be at least on SAP_BASIS 7.0 in order to be checked by the remote ATC system.
See also „Technical requirements“ chapter of https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-technical-setup-step-by-step/
Regards,
Olga.
Until now, there was an API for own CI checks. Now remote CI checks have been introduced. Is there any guideline for selfwritten CI checks executable on a CI Hub?
Hi Stefan,
our development teams will be working on such guideline (documentation) next year. It is in our backlog.
Regards,
Olga.
Thank you!
Hello Olga,
in one of your answers you stated to use the extract based checks for an isolated system, to use ATC (or SCI) in a 7.51 system to check an extract from the isolated system.
We have created such a S4HMigrationRepositoryInfoTST.zip file and want to perform the check with ATC in a 7.51 system.
Could you please explain how to connect an ATC (or SCI) check to this zip file.
Thanks in advance
Franz
Hello Franz,
this procedure is well described (step-by-step) in the SAP documentation : Setting Up the Custom Code Migration Worklist
Best Regards,
Olga.
Hello Olga,
thanks for providing the link above. But it points to the steps to be performed in a Netweaver 7.5 Evalution system.
We have a Netweaver 7.51 Evaluation system, where we want to evaluate extract based checks. When we proceed with the steps mentioned in your link, at the last step (SYCM_DISPLAY_SIMPLIFICATIONS) we receive the following message:
The worklist is deprecated (use S/4HANA Code Inspector checks instead)
What would be the steps for a file based check in a 7.51 Evaluation system? (We can not process RFC based checks, because no connection possible between Business system and Evaluation system).
Kind regards
Franz
Hi Franz,
sorry, I’ve just found out, that unfortunately the SYCM-based approach of SAP NetWeaver 7.50 doesn’t work anymore in 7.51/7.52. It means, you have the choice: either to connect your isolated system to remote ATC infrastructre or use SAP Readiness Check for this system.
Best Regards,
Olga.
So, we have an ECC EHP8 system on Basis 750.009 (we have multiple 750 systems).
We have also done a mock conversion to S4 1709. This system is at Basis 752.001. During this conversion, I learned a number of things about ABAP changes required (particularly SPDD).
However…. The S4 Readiness Check Variants are not in my upgraded S4 system??? I applied all the notes I could find, but no show. Note: 2531490 (code inspector variants for S4) shows as “Cannot be implemented”.
I do see a few S4 things in SCI…but I like ATC….so what gives. What am I missing?
Thanks,
Tim
Solved my own problem….needed to import variants from SCI…
Hi Timothy,
yes, ATC reuses SCI variants S4HANA_READINESS and S4HANA_READINESS_REMOTE are in SCI.
Best,
Olga.
Hello Olga,
do you have any note or document describing the minimal system requirements for an SAP Instance that will only be used as a central ATC system? No other actions would take place there.
Cheers
Łukasz
Hi Łukasz,
yes, please look in the “Technical requirements” chapter of the blog Remote Code Analysis in ATC – Technical Setup step by step
Regards,
Olga.
Thanks! I’m so blind. I was there before but haven’t notice this one.
Hi Olga
Not sure this is the right blog to ask this question, so feel free to move if required.
Is there a recommended procedure to adopt for when the central ATC is down – for upgrade/patching etc? Currently I’m assuming that we return to using the local ATC on each remote system just by changing the variant to a local one.
If this is the correct mode of operation, are there any plans to create functionality to remotely change the default variant on each connected system via the central system? As more and more systems get added, this detaching/reattaching will quickly become quite tedious and prone to error.
Thanks
Ian
For anybody interested in a write-up about a project to set up a central ATC-system, please check my recent blog Setting up a central ATC-system – the long, long winding road edition. It contains short descriptions for relevant activities and links to 4 separate blogs detailing various aspects from the perspective of an actual implementation based on Olga’s neat series.
Cheers
Bärbel
Hi Olga,
Not sure this is the right blog to ask this question, so feel free to move if required.
During the preparation to schedule a Series run in ATC after creation the object provider, the system group and creating a check variant and choosing a package , also RFC connection had been established between NW 52 and the backend system which is ERP NW7.40
We are getting an error message :
*** Dynpro Area 1-99 (Usability Checks)
and we can not proceed further
all required sap notes have been installed on the central check and checked system completely
we are on NW 52 SP00
Thanks in advance for your feedback
Cheers
Mohamed
Hi Mohamed,
please open the ticket to SAP regarding this issue.
Regards,
Olga.
Hello,
What can I do if I do not have a system> = 7.51 which I can use as ATC?
Is there an alternative solution?
Gruß
Toni
Hi Toni,
if you have a 7.50 system, then you could use the Custom Code Migration Worklist approach based on custom code analysis with SYCM (not ATC).
