Skip to Content
Technical Articles
Author's profile photo Olga Dolinskaja

Remote Code Analysis in ABAP Test Cockpit (ATC) – FAQ

This document tries to answer the most important questions about the Remote Code Analysis in ABAP Test Cockpit (ATC).

With the SAP NetWeaver AS ABAP 7.51 innovation package SAP customers and partners can perform Remote Code Analysis in ATC which allows to analyze remotely with the latest checks custom code even in older systems using only one system for ATC (SAP_BASIS >= 7.51).

For more information about Remote Code Analysis in ATC please take a look at the Remote Code Analysis in ATC – One central check system for multiple systems on various releases.

If you have common questions, which should be answered in this collection, you can propose them here, in case you are interested to discuss more specific topics please take part at the forum/discussions.

Frequently Asked Questions

General Setup

ATC and Code Vulnerability Analyzer (CVA)

ATC and Solution Manager

Core Concepts

ATC and ABAP Development Tools (ADT)

Frequently Asked Questions

General Setup

What are the total license costs for the initial setup of ATC including the new SAP NetWeaver AS for ABAP 7.51 or 7.52 system? Do we have to extend every developer license?

ABAP Test Cockpit is part of the SAP NetWeaver license. Since the ATC central check system acts only as runtime system for the ATC checks, there are no additional license costs.

The prerequisite for the additional security checks is the installation of SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) which is the separate fee-based product with additional license costs.

Do we really need one extra system for only running ATC? Do we need then one central ATC for all systems in the system landscape?

We recommend to setup one extra system for ATC. This system can check with ATC multiple systems in your landscape.

Do I need to implement any special SAP Note in older SAP systems?

Yes, you need to implement the SAP Note 2270689 in older SAP Systems. For the future developer scenario you will need to implement further SAP Notes, which will be provided later.

 

ATC and Code Vulnerability Analyzer (CVA)

Do we need to pay separate license costs for security checks?

Yes. SAP NetWeaver AS, add-on for Code Vulnerability Analysis (CVA) is the separate fee-based product with additional license costs.

Further information about CVA is on the SAP Community Wiki:  SAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis

What does Code Vulnerability Analysis (CVA) deliver additionally to ATC?

ATC provides general check infrastructure including standard checks for functional correctness and performance. CVA delivers additional security checks, which can be integrated into ATC.

 

ATC and Solution Manager

Can I reuse our SAP Solution Manager system for setting up the ATC central system there?

We recommend a really new system as ATC central system. The Solution Manager is currently based on a low SAP NetWeaver release (SolMan 7.2 is based on SAP NetWeaver 7.4). The minimum release for the central ATC system is SAP NetWeaver AS ABAP 7.51. Besides this you would need to upgrade Solution Manager system each time you want to apply new ATC checks, that is the unnecessary effort.

What about the integration into the ChaRM prozess? Can I track the ATC check results in the Solution Manager?

Yes, the ATC is integrated into the ChaRM process. Just with the Solution Manager 7.2 the display of ATC results was improved. When the request is released by ChaRM, the results are displayed in the Solution Manager.

See also how ATC checks are integrated into the ChaRM in the Solution Manager 2.0 documentation on SAP Help Portal

Can I set the central ATC system equal to the central CCLM system?

Since the CCLM system is currently based on the Solution Manager, you cannot set the central ATC system equal to the central CCLM system.

ChaRM: Is it possible to run ATC checks at status change to “To Be Tested” analogous to “Critical Objects”?

The ATC checks run automatically only if the status is set to „Successfully Tested“(during release of original tasks). But you can also run ATC checks any time on demand (is possible starting with Solution Manager 7.2 SP3)

 

Core Concepts

Is it possible to check only new ABAP code during transport release in Transport Management System and let the old ABAP code pass?

By making use of the baseline in the ATC, findings in old ABAP code can be excluded. Only when new findings are added or if ABAP statements are changed within the old findings, these findings will be reported again. The baseline concept is available with SAP NetWeaver AS ABAP 7.51 innovation package. See also the SAP Community blog Remote Code Analysis in ATC – Working with Baseline to suppress findings in old legacy code.

Can the ATC check runs be planned periodically?

Yes, the ATC check runs can be planned periodically on the ATC central system. For more information see Scheduling Run Series in the Central System  on the SAP Help Portal.

Can the ATC checks be integrated into the standard syntax check?

No, it is currently not possible. However, we plan to integrate the ATC into the activation process so that the current ATC results are obtained after the activation of an ABAP object.

Is the state of the approvals held on the ATC central check system or on the local checked system?

On the ATC central check system.

How is the finding exactly referenced (code or source code line)?

A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

How expensive are remote ATC checks with respect to memory usage, execution time etc.?

During an ATC check run, an object model is created in the checked system and transferred to the ATC central check system. The various checks are performed on this model in the ATC central check system. The object models are stored in a cache to minimize the time taken to create and transfer the model.

Memory consumption is strongly dependent on the number and complexity of the objects to be checked.

What about release dependent ATC checks? Various AS ABAP releases may contain different ABAP statements and commands, which must be checked differently.

This release dependency is taken into account in the ATC checks and explained in the checks documentation.

The ATC can be configured so, that it will run during transport release and the transport request will not be released in case of errors or warnings. Is this automatic check also planned for release of tasks and transport of copies?

It is planned to configure the automatic ATC check so that it is executed during the tasks release. Implemented with the SAP note 2495410.

Can I restrict the ATC check only to my custom code (no check for SAP code)?

You can configure which objects will be checked (e.g. all objects of a package). With AS ABAP 7.52 the coverage of checked source code was improved and the findings in SAP includes and generated code are ignored.

Does the central ATC system need to know the release of the checked system e.g. to check differently if applicable?

No.

Can I extend the scope of the Remote Stubs, e.g. in order to add specific DDIC information for my own remote checks?

An extension for your own remote checks is not yet planned.

We practice “collective code ownership”. Is there a way to address findings to the last user, instead of to the person responsible for the object?

This is not currently possible. However, such a functionality is planned in the future.

Can I mark already processed findings?

This is not currently possible. However, such a functionality is planned in the future.

During ATC remote checks run: will the ABAP Unit tests run on the local system?

The ABAP Unit tests must always be executed on the local system. This task cannot be carried out by the ATC central system.

Is a check for searching pragmas or pseudo-comments are also planned? Background: Detect and approval process for unwanted pragmas (configurable)?

A check for searching pragmas or pseudo-comments is currently not planned. It is, however, possible to configure ATC check runs in such a way that the results are displayed despite pragmas / pseudo-comments.

For more information see Configuring Run Series in the Central System  on the SAP Help Portal.

Are there ATC checks for Web Dynpro?

