Skip to Content

This document tries to answer the most important questions about the Remote Code Analysis in ABAP Test Cockpit (ATC).

With the SAP NetWeaver AS ABAP 7.51 innovation package SAP customers and partners can perform Remote Code Analysis in ATC which allows to analyze remotely with the latest checks custom code even in older systems using only one system for ATC (SAP_BASIS >= 7.51).

For more information about Remote Code Analysis in ATC please take a look at the Remote Code Analysis in ATC – One central check system for multiple systems on various releases.

If you have common questions, which should be answered in this collection, you can propose them here, in case you are interested to discuss more specific topics please take part at the forum/discussions.

Frequently Asked Questions

General Setup

ATC and Code Vulnerability Analyzer (CVA)

ATC and Solution Manager

Core Concepts

ATC and ABAP Development Tools (ADT)

Frequently Asked Questions

General Setup

What are the total license costs for the initial setup of ATC including the new SAP NetWeaver AS for ABAP 7.51 or 7.52 system? Do we have to extend every developer license?

ABAP Test Cockpit is part of the SAP NetWeaver license. Since the ATC central check system acts only as runtime system for the ATC checks, there are no additional license costs.

The prerequisite for the additional security checks is the installation of SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) which is the separate fee-based product with additional license costs.

Do we really need one extra system for only running ATC? Do we need then one central ATC for all systems in the system landscape?

We recommend to setup one extra system for ATC. This system can check with ATC multiple systems in your landscape.

Do I need to implement any special SAP Note in older SAP systems?

Yes, you need to implement the SAP Note 2270689 in older SAP Systems. For the future developer scenario you will need to implement further SAP Notes, which will be provided later.

 

ATC and Code Vulnerability Analyzer (CVA)

Do we need to pay separate license costs for security checks?

Yes. SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) is the separate fee-based product with additional license costs.

Further information about CVA is on the SAP Community Wiki:  SAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis

What does Code Vulnerability Analysis (CVA) deliver additionally to ATC?

ATC provides general check infrastructure including standard checks for functional correctness and performance. CVA delivers additional security checks, which can be integrated into ATC.

 

ATC and Solution Manager

Can I reuse our SAP Solution Manager system for setting up the ATC central system there?

We recommend a really new system as ATC central system. The Solution Manager is currently based on a low SAP NetWeaver release (SolMan 7.2 is based on SAP NetWeaver 7.4). Besides this you would need to upgrade Solution Manager system each time you want to apply new ATC checks, that is the unnecessary effort.

What about the integration into the ChaRM prozess? Can I track the ATC check results in the Solution Manager?

Yes, the ATC is integrated into the ChaRM process. Just with the Solution Manager 7.2 the display of ATC results was improved. When the request is released by ChaRM, the results are displayed in the Solution Manager.

See also how ATC checks are integrated into the ChaRM in the Solution Manager 2.0 documentation on SAP Help Portal

Can I set the central ATC system equal to the central CCLM system?

Since the CCLM system is currently based on the Solution Manager, you cannot set the central ATC system equal to the central CCLM system.

ChaRM: Is it possible to run ATC checks at status change to “To Be Tested” analogous to “Critical Objects”?

The ATC checks run automatically only if the status is set to „Successfully Tested“(during release of original tasks). But you can also run ATC checks any time on demand (is possible starting with Solution Manager 7.2 SP3)

 

Core Concepts

Is it possible to check only new ABAP code during transport release in Transport Management System and let the old ABAP code pass?

By making use of the baseline in the ATC, findings in old ABAP code can be excluded. Only when new findings are added or if ABAP statements are changed within the old findings, these findings will be reported again. The baseline concept is available with SAP NetWeaver AS ABAP 7.51 innovation package. See also the SAP Community blog Remote Code Analysis in ATC – Working with Baseline to suppress findings in old legacy code.

Can the ATC check runs be planned periodically?

Yes, the ATC check runs can be planned periodically on the ATC central system. For more information see Scheduling Run Series in the Central System  on the SAP Help Portal.

Can the ATC checks be integrated into the standard syntax check?

No, it is currently not possible. However, we plan to integrate the ATC into the activation process so that the current ATC results are obtained after the activation of an ABAP object.