But: SYCM is based purely on the where-used list. For example, it finds all usages of MATNR in the custom code. However, SYCM does not analyze whether this usage is critical. Say the false-positive rate is extremely high. The analysis of whether the usage is critical can do only ATC.
Regards,
Olga.
Thank you for the Info
Gruß
Toni
Hi,
i got an info that there is also a Fiori App called “Custom Code Migration”
https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F3191‘)/S12OP
What is the difference between this Fiori used analysis and ATC Check?
Gruß
Toni
Hi Toni,
the Fiori App “Custom Code Migration” is based on the same remote ATC infrastructure and is available with SAP S/4HANA 1809. So you would need an SAP S/4HANA 1809 system as a central ATC system.
The custom code checks are the same ATC checks, but you have better analysis support like analytical representation of ATC findings, filtering of results etc.
Beyond this you can define in the App, which custom code should be migrated to S/4HANA (based on usage data) and delete unused custom code during system conversion (the App can create a deletion transport)
More information: https://help.sap.com/viewer/9a281eac983f4f688d0deedc96b3c61c/201809.000/en-US/f3b749efe0674d669fb1ecf9704fcfd3.html
Best regards,
Olga.
Thx
I’m installing the CCLM + ATC in my Solution manager 7.2 SP7, following the guide:
In the Custom Code Management Step à Set Up Custom Code Management
When activating the Development ERP system (C12) in Expert Activation mode
I get this error with the ATC TOOL, and it does not let me activate the Extractor Quality (ATC)
The C12 system is an ERP 6.0 version EHP4 / NW 701
I understand that the problem is in my version, as you indicate in your post:
https://blogs.sap.com/2016/12/12/remote-code-analysis-in-atc-one-central-check-system-for-multiple-systems-on-various-releases/,
C12 should be at least a NW 702 true?
That’s why I’m not allowed to activate the ACT TOOL because the ATC transaction does not exist in C12?
We have also installed an NW752 SP3 to make it serve as Central Check System, from this Central ATC if we can execute remote code analysis in ATC in older systems as my ERP 6.0 NW 701 is this true?
I understand that it is true, as you indicate in your post:
What is not clear to me is how to configure the Solman 7.2 + NW 752 to be able to launch the remote code analisys ATC in my Satellite Systems?
I have not found any guide that clarifies how to make this configuration.
The only thing that I found in the manual of CCLM, these two scenarios for the Quality Cockpit, I understand that we should install and configure the Scenario 2, right? But I do not know how to do it?
All the information that I have found is to configure the CCLM + ATC in a Solution Manager 7.2 or an ATC Central System to launch remote code analysis in ATC against the Satellite Systems, but I have not found anything that indicates how to configure the Scenario 2 that I understand is the right one for my infrastructure, right?
Thanks in advance.
Regards.
Jordi Arnau.
Hi Jordi Arnau,
yes, you’ve got it right: to activate ATC from CCLM your SAP ERP system must have ATC (and ATC is not available in NW 7.01).
In order to set up the Scenario 2 you proceed in same way as for Scenario 1 with the difference, that you first setup the central ATC check system with remote code analysis and then connect this central check system to CCLM. The procedure for setting this up is the same as in Scenario 1, just you connect the central ATC check system instead of satelite system to CCLM.
Kind Regards,
Olga.
Hi Olga,
Thanks for answering so fast
When you say “first setup the central ATC check system with remote code analysis” what do you mean exactly?
The central ATC verification system is already connected to the CCLM:
but I get error 2 collectors, the Quality (ATC) and the Similarity:
Do you know how I can solve these mistakes?
I understand that until these two errors are solved I will not be able to get reports in the CCLM, right?
Thank’s.
Jordi Arnau.
Hi Jordi,
let me explain the scenario 2 in the slide you show.
In your case the system ATC is the evaluation system (ATC-Hub) which remotely checks your code in your development system. Solution manger needs in this case to be connect to your development system to extract the data to Solution Manager and then CCLM needs to collect the information into CCLM for this system, especially the objects are extracted from this system into Solution Manager and from there CCLM will collect the objects into CCLM tables.
If you now would like to get the information of the remote ATC checks running in your system called “ATC” you need to extract the ATC data from system “ATC” into Solution Manager (although the check are running on code of your dev system) this is working correctly. See your screenshot: -> green light in Operation Status Details -> Exctractor Status for Quality (ATC) for system “ATC”.
Now the remote ATC is extracted to Solution Manager, but it is running not for system “ATC” but for your dev system. There is no need to collect now this information into CCLM, as the remote check is an information not for system “ATC”. If you would now activate the ATC collector for CCLM it is not working, as there is no ATC run for system “ATC” itself. Error message: No ATC results found … for system ATC” that’s correct as the results are for the dev system.