The remote ATC checks are currently not applicable for Web Dynpro / Dynpro

What happens to my exemption when I change the coding?

If you request an exemption for a single finding, this exemption will be valid as long as you don’t change the coding or the relevant context of that finding. As long as you only change coding that does not affect the finding (for example you change something in line 20 of an include and the finding marks code in line 200), the finding will be recognized as the same and thereby also the exemption stays valid.

Is it possible for a customer to scan partner add-ons?

In case you as a customer want to scan partner add-ons in your system you have to register the namespace of the add-on via the report SATC_AC_INIT_NAMESPACE_REG.

You can check the documentation of the report for further details. In system older than SAP NetWeaver AS ABAP 7.50 you have to apply the SAP note 2215288 to enable this feature.

Is it possible to run ATC checks when releasing transport tasks?

Yes, this is possible. You have to enable this feature by applying the SAP note 2495410.

Which BAdIs can I use to implement extension points for ATC?

You can implement SATC_CONTACT_PERSON to determine contact person of a development object (default is TADIR-AUTHOR) and SATC_USER_ACCOUNT to determine email address of a user (default is from user data of transaction SU02).

How can I view a central ATC check result in my developer system?

Please refer to the blog Remote Code Analysis in ATC – Browse Central ATC Result in Developer Systems.

How can I decide on which granularity an exemption can be applied?

In transaction ATC you will find the “Admissible Exemption Request” tool to specify if you want to allow exemptions on finding, object or package level.

Can I run remotely ABAP Unit tests?

Yes, you can execute ABAP Unit Tests remotely with the ABAP Test Cockpit if you implement the SAP Note 3037465.

How can I see which objects were included in an ATC mass run?

You can use the expert options Expert->Display Object Keys in the transaction ATC under “Monitor and Control Runs”. The list of object keys will show you all the objects that were checked within an ATC run.

I want to run local ATC checks on my central ATC check system. Is it possible?

Yes, it is possible. You just need to enable local ATC checks for your central ATC check system as per SAP Note 2696969.

Can the same person request and approve an ATC exemption?

No, this is not possible. ATC forces the 4-eyes-principle here.

Can the baseline be managed centrally, e.g. via permissions, so that a local developer cannot deactivate the baseline?

Yes, there is an authorization for it. It is the same as for granting an exemption: S_Q_GOVERN

Our central ATC check system is on the SAP NetWeaver AS ABAP 7.52 (SAP_BASIS 7.52) release. Is it possible to use it to check an SAP S/4HANA system?

No, you need to upgrade it. The central ATC check system must be always on the higher release as the checked system.

In which environments: development, test or productive SAP recommends to execute ATC runs?

Local ATC runs should be executed by developers on the development systems over their individual developments. Development teams can additionally schedule periodic mass ATC runs on development systems.  Central ATC mass runs should be scheduled in the consolidation or test systems by quality experts. ATC runs should never be executed in productive environments.

ATC and ABAP Development Tools (ADT)

Can the ATC messages be displayed automatically in Eclipse as e.g. compiler messages?

No, there is currently no automatic check by the ATC.

 

Assigned Tags

      142 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      Great blog on some very exciting functionality. I have been waiting for this since the ATC was introduced as we have a large landscape with multiple SAP systems on various versions that is very difficult to manage.

      One question on the release of transports. Can the block of transports also be governed centrally?

       

      Thanks

      Ian

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Ian,

      ATC transport checking is meant primarily for use in development systems by developers who release the transport. QM or admin can specify the release policy with respect to ATC findings. Developers can use Remote Code Analysis in ATC to check their transports in local development systems with the ATC central system checks (this is possible if the central ATC is set up on SAP NetWeaver 7.51 SP1).

      Does it answer your question?

      Best Regards,

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      Just returning to this as we have now installed a 7.51 SP02 system for central ATC checks.

      I'd like to use the central ATC system exclusively for blocking transports on the remote systems but I do not see the option for this in the ATC config. In fact there is no option at all for blocking transports that I can see.

      Please advise.

      Thanks

      Ian

      Author's profile photo Michael Schneider
      Michael Schneider

      Hi Ian,

      for this approach you have to use the remote code analysis in ATC for developer as described in another blog by Olga: https://blogs.sap.com/2017/02/27/remote-code-analysis-in-atc-for-developers/

      You can then configure blocking transport requests by procssing the following steps in the remote system:

      1. Start transaction ATC
      2. Choose "ATC Administration > Setup > Basic Settings".
      3. Specify the check variant which has to refer to a check variant in the central check system
      4. Set the behavior on transport release to "Block on any error" as shown in the screen shot

      Did you try this?

      Michael

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Michael

      Thanks for the reply - we are only just now starting to apply the required notes on one of our production support systems. This is only on 7.01 though so I assume we will have to apply note  2375864.

      I also assume I will not able to block transports since I cannot use the ATC?

      Regards

      Ian

       

      Author's profile photo Markus Katzberg
      Markus Katzberg

      Dear Olga,

       

      Very interesting blog and very exciting to see the question part:

      ATC and Solution Manager

      We would like to analyses the code for a big system landscape with approx. 15 SAP Systems (also S/4HANA). The solution manager 7.2 with ChaRM should be the central system to control the development/customizing (transports). If the tests are successful and before the transport will be released, an automatic code check should be run in background. If I understood you correctly, SolMan 7.2 with Netweaver 7.4 can be used for ATC but not all new features. My problem is, that I cannot find a how to for SolMan 7.2 to configure/customize the function of code analyses in ChaRM. Do you have a link for me?

      Thank you in advance.Kind regards,

      Markus

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Markus,

      ATC needs to be configured and turned on in each of your systems, managed by SolMan.  Take a look at ATC setup guide and SAP Help: how ATC checks are integrated into the ChaRM.

      Best Regards,

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      I have another question in regard to the variant used for the remote checks.  I would like to make use of the extended syntax checker but not the CVA. Currently I get an error when adding in the extended syntax checker to the variant. The remote system dumps with a SLINRMT_RUN is not present error.

      Do I have to license the CVA to use the standard SLIN remotely?

      Regards

      Ian

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Ian,

      you don't need the CVA license, but you need to implement the SAP Note 2196792. Then you can use SLIN remote.The requirement stated in the note that a CVA license must be available, is in this case not necessary, because you will not use CVA.

      Best Regards,

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Thanks Olga. We have now implemented this note and can call SLIN remotely.

      Author's profile photo Former Member
      Former Member

      Hi Olga,

      This is a great blog, what do I need to do if I want to disappear this check? please could you help me?

      Best regards

      Daniel

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Daniel,

      could you please provide more context information: what do you do and which check tool do you use.

      Thanks,

      Olga

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      I was expecting to see the SATC* roles in my new Central ATC but it appears they are not present.