Is the state of the approvals held on the ATC central check system or on the local checked system?

On the ATC central check system.

How is the finding exactly referenced (code or source code line)?

A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

How expensive are remote ATC checks with respect to memory usage, execution time etc.?

During an ATC check run, an object model is created in the checked system and transferred to the ATC central check system. The various checks are performed on this model in the ATC central check system. The object models are stored in a cache to minimize the time taken to create and transfer the model.

Memory consumption is strongly dependent on the number and complexity of the objects to be checked.

What about release dependent ATC checks? Various AS ABAP releases may contain different ABAP statements and commands, which must be checked differently.

This release dependency is taken into account in the ATC checks and explained in the checks documentation.

The ATC can be configured so, that it will run during transport release and the transport request will not be released in case of errors or warnings. Is this automatic check also planned for release of tasks and transport of copies?

It is planned to configure the automatic ATC check so that it is executed during the tasks release. Implemented with the SAP note 2495410.

Can I restrict the ATC check only to my custom code (no check for SAP code)?

You can configure which objects will be checked (e.g. all objects of a package). With AS ABAP 7.52 the coverage of checked source code was improved and the findings in SAP includes and generated code are ignored.

Does the central ATC system need to know the release of the checked system e.g. to check differently if applicable?

No.

Can I extend the scope of the Remote Stubs, e.g. in order to add specific DDIC information for my own remote checks?

An extension for your own remote checks is not yet planned.

We practice “collective code ownership”. Is there a way to address findings to the last user, instead of to the person responsible for the object?

This is not currently possible. However, such a functionality is planned in the future.

Can I mark already processed findings?

This is not currently possible. However, such a functionality is planned in the future.

During ATC remote checks run: will the ABAP Unit tests run on the local system?

The ABAP Unit tests must always be executed on the local system. This task cannot be carried out by the ATC central system.

Is a check for searching pragmas or pseudo-comments are also planned? Background: Detect and approval process for unwanted pragmas (configurable)?

A check for searching pragmas or pseudo-comments is currently not planned. It is, however, possible to configure ATC check runs in such a way that the results are displayed despite pragmas / pseudo-comments.

For more information see Configuring Run Series in the Central System  on the SAP Help Portal.

Are there ATC checks for Web Dynpro?

The remote ATC checks are currently not applicable for Web Dynpro / Dynpro

What happens to my exemption when I change the coding?

If you request an exemption for a single finding, this exemption will be valid as long as you don’t change the coding or the relevant context of that finding. As long as you only change coding that does not affect the finding (for example you change something in line 20 of an include and the finding marks code in line 200), the finding will be recognized as the same and thereby also the exemption stays valid.

Is it possible for a customer to scan partner add-ons?

In case you as a customer want to scan partner add-ons in your system you have to register the namespace of the add-on via the report SATC_AC_INIT_NAMESPACE_REG.

You can check the documentation of the report for further details. In system older than SAP NetWeaver AS ABAP 7.50 you have to apply the SAP note 2215288 to enable this feature.

Is it possible to run ATC checks when releasing transport tasks?

Yes, this is possible. You have to enable this feature by applying the SAP note 2495410.

Which BAdIs can I use to implement extension points for ATC?

You can implement SATC_CONTACT_PERSON to determine contact person of a development object (default is TADIR-AUTHOR) and SATC_USER_ACCOUNT to determine email address of a user (default is from user data of transaction SU02).

 

ATC and ABAP Development Tools (ADT)

Can the ATC messages be displayed automatically in Eclipse as e.g. compiler messages?

No, there is currently no automatic check by the ATC.

 

To report this post you need to login first.

55 Comments

You must be Logged on to comment or reply to a post.

  1. Ian Stubbings

    Hi Olga

    Great blog on some very exciting functionality. I have been waiting for this since the ATC was introduced as we have a large landscape with multiple SAP systems on various versions that is very difficult to manage.

    One question on the release of transports. Can the block of transports also be governed centrally?

