Skip to Content

This document tries to answer the most important questions about the Remote Code Analysis in ABAP Test Cockpit (ATC).

With the SAP NetWeaver AS ABAP 7.51 innovation package SAP customers and partners can perform Remote Code Analysis in ATC which allows to analyze remotely with the latest checks custom code even in older systems using only one system for ATC (SAP_BASIS = 7.51).

For more information about Remote Code Analysis in ATC please take a look at the Remote Code Analysis in ATC – One central check system for multiple systems on various releases.

If you have common questions, which should be answered in this collection, you can propose them here, in case you are interested to discuss more specific topics please take part at the forum/discussions.

Frequently Asked Questions

General Setup

ATC and Code Vulnerability Analyzer (CVA)

ATC and Solution Manager

Core Concepts

ATC and ABAP Development Tools (ADT)

Frequently Asked Questions

General Setup

What are the total license costs for the initial setup of ATC including the new SAP NetWeaver AS for ABAP 7.51 innovation package system? Do we have to extend every developer license?

ABAP Test Cockpit is part of the SAP NetWeaver license. Since the ATC central check system acts only as runtime system for the ATC checks, there are no additional license costs.

The prerequisite for the additional security checks is the installation of SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) which is the separate fee-based product with additional license costs.

Do we really need one extra system for only running ATC? Do we need then one central ATC for all systems in the system landscape?

We recommend to setup one extra system for ATC. This system can check with ATC multiple systems in your landscape.

Do I need to implement any special SAP Note in older SAP systems?

Yes, you need to implement the SAP Note 2270689 in older SAP Systems. For the future developer scenario you will need to implement further SAP Notes, which will be provided later.

 

ATC and Code Vulnerability Analyzer (CVA)

Do we need to pay separate license costs for security checks?

Yes. SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) is the separate fee-based product with additional license costs.

Further information about CVA is on the SAP Community Wiki:  SAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis

What does Code Vulnerability Analysis (CVA) deliver additionally to ATC?

ATC provides general check infrastructure including standard checks for functional correctness and performance. CVA delivers additional security checks, which can be integrated into ATC.

 

ATC and Solution Manager

Can I reuse our SAP Solution Manager system for setting up the ATC central system there?

We recommend a really new system as ATC central system. The Solution Manager is currently based on a low SAP NetWeaver release (SolMan 7.2 is based on SAP NetWeaver 7.4). Besides this you would need to upgrade Solution Manager system each time you want to apply new ATC checks, that is the unnecessary effort.

What about the integration into the ChaRM prozess? Can I track the ATC check results in the Solution Manager?

Yes, the ATC is integrated into the ChaRM process. Just with the Solution Manager 7.2 the display of ATC results was improved. When the request is released by ChaRM, the results are displayed in the Solution Manager.

See also how ATC checks are integrated into the ChaRM in the Solution Manager 2.0 documentation on SAP Help Portal

Can I set the central ATC system equal to the central CCLM system?

Since the CCLM system is currently based on the Solution Manager, you cannot set the central ATC system equal to the central CCLM system.

ChaRM: Is it possible to run ATC checks at status change to “To Be Tested” analogous to “Critical Objects”?

The ATC checks run automatically only if the status is set to „Successfully Tested“(during release of original tasks). But you can also run ATC checks any time on demand (is possible starting with Solution Manager 7.2 SP3)

 

Core Concepts

Is it possible to check only new ABAP code during transport release in Transport Management System and let the old ABAP code pass?

By making use of the baseline in the ATC, findings in old ABAP code can be excluded. Only when new findings are added or if ABAP statements are changed within the old findings, these findings will be reported again. The baseline concept is available with SAP NetWeaver AS ABAP 7.51 innovation package. See also the SAP Community blog Remote Code Analysis in ATC – Working with Baseline to suppress findings in old legacy code.

Can the ATC check runs be planned periodically?

Yes, the ATC check runs can be planned periodically on the ATC central system. For more information see Scheduling Run Series in the Central System  on the SAP Help Portal.

Can the ATC checks be integrated into the standard syntax check?

No, it is currently not possible. However, we plan to integrate the ATC into the activation process so that the current ATC results are obtained after the activation of an ABAP object.

Is the state of the approvals held on the ATC central check system or on the local checked system?

On the ATC central check system.

How is the finding exactly referenced (code or source code line)?

A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

How expensive are remote ATC checks with respect to memory usage, execution time etc.?

During an ATC check run, an object model is created in the checked system and transferred to the ATC central check system. The various checks are performed on this model in the ATC central check system. The object models are stored in a cache to minimize the time taken to create and transfer the model.

Memory consumption is strongly dependent on the number and complexity of the objects to be checked.

What about release dependent ATC checks? Various AS ABAP releases may contain different ABAP statements and commands, which must be checked differently.

This release dependency is taken into account in the ATC checks and explained in the checks documentation.

The ATC can be configured so, that it will run during transport release and the transport request will not be released in case of errors or warnings. Is this automatic check also planned for release of tasks and transport of copies?