      Has something been missed from the installation or is this standard?

      Regards

      Ian

      Author's profile photo Former Member
      Former Member

      Hi Olga,

      Thanks for your blog.

      When i am implementing the note 2270689 after implementing pre-requisite note 2011106 and after creating manual steps like function group creation. The note has been implemented with a syntax error in class : CL_DYNP_COMP_PROCS_E" public section type "IF_SCA_CODE_ASSIGNMENT_SERVICE=>TY_CLASSIFICATION" is unknown.

      The above said error cannot be solved as the type does not exist. Could you please suggest any idea on this? Are we missing any other steps or note?

      Thanks

      Jay

       

      Author's profile photo Michael Schneider
      Michael Schneider

      Hi Jay,

      Most probably SAP Note 2485231 has to be applied to your system. This note should solve the syntax error mentioned above.

      I hope this helps.

      Michael

       

      Author's profile photo Steve Chai
      Steve Chai

      I am also getting similar error "class : CL_DYNP_COMP_PROCS_E” public section type “IF_SCA_CODE_ASSIGNMENT_SERVICE=>TY_CLASSIFICATION” is unknown" .

      OSS note 2485231 is child OSS Note included in OSS note 2270689. Should we do OSS Note 285231 first.

      Any recommendation to fix this issue.

      Author's profile photo Michael Schneider
      Michael Schneider

      Hi Steve,

      I guess there is a typo in SAP Note number 285231. It seems there one digit is missing. Would you double-check the note number, please?

      Thanks
      Michael

       

      Author's profile photo Markus Katzberg
      Markus Katzberg

      Hi Olga,

      We use SolMan 7.2 with ATC in ChaRM to check code on several systems. It works fine but we have an S/4HANA ERP with NetWeaver 7.52 and cannot control the new features for e.g. Check Pretty Print State. Is there a possibility to check automatically also the new code analyze features? I am thinking of a workaround like: if the developer release the task in the managed system, atc will check the code with all features local and additionally in the SolMan. Is this possible to use local code inspector and add. The solman check?

      Thank you in advance

      Kind regards,

      Markus

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Markus,

      yes, as developer you can check your code locally on your NetWeaver 7.52 system with the local Code Inspector variant using the new 7.52 ATC checks (see Getting Started with the ABAP Test Cockpit for Developers or ATC for Developers in Eclipse) during development tasks and also at transport release. Afterwards you can check it centrally on SolMan 7.2 with ATC in ChaRM. It will work.

      But please consider, that the ATC checks in SolMan 7.2 (NetWeaver 7.4) are older then in your local NetWeaver 7.52 system and may deliver other results for your 7.52 code. We recommend a really new (>=7.51) system as ATC central system with the newest ATC checks.

      Best regards,

      Olga.

      Author's profile photo Markus Katzberg
      Markus Katzberg

       

      Hi Olga,

      Thank you for the information and sorry for the late feedback.

      Now, we will use the ATC on SolMan only as additional service, primary we will use the ATC on the systems by automatic start after release of a task.

      BR

      Markus

      Author's profile photo Schady Sayed
      Schady Sayed

      Hi Olga,
      Assuming we only need the ATC S/4 HANA checks for an ERP upgrade. Is it possible and useful to use a SAP CAL system?

      Another question: Is there any official information that the Solution Manager will soon be running on NetWeaver 7.51/7.52?

       

      Thanks in advance!

      Kind regards,

      Schady

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Schady,

      Yes, you can use ABAP 7.51/7.52 CAL system. Regarding Solution Manager on NetWeaver 7.51/7.52 all official information is provided here. Please also refer to the SAP Solution Manager Community or post this question there.

      Best regards,

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      Is there any guidance on using the two BAdIs - SATC_CONTACT_PERSON and SATC_USER_ACCOUNT?

      We have been testing with SATC_CONTACT_PERSON and so far when breakpointing the BAdI, we have seen it stopping constantly for SAP inspection type classes, but not for the custom object actually being inspected.  See image below.

      We would like to change the person responsible from the author to the person who is actually currently modifying the object.

      For the SATC_USER_ACCOUNT, we would then like to use the changed user (as above) to then search either the remote system for the email address or connect via LDAP to get the email address.

      Any advice great appreciated 🙂

      Regards

      Ian

       

      Author's profile photo Axel Jebens
      Axel Jebens

       

      Hi Ian,

      The BAdI has two methods which are called depending on the use-case (local ATC checks or remote checks from the central check system).

      Because in the central check system, the object, an exemption was requested for, does not necessarily exist, the contact is stored in a local database table SATC_AC_CONTACTS. This only happens when a new exemption is created. You can see that there is a method get_Contact_Person_4_Sys_Group which should be used in the remote scenario. The use of the BAdI is an option if the field TADIR-AUTHOR cannot be used to determine the right contact because the data are outdated or not valid for any reason.

      The BAdI will be called during ATC runs but in this case, the table SATC_AC_CONTACTS will not be filled. Please note that you won't probably recognize the call because ATC is using background jobs. You can debug jobs online by using SM37 or run ATC from the ABAP workbench. In order to be able to debug the BAdI, you can temporarily use the internal parameter ATC_TEST1 which is really just for debugging (parallelization will be switched off).

      Does this information help? If not, just let me know!

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Axel

      Thanks for the response, the information is very valuable.

      So what I understand is that SATC_AC_CONTACTS is only populated when a remote scan is completed from the remote system to the central system and not the other way round?

      Is it possible to implement the get_Contact_Person method on the remote system to then provide the correct name both locally and when the central run is executed from the central system?

      Thanks

      Ian

      Author's profile photo Axel Jebens
      Axel Jebens

      Hi Ian,

      The table SATC_AC_CONTACTS is updated only when exemptions are saved. During the ATC run, the BAdI is processed but the database table is not updated.

      In the remote scenario, the BAdI is also called on the side of the checked system (during the ATC run), so this should answer your question.

      You probably do not need to understand this completely since the effect should be that the contact person will be determined by use of the BAdI. The database table is an implementation detail.

      I do admit that usage of the BAdI is not quite self-explaining in the remote scenario.

      Best Regards,

      Axel

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Thanks again Axel. I will try to get the details I need on the remote system then.

      I have also just read that this functionality will be standard soon. Fingers crossed it will be on a 7.51 system and not just 7.52.

      Also, can you shed any light on the SATC_USER_ACCOUNT enhancement spot?  I'd like to use this to find the email address of the users in the result list from a central or indeed remote scan.