     

    Thanks

    Ian

    (0) 
  2. Olga Dolinskaja
    Post author

    Hi Ian,

    ATC transport checking is meant primarily for use in development systems by developers who release the transport. QM or admin can specify the release policy with respect to ATC findings. Developers can use Remote Code Analysis in ATC to check their transports in local development systems with the ATC central system checks (this is possible if the central ATC is set up on SAP NetWeaver 7.51 SP1).

    Does it answer your question?

    Best Regards,

    Olga.

    (0) 
    1. Ian Stubbings

      Hi Olga

      Just returning to this as we have now installed a 7.51 SP02 system for central ATC checks.

      I’d like to use the central ATC system exclusively for blocking transports on the remote systems but I do not see the option for this in the ATC config. In fact there is no option at all for blocking transports that I can see.

      Please advise.

      Thanks

      Ian

      (0) 
      1. Former Member

        Hi Ian,

        for this approach you have to use the remote code analysis in ATC for developer as described in another blog by Olga: https://blogs.sap.com/2017/02/27/remote-code-analysis-in-atc-for-developers/

        You can then configure blocking transport requests by procssing the following steps in the remote system:

        1. Start transaction ATC
        2. Choose “ATC Administration > Setup > Basic Settings”.
        3. Specify the check variant which has to refer to a check variant in the central check system
        4. Set the behavior on transport release to “Block on any error” as shown in the screen shot

        Did you try this?

        Michael

        (0) 
        1. Ian Stubbings

          Hi Michael

          Thanks for the reply – we are only just now starting to apply the required notes on one of our production support systems. This is only on 7.01 though so I assume we will have to apply note  2375864.

          I also assume I will not able to block transports since I cannot use the ATC?

          Regards

          Ian

           

          (0) 
  3. Markus Katzberg

    Dear Olga,

     

    Very interesting blog and very exciting to see the question part:

    ATC and Solution Manager

    We would like to analyses the code for a big system landscape with approx. 15 SAP Systems (also S/4HANA). The solution manager 7.2 with ChaRM should be the central system to control the development/customizing (transports). If the tests are successful and before the transport will be released, an automatic code check should be run in background. If I understood you correctly, SolMan 7.2 with Netweaver 7.4 can be used for ATC but not all new features. My problem is, that I cannot find a how to for SolMan 7.2 to configure/customize the function of code analyses in ChaRM. Do you have a link for me?

    Thank you in advance.Kind regards,

    Markus

     

    (0) 
  4. Ian Stubbings

    Hi Olga

    I have another question in regard to the variant used for the remote checks.  I would like to make use of the extended syntax checker but not the CVA. Currently I get an error when adding in the extended syntax checker to the variant. The remote system dumps with a SLINRMT_RUN is not present error.

    Do I have to license the CVA to use the standard SLIN remotely?

    Regards

    Ian

    (0) 
    1. Olga Dolinskaja
      Post author

      Hi Ian,

      you don’t need the CVA license, but you need to implement the SAP Note 2196792. Then you can use SLIN remote.The requirement stated in the note that a CVA license must be available, is in this case not necessary, because you will not use CVA.

      Best Regards,

      Olga.

      (0) 
  5. Ian Stubbings

    Hi Olga

    I was expecting to see the SATC* roles in my new Central ATC but it appears they are not present.

    Has something been missed from the installation or is this standard?

    Regards

    Ian

    (0) 
  6. Former Member

    Hi Olga,

    Thanks for your blog.

    When i am implementing the note 2270689 after implementing pre-requisite note 2011106 and after creating manual steps like function group creation. The note has been implemented with a syntax error in class : CL_DYNP_COMP_PROCS_E” public section type “IF_SCA_CODE_ASSIGNMENT_SERVICE=>TY_CLASSIFICATION” is unknown.

    The above said error cannot be solved as the type does not exist. Could you please suggest any idea on this? Are we missing any other steps or note?

    Thanks

    Jay

     

    (0) 
    1. Former Member

      Hi Jay,

      Most probably SAP Note 2485231 has to be applied to your system. This note should solve the syntax error mentioned above.

      I hope this helps.