It is planned to configure the automatic ATC check so that it is executed during the tasks release.

Can I restrict the ATC check only to my custom code (no check for SAP code)?

You can configure which objects will be checked (e.g. all objects of a package). It is planned not to display results within SAP includes, which are included in customer objects.

Does the central ATC system need to know the release of the checked system e.g. to check differently if applicable?

No.

Can I extend the scope of the Remote Stubs, e.g. in order to add specific DDIC information for my own remote checks?

An extension for your own remote checks is not yet planned.

We practice “collective code ownership”. Is there a way to address findings to the last user, instead of to the person responsible for the object?

This is not currently possible. However, such a functionality is planned in the future.

Can I mark already processed findings?

This is not currently possible. However, such a functionality is planned in the future.

During ATC remote checks run: will the ABAP Unit tests run on the local system?

The ABAP Unit tests must always be executed on the local system. This task cannot be carried out by the ATC central system.

Is a check for searching pragmas or pseudo-comments are also planned? Background: Detect and approval process for unwanted pragmas (configurable)?

A check for searching pragmas or pseudo-comments is currently not planned. It is, however, possible to configure ATC check runs in such a way that the results are displayed despite pragmas / pseudo-comments.

For more information see Configuring Run Series in the Central System  on the SAP Help Portal.

Are there ATC checks for Web Dynpro?

The remote ATC checks are currently not applicable for Web Dynpro / Dynpro

What happens to my exemption when I change the coding?

If you request an exemption for a single finding, this exemption will be valid as long as you don’t change the coding or the relevant context of that finding. As long as you only change coding that does not affect the finding (for example you change something in line 20 of an include and the finding marks code in line 200), the finding will be recognized as the same and thereby also the exemption stays valid.

ATC and ABAP Development Tools (ADT)

Can the ATC messages be displayed automatically in Eclipse as e.g. compiler messages?

No, there is currently no automatic check by the ATC.

 

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

  1. Ian Stubbings

    Hi Olga

    Great blog on some very exciting functionality. I have been waiting for this since the ATC was introduced as we have a large landscape with multiple SAP systems on various versions that is very difficult to manage.

    One question on the release of transports. Can the block of transports also be governed centrally?

     

    Thanks

    Ian

    (0) 
  2. Olga Dolinskaja Post author

    Hi Ian,

    ATC transport checking is meant primarily for use in development systems by developers who release the transport. QM or admin can specify the release policy with respect to ATC findings. Developers can use Remote Code Analysis in ATC to check their transports in local development systems with the ATC central system checks (this is possible if the central ATC is set up on SAP NetWeaver 7.51 SP1).

    Does it answer your question?

    Best Regards,

    Olga.

    (0) 
    1. Ian Stubbings

      Hi Olga

      Just returning to this as we have now installed a 7.51 SP02 system for central ATC checks.

      I’d like to use the central ATC system exclusively for blocking transports on the remote systems but I do not see the option for this in the ATC config. In fact there is no option at all for blocking transports that I can see.

      Please advise.

      Thanks

      Ian

      (0) 
      1. Michael Schneider

        Hi Ian,

        for this approach you have to use the remote code analysis in ATC for developer as described in another blog by Olga: https://blogs.sap.com/2017/02/27/remote-code-analysis-in-atc-for-developers/

        You can then configure blocking transport requests by procssing the following steps in the remote system:

        1. Start transaction ATC
        2. Choose “ATC Administration > Setup > Basic Settings”.
        3. Specify the check variant which has to refer to a check variant in the central check system
        4. Set the behavior on transport release to “Block on any error” as shown in the screen shot

        Did you try this?

        Michael

        (0) 
  3. Markus Katzberg

    Dear Olga,

     

    Very interesting blog and very exciting to see the question part:

    ATC and Solution Manager

    We would like to analyses the code for a big system landscape with approx. 15 SAP Systems (also S/4HANA). The solution manager 7.2 with ChaRM should be the central system to control the development/customizing (transports). If the tests are successful and before the transport will be released, an automatic code check should be run in background. If I understood you correctly, SolMan 7.2 with Netweaver 7.4 can be used for ATC but not all new features. My problem is, that I cannot find a how to for SolMan 7.2 to configure/customize the function of code analyses in ChaRM. Do you have a link for me?

    Thank you in advance.Kind regards,

    Markus

     

    (0) 
  4. Ian Stubbings

    Hi Olga

    I have another question in regard to the variant used for the remote checks.  I would like to make use of the extended syntax checker but not the CVA. Currently I get an error when adding in the extended syntax checker to the variant. The remote system dumps with a SLINRMT_RUN is not present error.

    Do I have to license the CVA to use the standard SLIN remotely?

    Regards

    Ian

    (0) 
    1. Olga Dolinskaja Post author

      Hi Ian,

      you don’t need the CVA license, but you need to implement the SAP Note 2196792. Then you can use SLIN remote.The requirement stated in the note that a CVA license must be available, is in this case not necessary, because you will not use CVA.

      Best Regards,

      Olga.

      (0) 

Leave a Reply