      Cheers

      Ian

       

       

      Author's profile photo Gregg Hinkle
      Gregg Hinkle

      Hi Olga,

       

      We are only on NW 7.02. I have configured ATC to perform central runs in the quality environments in each managed environment and then push the results down to our development system. However we are now implementing CCLM and want to use the ATC results that are occurring in the quality environments in our managed system for the quality measurements in CCLM. We are gathering the rest of the data in CCLM (usage, custom development objects, etc) from our production environments in our managed systems, but the production environments do not have the ATC results. How can I use the ATC results from our quality environments in CCLM when the rest of the data is coming from our production environments in our managed systems.

       

      Thanks,

      Gregg Hinkle

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Gregg,

      CCLM/SolMan can fetch the ATC results from your managed system ans display them. You can setup/configure ATC extractor at CCLM setup. Take a look at respective CCLM guides. SolMan Wiki Custom Code Management

      Regards,

      Olga.

      Author's profile photo Bärbel Winkler
      Bärbel Winkler

      Hi Olga,

      we are currently in the planning phase to set up a central ATC-system but for now still have the ATC-checks directly in the various development systems. These are set up to run checks during transport release but to not prevent it even with 1 and 2 errors mentioned.

      One problem we have is, that we get a lot of false positives displayed in the list where the code actually contains pseudo comments like "#EC CI_ALL_FIELDS_NEEDED ". When I run the ATC-check with the same global check-variant manually for a program affected by this, I have the option "SP suppress findings" for handling pragmas and pseudo-code. Is it possible to likewise suppress these messages during transpoort release in our current 7.50 system and later with a central ATC-system on 7.52?

      These false positives are quite a nuisance for our developers as they mask any real issues which should be fixed. And if the list of messages gets too long, nobody actually bothers - understandably - to check them all out, let alone correct any code.

      Thanks and Cheers

      Baerbel

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Baerbel,

      actually ATC findings in code marked with a pseudo-comment should not come up during transport release (also in 7.50). I recommend to open an OSS message.

      Best regards,

      Olga.

      Author's profile photo Bärbel Winkler
      Bärbel Winkler

      Thanks, Olga!

      I'll keep that in mind for the next time I happen upon a "good" example to describe in an OSS-message.

      Cheers

      Baerbel

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi All

       

      Just a small update on my use of the SATC_USER_ACCOUNT enhancement spot to get the email address of userids not present on the Central ATC system.

      I have now successfully created a BAdI implementation to check the remote system for the user if not found locally. This is an interim solution of course as once you get above a couple of systems it will not be a good solution. The code change is in the standard_provider->get_from_repository method.

      Another option I looked at was setting up an LDAP connector to then query via this route if the user was not found locally. The option above was quicker and dirtier 🙂

      Regards

      Ian

       

      Author's profile photo Bhavin A Shah
      Bhavin A Shah

      Hello Olga,

      We are using SAP Netweaver 7.52 as our central system but I do not see the option to replicate results from Manage Results node in ATC administration. I have also maintained the replicate targets for the same. Is there a restriction in 7.52?

      Best Regards,

      Bhavin

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Bhavin,

      there is no restriction in 7.52. Please check if you configured ATC for central quality checking properly. You can Replicate an ATC Central result to the Satelite Systems.

      Best regards,

      Olga.

      Author's profile photo Bhavin A Shah
      Bhavin A Shah

      Hi Olga,

      I checked the setup twice but could not see any difference there. Also to be more specific, I did remote analysis with 7.52. Below is the screenshot from ATC and I could not see replicate button there.

      Best Regards,

      Bhavin

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Bhavin,

      looks like an error somewhere in your configuration or your user doesn’t have the appropriate ATC authorization role.

      Regards,

      Olga.

      Author's profile photo Bhavin A Shah
      Bhavin A Shah

      Hi Olga,

      I checked all the authorizations and it seems to be fine. I have already raised OSS message for the same. But I found following in manage results code. Is that like we cannot replicate remote analysis results back to satellite system?

      Best Regards,

      Bhavin

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Bhavin,

      I talked to ATC development and found out that for compatibility reasons in remote ATC scenario, ATC results can not be transferred from the central ATC system to connected systems. Therefore, the replication function does not currently exist in the central ATC system.

      Sorry for the whole confusion caused by my answers above. This restriction must be documented properly.

      Best regards,

      Olga.

      Author's profile photo Tom Peters
      Tom Peters

       

      Olga,

      We have the same issue with the replicate button missing. So, Is it a requirement that the code base that is being checked be resident on the ATC Central Check system?

      Thank you,

      Tom

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Tom,

      yes, now this restriction still exists.

      Regards,

      Olga.

       

      Author's profile photo Tom Peters
      Tom Peters

      Now you've made me confident in my understanding of the documentation.

      Thank you Olga.

      Author's profile photo Jochen Klausmeyer
      Jochen Klausmeyer

       

      Hi Olga,

      We setup a new Remote ATC system on base of SAP NetWeaver 7.52. We wanted to use this system for central check runs and for replications of the results to our development systems. We don't want to have our developers on the central ATC system (for license reasons). Now I read in this chat that the replication isn't available in 7.52 anymore.

      Will the replication be brought back in (near) future? Is there any other option to see the results of the central ATC system in the development systems? Can you tell us which compatibility reasons are responsible?

      Regards,
      Jochen

      Author's profile photo Norbert Frühwein
      Norbert Frühwein

      Hi Jochen,

      is there some good news on the "publish the central results to the satelite systems"?

      I´m struggeling with the same missing button, not properly documented.

      So how is the setting, that is proposed by SAP as an alternative?

       

      Best regards

      Norbert

      Author's profile photo Jochen Klausmeyer
      Jochen Klausmeyer

      Hi Norbert,

      There was a misunderstanding. In the scenario of Remote ATC with a central ATC system there is no option to publish the ATC results to from the central system to the satellite systems. This is only possible if the check are run in the local system (landscape) i.e. to publish the results from a consolidation system to the development system.

      With Remote ATC the solution for us was to run the checks in the local development system using the remote ATC checks. In this scenario you configure the check variants in a way that the call corresponding checks in the central system. To do this you need to define a reference check system in transaction SCI (menu "Code Inspector -> Management of -> Reference Check System"). With this in the check variants there is the option to run checks "In reference check system".

      We don't need to publish the check results anywhere. But I suppose that it should be possible to "Distribute Result to" during a Schedule of run series. We didn't try.

      Best regards,
      Jochen

      Author's profile photo Norbert Frühwein
      Norbert Frühwein

      Hi Jochen,

      thanks for your reply - thats what I was searching for.