      Michael

       

      (0) 
  7. Markus Katzberg

    Hi Olga,

    We use SolMan 7.2 with ATC in ChaRM to check code on several systems. It works fine but we have an S/4HANA ERP with NetWeaver 7.52 and cannot control the new features for e.g. Check Pretty Print State. Is there a possibility to check automatically also the new code analyze features? I am thinking of a workaround like: if the developer release the task in the managed system, atc will check the code with all features local and additionally in the SolMan. Is this possible to use local code inspector and add. The solman check?

    Thank you in advance

    Kind regards,

    Markus

    (0) 
    1. Olga Dolinskaja
      Post author

      Hi Markus,

      yes, as developer you can check your code locally on your NetWeaver 7.52 system with the local Code Inspector variant using the new 7.52 ATC checks (see Getting Started with the ABAP Test Cockpit for Developers or ATC for Developers in Eclipse) during development tasks and also at transport release. Afterwards you can check it centrally on SolMan 7.2 with ATC in ChaRM. It will work.

      But please consider, that the ATC checks in SolMan 7.2 (NetWeaver 7.4) are older then in your local NetWeaver 7.52 system and may deliver other results for your 7.52 code. We recommend a really new (>=7.51) system as ATC central system with the newest ATC checks.

      Best regards,

      Olga.

      (0) 
  8. Markus Katzberg

     

    Hi Olga,

    Thank you for the information and sorry for the late feedback.

    Now, we will use the ATC on SolMan only as additional service, primary we will use the ATC on the systems by automatic start after release of a task.

    BR

    Markus

    (0) 
  9. Schady Sayed

    Hi Olga,
    Assuming we only need the ATC S/4 HANA checks for an ERP upgrade. Is it possible and useful to use a SAP CAL system?

    Another question: Is there any official information that the Solution Manager will soon be running on NetWeaver 7.51/7.52?

     

    Thanks in advance!

    Kind regards,

    Schady

    (0) 
  10. Ian Stubbings

    Hi Olga

    Is there any guidance on using the two BAdIs – SATC_CONTACT_PERSON and SATC_USER_ACCOUNT?

    We have been testing with SATC_CONTACT_PERSON and so far when breakpointing the BAdI, we have seen it stopping constantly for SAP inspection type classes, but not for the custom object actually being inspected.  See image below.

    We would like to change the person responsible from the author to the person who is actually currently modifying the object.

    For the SATC_USER_ACCOUNT, we would then like to use the changed user (as above) to then search either the remote system for the email address or connect via LDAP to get the email address.

    Any advice great appreciated 🙂

    Regards

    Ian

     

    (0) 
    1. Axel Jebens

       

      Hi Ian,

      The BAdI has two methods which are called depending on the use-case (local ATC checks or remote checks from the central check system).

      Because in the central check system, the object, an exemption was requested for, does not necessarily exist, the contact is stored in a local database table SATC_AC_CONTACTS. This only happens when a new exemption is created. You can see that there is a method get_Contact_Person_4_Sys_Group which should be used in the remote scenario. The use of the BAdI is an option if the field TADIR-AUTHOR cannot be used to determine the right contact because the data are outdated or not valid for any reason.

      The BAdI will be called during ATC runs but in this case, the table SATC_AC_CONTACTS will not be filled. Please note that you won’t probably recognize the call because ATC is using background jobs. You can debug jobs online by using SM37 or run ATC from the ABAP workbench. In order to be able to debug the BAdI, you can temporarily use the internal parameter ATC_TEST1 which is really just for debugging (parallelization will be switched off).

      Does this information help? If not, just let me know!

      (0) 
  11. Ian Stubbings

    Hi Axel

    Thanks for the response, the information is very valuable.

    So what I understand is that SATC_AC_CONTACTS is only populated when a remote scan is completed from the remote system to the central system and not the other way round?

    Is it possible to implement the get_Contact_Person method on the remote system to then provide the correct name both locally and when the central run is executed from the central system?

    Thanks

    Ian

    (0) 
  12. Axel Jebens

    Hi Ian,

    The table SATC_AC_CONTACTS is updated only when exemptions are saved. During the ATC run, the BAdI is processed but the database table is not updated.

    In the remote scenario, the BAdI is also called on the side of the checked system (during the ATC run), so this should answer your question.