In CCLM you can use these results for you dev system in the quality cockpit. There is no specific report showing these results. You can use the quality cockpit now to monitor the results of the remote ATC, but you have to set this up for you dev system, as the objects are only in your dev system and not in “ATC”. CCLM is able to connect the objects of the dev system to an ATC analysis which was done in a hub system and is able to treat the results in the same way as they would have been executed directly in the dev system.
As “ATC is an hub-system there is no need to set up any additional extractors and collector for CCLM, as you are not interested on the custom code objects of your hub-system itself, I assume. So ignore the red light of the similarity collector and even more if you are not interested in the custom code of system “ATC” just stop all other collectors and extractors (not the quality ones) for system “ATC”. They are not needed for a hub-system.
Hope this helps.
Best regards,
Thomas Fischer
Hi Thomas,
Thanks for your great explanation of Scenario 2.
From what I have understood, the current configuration that I have in the Solution Manager for the ATC and DEV systems (C12) is the correct?
In C12 I see that this warning appears in the Collector Criticality that I do not know if it can affect?
What I have not understood is the part where you say “If you would like to get the information of the remote ATC checks running in your system called” ATC “you need to extract the ATC date from system” ATC “into Solution Manager” ?
The ATC-Hub environment is already connected to it through Trusted RFC with respect to the DEV environment (C12), so I understand that it is well configured.
I have a question about how I should configure the Basic Settings option.
Is this configuration correct for the ATC-HUB?
Best regards.
Jordi Arnau.
Hi Jordi,
basic settings are relevant only for the ATC in this system, but not relevant for ATC Hub scenario. For setting up ATC Hub properly please refer to https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-technical-setup-step-by-step/
Regards,
Olga.
Hi Jordi,
From Solution Manager perspective you can ignore the warnings for the criticality collector for C12. Criticality is not need in the ATC scenario. Criticality is only needed for one of the dimensions of the City Model in CCLM.
To get the results of the remote analysis from system ATC, you need to connect ATC to the Solution Manager and define the RFCs from Solution Manager to ATC. In addition you need to go through the CCM set-up for ATC as well, but just start the Quality(ATC() extractor for ATC (no collector needed). This is needed to extractor the ATC results from ATC to Solution Manager.
Best regards,
Thomas Fischer
Hi Olga,
We followed the link and we were able to configure the ATC Hub correctly.
Thank’s.
Best Regards.
Hi Thomas,
We have connected the ATC Hub remote system to the Solman and configured the CCM for ATC, the extractors are correctly configured:
Schedule Run has been successfully launched, but right now the result is only visible from the SE80 -> ATC Result Browser:
We have created a new project in the Quality Cockpit with the same variant that we created in the ATC Hub (HANA_C12) and we do not obtain any results:
Generate Jobs and execute correctly:
but it does not process any object:
Can you help us?
Best Regards.
Jordi Arnau.
Hi Jordi,
from a customizing and set-up perspective it looks good. Without knowing and analyzing your set-up in detail I will not be able to judge what might be wrong.
If you need help for the set-up please ask for a consultant to support or if you think this is a bug in the quality cockpit, please create a customer message. This will allow our support to have a closer look directly into your system.
Best regards,
Thomas Fischer
Hi Thomas And Olga,
We have check system running SAP_BASIS 751 release and the system to be checked on SAP_BASIS 740 0007.
Is it possible to configure remote ATC check?
Hi Javed,
yes, you can. Remote code analysis with ATC is possible since SAP_BASIS 751.
Best regards,
Olga.
Hi Olga & Thomas,
I could solve the problem that the job did not get results, in the end the problem was in the user with which we created the Project in the Solman, the user was only created in the Solman and in the ATC, but it was not created in the Backend (C12), when creating a new project with a user that is created in the three environments, the job has already processed objects.
Now we have a problem with the Quality within the City Model, all the Custom Code appear as N/A:
In the Usage section, if we have information:
The only Extractor that does not give error in C12 is that of References, can this be the problem?
Best Regards.
Jordi Arnau.
Hi Jordi,
for the city model we only count quality information which comes from an ATC master run. Maybe there is no ATC master run defined in the system.
You can find a lot of information for CCLM in our best practices and demo block: https://blogs.sap.com/2016/11/18/custom-code-management_best-practices-demos/
for CCLM please check especially: https://www.sap.com/documents/2018/02/1cf642a2-f47c-0010-82c7-eda71af511fa.html
If you need help for the implementation, there are different options depending on your support contract:
For Bugs, please create a customer message.
Thanks,
Thomas