      Saphelp - german

      Best regards

      Norbert

       

      Btw:

      Yesterday in Walldorf there was the presentation of Readiness Check 2.0:

      Simplification Item Check The check now contains 16 activities; the findings are categorized according to how critical they are, which doings can already be done in the ERP system, which dependencies exist on other objects.
      Custom  Code For better analysis, the ATC checks can be uploaded to the SAP Readiness Check. A better overview of which areas are affected and whether quickfixes are available should be provided in a formatted form.
      Data Volume Management Includes 16 archiving objects. Without Customizing / or system settings, information about the archiving objects is delivered. The customer receives information about the data usage and is authorized to make without much analysis thoughts about the archiving.
      Business Reality Check Provides information about the state of the system. As with Data Volume Management, extensive information about the status of the system is provided here, for example, which documents were created and how many, which Customizing was never used. Here, too, SAP wants to provide the customer with an improved assessment option on a larger analysis basis.
      Zugriff auf das Dashboard für Externe Access to the dashboard was previously only possible via an S-User. A P user is now sufficient for this; the prerequisite is that every system owner authorizes it accordingly. This means that implementation partners can now also access the dashboard.
      Interfaces / Integration Enhanced options for checking Idoc compatibility and BW extractors
      HANA Sizing Now it is possible to plan into the future (which amount of data will be generated) in order to determine a reliable HANA database size.
      Author's profile photo Franziska Decker
      Franziska Decker

      Hi all,

       

      does anyone know of a function to email the result of the ATC to certain people?

       

      Kind Regards

      Franzi

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Franzi,

      see E-Mail ATC Findings to Developers.

      Regards,.

      Olga.

      Author's profile photo Former Member
      Former Member

       

      Dear Olga,

      first of all, I would like to thank you for that informative blog of yours, it has helped us a lot so far.

      We are preparing remote checks from a separate ATC- instance, but are facing some problems. The ATC instance is on 7.52 SP01. We have applied notes 2364938, 2423013, 2527903, 2375392 within the check System and note 2270689 within the checked systems.

      Currently, a lot of SCI- checks are not applicable for remote usage. even when having applied the notes mentioned above. The following checks are vital for us and are unfortunately not yet rfc- / or extractor- based, so we cannot use them.

      General Checks:

      • CDS Modeling Check (SADL/BOPF)
      • Referenced Objects in CDS
      • Table Attribute Statistics
      • Table Names from SELECT Statements
      • Check of Database Procedure Proxies

      Performance Checks:

      • Low Performance Operations on Internal Tables
      • Nested Sequential Accesses to Internal Tables
      • Copy current table row for LOOP AT ...
      • Slow parameter passing
      • Copy Large Data Objects
      • Table Attributes Check
      • Find Interface Method Calls in Loops

      Syntax Check/Generation:

      • Complexity of CDS views
      • Syntax Check for DCL Sources

      Robust Programming:

      • Suspect Conversions

      S/4HANA Readiness:

      • S/4HANA: Search for S/4 related syntax errors

      Metrics and Statistics:

      • Number of Executable Statements Metrics
      • Procedural Metrics
      • FANOUT Structural Metrics
      • OO Size Metrics
      • ABAP WebDynpro Metrics

      CDS Metadata Extensions:

      • Syntax Check for CDS Metadata Extensions

       

      Did we miss some notes in order to get them working, or are they not yet available at all? Any hint would be highly appreciated.

       

      Thank you very much for your time and best regards,

      Martin

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Martin,

      unfortunately these checks are indeed not (yet) RFC-enabled. We are working on the RFC-enabling of the most essential SCI checks, they will be RFC-enabled by and by.

      Best regards,

      Olga.

      Author's profile photo Andreas Frank Roth
      Andreas Frank Roth

      Hi Olga,

      is there a possibility to mark (~ set Status) for single ATC Results in the ATC Run Results?

      Background:

      We use the ATC Hana Readiness Check in an S/4 Hana Upgrade Project (NW 7.53) and did a check on our existing Coding which results in more than 1000 Findings -> Based on our experience -> Some Checks are a little bit "special" means out of 800 findings only maybe 150 are relevant => Now we want to mark those irrelevant Findings as "irrelevant/ignore/don´t check anymore" without using pseudo comment (touching too many Objects just for that"). Functionality comparable with the Notes Funtionality in Solution Manager. Is there a possibility for this?

      Andreas

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Andreas,

      you can use baseline to exclude after the first ATC run these findings from the ATC result so that at the second ATC run they will be treated as a special kind of exemption and will not appear in your ATC result list.  See my blog https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-working-with-baseline-to-suppress-findings-in-old-legacy-code/.

      P.S. We don’t have NW 7.53 ?

      Regards,

      Olga.

      Author's profile photo Łukasz Pęgiel
      Łukasz Pęgiel

      Hello Olga,

      we've setup the Central ATC system in our company, but when I want to use Eclipse to see the central results of the ATC then I'm receiving information that "System does not support result browsing".

      Do we miss any settings in SICF or somewhere else?

      Cheers
      Łukasz

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Łukasz,

      it is not currently yet possible to browse the central ATC results in Eclipse, if the system is setup as ATC central system (system role "ATC Checks by Object Providers only"). But this functionality is already scheduled for development.

      Regards,

      Olga.

      Author's profile photo Łukasz Pęgiel
      Łukasz Pęgiel

      Thanks for explaining, I'm waiting for this development 🙂

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Łukasz,

      now you can browse central ATC results in Eclipse of connected dev systems.Please refer to the https://blogs.sap.com/2016/12/22/remote-code-analysis-in-abap-test-cockpit-atc-faq/comment-page-1/#_Toc470164283 and the blog mentioned there.

      Kind Regards,

      Olga.

      Author's profile photo Baajeerao Dabhade
      Baajeerao Dabhade

      Hi Olga ,

      Do we have the functionality now on ADT or not yet?

      We are also having same problem in ADT.

      We have S/4Hana Sandbox NW 7.53 and ADT in HANA Studio version

      Version: 2.3.28

       

      -Cheers

      Baajee

       

      Author's profile photo Baajeerao Dabhade
      Baajeerao Dabhade

      Also I am looking for below option "Set to Active Result" while creating scheduling ATC run on Central ATC system.

      Here are screen prints as Actual and as Expected.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Baajee,

      not yet, but it will come this year.

      Regards,

      Olga.

      Author's profile photo Baajeerao Dabhade
      Baajeerao Dabhade

      Thanks a lot. Looking forward to this functionality.

      Author's profile photo Baajeerao Dabhade
      Baajeerao Dabhade

      Hi Olga ,

      Do we have this functionality on ADT?

      We have latest ADT but still the same error.

       

      -thanks & regards

      Baajeerao Dabhade

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Baajeerao,

      this functionality is now available. To enable it please refer to the https://blogs.sap.com/2016/12/22/remote-code-analysis-in-abap-test-cockpit-atc-faq/comment-page-1/#_Toc470164283 and the blog mentioned there.