    You probably do not need to understand this completely since the effect should be that the contact person will be determined by use of the BAdI. The database table is an implementation detail.

    I do admit that usage of the BAdI is not quite self-explaining in the remote scenario.

    Best Regards,

    Axel

    (1) 
    1. Ian Stubbings

      Thanks again Axel. I will try to get the details I need on the remote system then.

      I have also just read that this functionality will be standard soon. Fingers crossed it will be on a 7.51 system and not just 7.52.

      Also, can you shed any light on the SATC_USER_ACCOUNT enhancement spot?  I’d like to use this to find the email address of the users in the result list from a central or indeed remote scan.

      Cheers

      Ian

       

       

      (0) 
  13. Gregg Hinkle

    Hi Olga,

     

    We are only on NW 7.02. I have configured ATC to perform central runs in the quality environments in each managed environment and then push the results down to our development system. However we are now implementing CCLM and want to use the ATC results that are occurring in the quality environments in our managed system for the quality measurements in CCLM. We are gathering the rest of the data in CCLM (usage, custom development objects, etc) from our production environments in our managed systems, but the production environments do not have the ATC results. How can I use the ATC results from our quality environments in CCLM when the rest of the data is coming from our production environments in our managed systems.

     

    Thanks,

    Gregg Hinkle

    (0) 
  14. Bärbel Winkler

    Hi Olga,

    we are currently in the planning phase to set up a central ATC-system but for now still have the ATC-checks directly in the various development systems. These are set up to run checks during transport release but to not prevent it even with 1 and 2 errors mentioned.

    One problem we have is, that we get a lot of false positives displayed in the list where the code actually contains pseudo comments like “#EC CI_ALL_FIELDS_NEEDED “. When I run the ATC-check with the same global check-variant manually for a program affected by this, I have the option “SP suppress findings” for handling pragmas and pseudo-code. Is it possible to likewise suppress these messages during transpoort release in our current 7.50 system and later with a central ATC-system on 7.52?

    These false positives are quite a nuisance for our developers as they mask any real issues which should be fixed. And if the list of messages gets too long, nobody actually bothers – understandably – to check them all out, let alone correct any code.

    Thanks and Cheers

    Baerbel

     

    (0) 
    1. Olga Dolinskaja
      Post author

      Hi Baerbel,

      actually ATC findings in code marked with a pseudo-comment should not come up during transport release (also in 7.50). I recommend to open an OSS message.

      Best regards,

      Olga.

      (1) 
  15. Ian Stubbings

    Hi All

     

    Just a small update on my use of the SATC_USER_ACCOUNT enhancement spot to get the email address of userids not present on the Central ATC system.

    I have now successfully created a BAdI implementation to check the remote system for the user if not found locally. This is an interim solution of course as once you get above a couple of systems it will not be a good solution. The code change is in the standard_provider->get_from_repository method.

    Another option I looked at was setting up an LDAP connector to then query via this route if the user was not found locally. The option above was quicker and dirtier 🙂

    Regards

    Ian

     

    (0) 
  16. Bhavin A Shah

    Hello Olga,

    We are using SAP Netweaver 7.52 as our central system but I do not see the option to replicate results from Manage Results node in ATC administration. I have also maintained the replicate targets for the same. Is there a restriction in 7.52?

    Best Regards,

    Bhavin

     

    (0) 
      1. Bhavin A Shah

        Hi Olga,

        I checked the setup twice but could not see any difference there. Also to be more specific, I did remote analysis with 7.52. Below is the screenshot from ATC and I could not see replicate button there.

        Best Regards,

        Bhavin

         

        (0) 
          1. Bhavin A Shah

            Hi Olga,

            I checked all the authorizations and it seems to be fine. I have already raised OSS message for the same. But I found following in manage results code. Is that like we cannot replicate remote analysis results back to satellite system?

            Best Regards,

            Bhavin

             

            (1) 
            1. Olga Dolinskaja
              Post author

              Hi Bhavin,

              I talked to ATC development and found out that for compatibility reasons in remote ATC scenario, ATC results can not be transferred from the central ATC system to connected systems. Therefore, the replication function does not currently exist in the central ATC system.