      Kind Regards,

      Olga.

      Author's profile photo Matias Villagarcia
      Matias Villagarcia

      Hello Olga Dolinskaja

      I've been testing the new ATC baseline feature because we have a lot of legacy code, however either it doesn't seem to be working as expected or i'm doing something wrong.

      I made a test program that displays some messages, then i added the results to the baseline, after modifying the program again (I added some code in the middle of a perform, almost all messages appeared again).

      I opened an message with SAP Support but don't think they are understanding the issue here.

      Could you please advice?

      Thank you.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hello Matias,

      I just copy & paste my answer to the simular question from the baseline blog:

      The baseline is effective as long as the related code sections remain unchanged: if the code is changed or a new code is added, the unique identifier for each ATC finding changes so that it does not match any more with the finding that has been added to the baseline. Therefore you get the findings again if you add new source code to your program.

      Regards,

      Olga.

       

       

      Author's profile photo Matias Ariel VILLAGARCIA
      Matias Ariel VILLAGARCIA

      Hi Olga, thank you for your reply,

      Lets say i have this code:

      FORM f_obtener_datos.
      
      DATA: t_scarr TYPE TABLE OF scarr,
            wa_scarr TYPE scarr,
            t_spfli TYPE TABLE OF spfli.
      
      SELECT * FROM scarr INTO TABLE t_scarr.
      IF sy-subrc = 0.
      
        SELECT v~carrid v~connid v~fldate v~currency v~planetype v~seatsmax
               b~bookid b~customid b~passname
              INTO TABLE t_datos
              FROM SFLIGHT AS v
              INNER JOIN SBOOK AS b
              ON v~carrid = b~carrid AND
                 v~connid = b~connid
              FOR ALL ENTRIES IN t_scarr
              WHERE v~carrid = t_scarr-carrid.
       IF sy-subrc = 0.
      
       ENDIF.
      ENDIF.
      ENDFORM.

      This outputs, one priority 1 message, and three priority 2 messages.

      So i add this results to the baseline, and add the following code to the previous example:

      FORM f_obtener_datos.
      
      DATA: t_scarr TYPE TABLE OF scarr,
            wa_scarr TYPE scarr,
            t_spfli TYPE TABLE OF spfli.
      
      SELECT * FROM scarr INTO TABLE t_scarr.
      IF sy-subrc = 0.
      
        IF 1 = 2.
      
        ENDIF.
      
        SELECT v~carrid v~connid v~fldate v~currency v~planetype v~seatsmax
               b~bookid b~customid b~passname
              INTO TABLE t_datos
              FROM SFLIGHT AS v
              INNER JOIN SBOOK AS b
              ON v~carrid = b~carrid AND
                 v~connid = b~connid
              FOR ALL ENTRIES IN t_scarr
              WHERE v~carrid = t_scarr-carrid.
       IF sy-subrc = 0.
      
       ENDIF.
      ENDIF.
      ENDFORM.

      If i run the ATC again, the messages that were added to the baseline appear again.

      The code that existed previously didnt change, it just moved down. Pretty much any modification will cause code to move down, unless its a very small program and eveything is added at the end.

      I hope its clear what i mean.

      Thank you!

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Matias,

      again, as I said above: if the code is changed or a new code is added, the unique identifier for each ATC finding changes so that it does not match any more with the finding that has been added to the baseline. You added the new source code (IF statement) to your source code, meaning you changed it. Therefore you get findings again.

      Btw, why do you post your questions to FAQ and not to the baseline blog? If you had taken a look at baseline blog, you would have seen that there was similar question, which was already answered: https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-working-with-baseline-to-suppress-findings-in-old-legacy-code/comment-page-1/#comment-426417

      Regards,

      Olga.

      Author's profile photo Matias Villagarcia
      Matias Villagarcia

      Hi Olga,

      Thank you for the reply.

      I hope this can be enhanced in the future, I don't know how useful in this state this can be to us but i will keep testing it.

      I posted here, because of the FAQ question, that says:

      How is the finding exactly referenced (code or source code line)?

      A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

      Because it says the line can move, but maybe i understood it incorrectly, and yes, the base line post probably is the right place, sorry about that.

      Again, thank you.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Matias,

      the baseline concept works as designed: if the source code in baseline changes, the ATC must be rerun. The baseline is for the source code, which you don't intend to change: e.g. old legacy code, already checked and exempted. Therefore no enhancement is necessary for this.

      Best regards,

      Olga.

      Author's profile photo Raphael Hagi
      Raphael Hagi

      Hello Olga,

       

      The ATC can work with third-part tools to check vulnerabilities? I have some clients with Fortify SCA (Static Code Analyzer), this tool is able to scan ABAP source code, but I didn't find a way to integrate this in the same way described for SAP CVA,

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Raphael,

      yes, it is possible with SAP NetWeaver AS ABAP 7.52 SP1. See Replicating CVA results from ATC into Fortify SSC

      Kind Regards,

      Olga.

      Author's profile photo Markus Krätzschmar
      Markus Krätzschmar

      Hello Olga,

      I would like to bring up an older topic again.

      I would request a solution that would allow to use a Solution Manager (In our case 7.2 SP08 with a 7.4 NW release) as a central ATC.

      The SolMan is great tool-set. For us it is already a highly centralized system with connections into all other systems. We use it for ChaRM, for documentation, for monitoring and more.

      I already researched if we could upgrade the NW of the SolMan, but this is not possible :-(.

      Isn’t there a possibility to downport the central ATC solution to a SolMan NW system? Why do we need to set up an additional system, even if it is a pure NW, it costs additional hard- and software maintenance? For us, this additional system is unfortunately not feasible solution.

      KR

      Markus

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Markus,

      unfortunately as far as I know there are currently no plans to bring the Solution Manager to the newest NetWeaver release. This is currently the actual showstopper for your problem.

      The remote ATC infrastructure cannot be downported to the lower NetWeaver releases because of the technical feasibility and prerequisites for remote ATC infrastructure on these releases. It would also mean a huge development effort which we cannot afford. Besides this, if you setup Solution Manager and central ATC technically on one system, it would be impossible to get upgrades incl. new remote ATC features, since Solution Manager is "bound to" a certain NetWeaver release and you cannot simply upgrade NetWeaver underneath it.

      We recommend to setup a separate central ATC system for static checks and quality assurance in the whole landscape and connect it to the Solution Manager, since ATC it is integrated with ChaRM, CCLM tools of Solution Manger and so on.

      Regards,

      Olga.

      Author's profile photo Joe Valliparampil
      Joe Valliparampil

      Hi Olga,

       

      In this FAQ I noticed a question which is of interest to me:

      ____________

      Can the ATC checks be integrated into the standard syntax check?

      No, it is currently not possible. However, we plan to integrate the ATC into the activation process so that the current ATC results are obtained after the activation of an ABAP object.

      _____________

      Could you please update me if this is available now?

      Thank You,

      Joe.

       

       

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Joe,

      you can use the open source ADT plugin:

      https://marketplace.eclipse.org/content/abap-continuous-integration

      Regards,

      Olga.

      Author's profile photo Joe Valliparampil
      Joe Valliparampil

      Thank You.

      Author's profile photo Sebastian Koitka
      Sebastian Koitka

      Hi Olga,

       

      this plugin seems not to be maintained anymore. It is also not well integrated into the ADT. E.G. I cannot see findings of an ATC check triggered by the plugin in the source code.

      Do you see any possibility to integrate this into the ADT? I think it is a key feature of any software build process to execute all necessary checks during build...

       

      Gruß,

      Sebastian

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Sebastian,

      we have thought about integration of the ATC into the activation process so that the current ATC results are obtained after the activation of an ABAP object. But it is currently not in the development backlog in the near future.
      Regards,
      Olga.
      Author's profile photo Sebastian Koitka
      Sebastian Koitka

      🙁

      Author's profile photo Rukma Pasham
      Rukma Pasham

      Is it possible to perform ATC check for implicit enhancement points and display results?

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Rukma,

      with ATC on SAP NetWeaver AS ABAP 7.52 is is possible to scan enhancements and modifications in custom code.

      Regards,

      Olga.

      Author's profile photo Rukma Pasham
      Rukma Pasham

      Thank you for your reply Olga. Is it possible to scan enhancements to standard SAP programs?

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Rukma,

      yes, this is what I meant. Maybe not so clear formulated. Enhacements is the technology to enhance SAP standard code. When you write enhacements then it is your custom code.

      Regards,

      Olga.

       

      Author's profile photo Ami Selarka
      Ami Selarka

      HI ,

       

      Very helful blog.

      1 question.

      Do we also get details about VOFM routines here.

      These routines are provided by SAP to customer to add their own custom logic or any configuration.

      These are purely designed for customer business requirement.

      The way in which these are created in mentioned in below link, for reference: https://wiki.scn.sap.com/wiki/display/ERPLO/Routines+in+SD

      Routines from 600 to 999 are custom developments.

      . Do we get that too in ATC check results?

      Author's profile photo Gunnar Neidhardt
      Gunnar Neidhardt

      Hello Olga,

      we'd like to use the ATC also during releasing workbench orders/tasks among other "quality gates"...

      For that I created a "Check Variant" via TX SCI which we like to use for the mentioned ATC checks.

      As sometimes SAP standard coding is placed into custom code (for example standard Includes for maintaining table views is placed into custom function groups) we like to avoid to check these function groups among other workbench objects.

      Is it possible to limit the set of objects to be checked by ATC in general? In case of releasing a workbench order/task, doing ATC manually or in background?

      Thank you very much.

      Regards, Gunnar

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Gunnar,

      with AS ABAP 7.52 ATC doesn't check SAP standard coding within custom code (i.e. SAP includes, generated code etc.). But you cannot limit the set of objects: either you check all objects in your TR during transport release or if you schedule an ATC run, then you can define sets of objects, which will be checked with ATC.

      Regards,

      Olga.

      Author's profile photo srinivas sana
      srinivas sana

      Hi Olga.

      We are on ABAP 7.52 but ATC is still checking the SAP standard coding with in custom programs. Even i got a confirmation from SAP support agent, above statement is incorrect. He says that ATC will check standard code in custom program.

      Thank you, Srinivas

      PS: If can share support agent incident number as well, if required.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

       

      Is there a BAdI to bypass ATC checks based on transport data?  I ask as there is a scenario where we have large merged transports in one environment that we cannot scan due to the number of objects within.

      How can we automatically bypass the ATC checks? Unfortunately the transports are not ToCs which would of course not be a problem.

       

      I've just spotted the SATC_TRANSPORT_INTEGRATION BAdI but this is only for SAP internal use. Looks to be exactly what I am after.

      Any comments on this BAdI or another way to do the same thing?

       

      Regards

      Ian

      Author's profile photo Axel Jebens
      Axel Jebens

      Hi Ian,

      Please have a look at Enhancement Spot SATC_TRANSPORT_INTEGRATION, BAdI BADI_SATC_TRANSPORT_OBJECT: Enhancement spot to analyse, enrich or shrink list of object keys. There is also a short documentation available.

      Regards,

      Axel

       

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Axel

       

      This Enhancement spot is further extended with 2 more BAdIs in 754 but these are both internal use. Can they be made available to the customer?

       

      We would specifically like to have functionality to determine the variant to use based on the transport title in the satellite system.  Looking at the parameters for this interface, it looks likely that this BAdI will be a good fit.

      Regards

      Ian

      Author's profile photo Axel Jebens
      Axel Jebens

      Hi Ian,

      You are right, the BAdI would be a great fit. The BAdI has not been fully released for customers because it turned out to be very complex: By use of the BAdI, you can control the check variant, but you can also assign a check variant which does not exist. The exit allows to change data but it does not validate the changes. This can be critical because ATC checks may not return any result because of a bad implementation (this was just an example - in fact, there have been a couple of issues).

      I will use your feedback to increase the priority of this enhancement. You can always decide to adjust the BAdI by a modification to change the parameter Can only be implemented at SAP. But as I have mentioned, you have to be a bit careful and avoid too complex implementations. It would probably also help to validate if the check variant exists.

      Regards,

      Axel

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Thanks for the quick response Axel and also the suggestion to increase the priority of making it available to customers.

      As well as changing the flag via a modification, do I have to make any code changes? I notice that in the note 2670671, that a few changes to the code were also made.

       

      *>>>> START OF DELETION <<<<<
          if cl_satc_permission_control=>is_sap_system( ).
            try.
                result = _evaluate_keys_by_extension(
                  i_transport_infos = i_transport_infos
      *>>>> END OF DELETION <<<<<<<
      *>>>> START OF INSERTION <<<<
          try.
              result = _evaluate_keys_by_extension( i_transport_infos = i_transport_infos
      *>>>> END OF INSERTION <<<<<<
      ...
                  i_initial_keys = result ).
              catch cx_root ##catch_All ##no_Handler.
            endtry.
      *>>>> START OF DELETION <<<<<
          endif.
      
      *>>>> END OF DELETION <<<<<<<

       

       

      Regards

      Ian

      Author's profile photo Axel Jebens
      Axel Jebens

      You don't.