              Sorry for the whole confusion caused by my answers above. This restriction must be documented properly.

              Best regards,

              Olga.

              (0) 
      2. Tom Peters

         

        Olga,

        We have the same issue with the replicate button missing. So, Is it a requirement that the code base that is being checked be resident on the ATC Central Check system?

        Thank you,

        Tom

        (0) 
  17. Former Member

     

    Dear Olga,

    first of all, I would like to thank you for that informative blog of yours, it has helped us a lot so far.

    We are preparing remote checks from a separate ATC- instance, but are facing some problems. The ATC instance is on 7.52 SP01. We have applied notes 2364938, 2423013, 2527903, 2375392 within the check System and note 2270689 within the checked systems.

    Currently, a lot of SCI- checks are not applicable for remote usage. even when having applied the notes mentioned above. The following checks are vital for us and are unfortunately not yet rfc- / or extractor- based, so we cannot use them.

    General Checks:

    • CDS Modeling Check (SADL/BOPF)
    • Referenced Objects in CDS
    • Table Attribute Statistics
    • Table Names from SELECT Statements
    • Check of Database Procedure Proxies

    Performance Checks:

    • Low Performance Operations on Internal Tables
    • Nested Sequential Accesses to Internal Tables
    • Copy current table row for LOOP AT …
    • Slow parameter passing
    • Copy Large Data Objects
    • Table Attributes Check
    • Find Interface Method Calls in Loops

    Syntax Check/Generation:

    • Complexity of CDS views
    • Syntax Check for DCL Sources

    Robust Programming:

    • Suspect Conversions

    S/4HANA Readiness:

    • S/4HANA: Search for S/4 related syntax errors

    Metrics and Statistics:

    • Number of Executable Statements Metrics
    • Procedural Metrics
    • FANOUT Structural Metrics
    • OO Size Metrics
    • ABAP WebDynpro Metrics

    CDS Metadata Extensions:

    • Syntax Check for CDS Metadata Extensions

     

    Did we miss some notes in order to get them working, or are they not yet available at all? Any hint would be highly appreciated.

     

    Thank you very much for your time and best regards,

    Martin

    (0) 
    1. Olga Dolinskaja
      Post author

      Hi Martin,

      unfortunately these checks are indeed not (yet) RFC-enabled. We are working on the RFC-enabling of the most essential SCI checks, they will be RFC-enabled by and by.

      Best regards,

      Olga.

      (0) 
  18. Andreas Frank Roth

    Hi Olga,

    is there a possibility to mark (~ set Status) for single ATC Results in the ATC Run Results?

    Background:

    We use the ATC Hana Readiness Check in an S/4 Hana Upgrade Project (NW 7.53) and did a check on our existing Coding which results in more than 1000 Findings -> Based on our experience -> Some Checks are a little bit “special” means out of 800 findings only maybe 150 are relevant => Now we want to mark those irrelevant Findings as “irrelevant/ignore/don´t check anymore” without using pseudo comment (touching too many Objects just for that”). Functionality comparable with the Notes Funtionality in Solution Manager. Is there a possibility for this?

    Andreas

     

    (0) 
  19. Łukasz Pęgiel

    Hello Olga,

    we’ve setup the Central ATC system in our company, but when I want to use Eclipse to see the central results of the ATC then I’m receiving information that “System does not support result browsing”.

    Do we miss any settings in SICF or somewhere else?

    Cheers
    Łukasz

    (0) 
    1. Olga Dolinskaja
      Post author

      Hi Łukasz,

      it is not currently yet possible to browse the central ATC results in Eclipse, if the system is setup as ATC central system (system role “ATC Checks by Object Providers only”). But this functionality is already scheduled for development.

      Regards,

      Olga.

      (1) 
  20. Matias Villagarcia

    Hello Olga Dolinskaja

    I’ve been testing the new ATC baseline feature because we have a lot of legacy code, however either it doesn’t seem to be working as expected or i’m doing something wrong.

    I made a test program that displays some messages, then i added the results to the baseline, after modifying the program again (I added some code in the middle of a perform, almost all messages appeared again).

    I opened an message with SAP Support but don’t think they are understanding the issue here.

    Could you please advice?

    Thank you.

    (0) 
    1. Olga Dolinskaja
      Post author

      Hello Matias,

      I just copy & paste my answer to the simular question from the baseline blog:

      The baseline is effective as long as the related code sections remain unchanged: if the code is changed or a new code is added, the unique identifier for each ATC finding changes so that it does not match any more with the finding that has been added to the baseline. Therefore you get the findings again if you add new source code to your program.

      Regards,

      Olga.

       

       

      (0) 
      1. Matias Ariel VILLAGARCIA

        Hi Olga, thank you for your reply,

        Lets say i have this code:

        FORM f_obtener_datos.
        
        DATA: t_scarr TYPE TABLE OF scarr,
              wa_scarr TYPE scarr,
              t_spfli TYPE TABLE OF spfli.
        
        SELECT * FROM scarr INTO TABLE t_scarr.
        IF sy-subrc = 0.
        
          SELECT v~carrid v~connid v~fldate v~currency v~planetype v~seatsmax
                 b~bookid b~customid b~passname
                INTO TABLE t_datos
                FROM SFLIGHT AS v
                INNER JOIN SBOOK AS b
                ON v~carrid = b~carrid AND
                   v~connid = b~connid
                FOR ALL ENTRIES IN t_scarr
                WHERE v~carrid = t_scarr-carrid.
         IF sy-subrc = 0.
        
         ENDIF.
        ENDIF.
        ENDFORM.

        This outputs, one priority 1 message, and three priority 2 messages.

        So i add this results to the baseline, and add the following code to the previous example:

        FORM f_obtener_datos.
        
        DATA: t_scarr TYPE TABLE OF scarr,
              wa_scarr TYPE scarr,
              t_spfli TYPE TABLE OF spfli.
        
        SELECT * FROM scarr INTO TABLE t_scarr.
        IF sy-subrc = 0.
        
          IF 1 = 2.
        
          ENDIF.
        
          SELECT v~carrid v~connid v~fldate v~currency v~planetype v~seatsmax
                 b~bookid b~customid b~passname
                INTO TABLE t_datos
                FROM SFLIGHT AS v
                INNER JOIN SBOOK AS b
                ON v~carrid = b~carrid AND
                   v~connid = b~connid
                FOR ALL ENTRIES IN t_scarr
                WHERE v~carrid = t_scarr-carrid.
         IF sy-subrc = 0.
        
         ENDIF.
        ENDIF.
        ENDFORM.

        If i run the ATC again, the messages that were added to the baseline appear again.

        The code that existed previously didnt change, it just moved down. Pretty much any modification will cause code to move down, unless its a very small program and eveything is added at the end.

        I hope its clear what i mean.

        Thank you!

        (0) 
        1. Olga Dolinskaja
          Post author

          Hi Matias,

          again, as I said above: if the code is changed or a new code is added, the unique identifier for each ATC finding changes so that it does not match any more with the finding that has been added to the baseline. You added the new source code (IF statement) to your source code, meaning you changed it. Therefore you get findings again.

          Btw, why do you post your questions to FAQ and not to the baseline blog? If you had taken a look at baseline blog, you would have seen that there was similar question, which was already answered: https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-working-with-baseline-to-suppress-findings-in-old-legacy-code/comment-page-1/#comment-426417

          Regards,

          Olga.

          (0) 
          1. Matias Villagarcia

            Hi Olga,

            Thank you for the reply.

            I hope this can be enhanced in the future, I don’t know how useful in this state this can be to us but i will keep testing it.

            I posted here, because of the FAQ question, that says:

            How is the finding exactly referenced (code or source code line)?

            A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

            Because it says the line can move, but maybe i understood it incorrectly, and yes, the base line post probably is the right place, sorry about that.

            Again, thank you.

            (0) 
            1. Olga Dolinskaja
              Post author

              Hi Matias,

              the baseline concept works as designed: if the source code in baseline changes, the ATC must be rerun. The baseline is for the source code, which you don’t intend to change: e.g. old legacy code, already checked and exempted. Therefore no enhancement is necessary for this.

              Best regards,

              Olga.

              (0) 

Leave a Reply