      Yes, this is somehow related but it relates to the other BAdI where we have decided to release the other BAdI within the enhancement spot. You may apply the note if it is also useful for you, however.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Thanks for confirming Axel.  We can't apply the note in this system as it is only relevant up to 753. We have previously applied it in a 750 system and it was exactly what we were after, hence seeing if this would work for us again.

      Regards

      Ian

      Author's profile photo Axel Jebens
      Axel Jebens

      If a note is relevant up to 753, it usually means that its changes are shipped with 754, so you don't need it which is true in this case.

      Regards,

      Axel

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Axel

      Just tried to switch off the checkbox but it is greyed out in change mode.

      Can this only be switched off by debugging and switching the field to active?

      Regards

      Ian

       

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Axel/Olga

      We have now modified the BAdI accordingly and can successfully switch from one variant to another at runtime. Thank you again for your inputs.

      My next question is whether 2 variants can be used, 1 after another. For example, the first variant would be a centralised one via RFC and the secondary one, local to the satellite system housing extra checks only relevant to them.

      Is this possible or is there another way to achieve this?

      Regards

      Ian

      Author's profile photo Matias Villagarcia
      Matias Villagarcia

      Regarding the below question, i dont think its accurate or it needs further clarification.

      How is the finding exactly referenced (code or source code line)?

      A hash (from the code) is generated for each result. As long as it does not change, the line can also move.

      Lets assume i have the following code:

        DATA: t_sflight1 LIKE sflight,
              t_sbook    LIKE sbook,
              t_spfli    LIKE spfli.
      
        DATA: t_sflight2 TYPE TABLE OF sflight.
      
        SELECT * FROM sflight INTO TABLE t_sflight2.
        IF sy-subrc NE 0.
          REFRESH t_sflight2.
        ENDIF.
      
        IF 1 = 2.
          WRITE: / 'Hellooooooo'.
        ENDIF.
      
        SELECT * FROM sflight INTO TABLE t_alv UP TO 100 ROWS.
        IF sy-subrc NE 0.
          REFRESH t_alv.
        ENDIF.
      
      *  SORT t_sflight BY carrid.
      
        READ TABLE t_alv INTO wa_alv WITH KEY carrid = 'AH'
                BINARY SEARCH.
        IF sy-subrc = 0.
        ENDIF.
      
        READ TABLE t_sflight INTO wa_sflight WITH KEY carrid = 'AH'
                BINARY SEARCH.
        IF sy-subrc = 0.
      
      
        ENDIF.
      

      I run the ATC and i get a finding because of the SELECT without a WHERE. So i create an exemption and approve it.

      After that, if i run ATC again i dont see the message, so far so good.

      However, if i add a new line with a new DATA declaration between the ones that already exists and i run the ATC again, the message appears again. The exempted code was not changed, the only thing that changed regarding the exemption was the location.

      I tested this on a SAP Netweaver 7.52.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Matias,

      if the code is changed or a new code is added, the unique identifier for each ATC finding changes so that it does not match any more with the finding that has been exempted. Therefore you get the finding again if you add a new line with a new DATA declaration. The answer from this FAQ https://blogs.sap.com/2016/12/22/remote-code-analysis-in-abap-test-cockpit-atc-faq/comment-page-1/#_Toc470164277 relates to the source code change within the INCLUDE program which is used within the source code program, that is checked with ATC. In this case the source code program itself remains unchanged.

      Regards,

      Olga.

      Author's profile photo Matias Villagarcia
      Matias Villagarcia

      Hi Olga,

      Thanks for your reply.

      What i understand by reading the FAQ is that i can have an approved exemption and that exemption for a particular line of code can move either up or down as long as the line itself is not modified.

      I'm not sure what "relevant context of that finding" means.

      I´m not trying to be annoying, just trying to understand how it works, because in my particular case makes things complicated at the current client i´m in.

      Thank you again.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Matias,

      unfortunately it is rather complicated. A hash (from the code) is generated for each result. As long as it does not change, the line can also move. It is typically more about whether coding changes in the environment of the finding. How big the area of ​​the coding block is, which has an impact on the finding / exemption, cannot be answered generally. It depends on the respective ATC check. In your example, it depends on whether the data declaration was added directly before the SELECT or 100 lines above.

      Kind Regards,

      Olga.

      Author's profile photo Sankar Roy
      Sankar Roy

      Hi Olga,

      I have created a check variant in Central Check System and added custom check to the variant.

      But when i try to scan a report from a check system then the custom check created in the check variant of Central system does not work.

      Whereas if i run a program directly in central check system then it executes the custom check created in the check variant of central system.

      Thanks in advance.

       

      Regards,

      Sankar Roy

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Sankar

       

      Is your custom check remote enabled?

       

      Regards

      Ian

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Sankar,

      your custom check must be remote-enabled to be executed remotely. How to remote enable your custom check you can see in the PDF document, page 18, linked in this blog: https://blogs.sap.com/2018/09/06/remote-code-analysis-in-atc-how-to-write-an-atc-check/

      Best regards,

      Olga.

      Author's profile photo Shruthi N R
      Shruthi N R

      Hi Olga,

      In my current project, we are thinking of adding check on using only SAP released objects only as far as possible (like Function Modules) and avoid using objects which are marked for internal use/not released. Is it available in standard setting? Could you please share your thoughts.

      Thanks,

      Shruthi

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Shruthi,

      what do you want to achieve with such check and what do you mean with "SAP released objects"? Generally you (as developer) can use all SAP objects available in the system. If you want to achieve decoupling of your code from SAP standard code, I would recommend to add Cloud readiness checks, especially Whitelist check for usage of SAP released objects.

      Regards,

      Olga.

      Author's profile photo Shruthi N R
      Shruthi N R

      Hi Olga,

      Thank you so much for the reply.

      We had issue in using one of the function module, it was not working for specific scenario. When we reached out to SAP support, we got suggestion saying FM is not released and better to always use released objects. for example- in attributes, it says FM is not released. So, we are analyzing whether its required to enforce this check and is it a value addition. Meanwhile i will check on cloud readiness checks and whitelist check which you have suggested. Thanks again for your valuable inputs.

      Thanks,

      Shruthi

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Shruthi,

      thank you for this detailed explanation, now I can better assist you. 🙂

      This is the old concept, which is valid only for function modules. We don't have any specific ATC checks for it. The new one is based on Released APIs, see also https://help.sap.com/doc/saphelp_nw751abap/7.51.0/en-US/c4/79660d07374c15a1a5fe83fdbb1337/content.htm?no_cache=true

      and you can use Cloud readiness checks to check for Released APIs.

      Best regards,

      Olga.

      Author's profile photo Shruthi N R
      Shruthi N R

      Hi Olga,

      Thanks again for sharing details and this helped me a lot:)

      Author's profile photo Mark Nguyen
      Mark Nguyen

      Hi Olga Dolinskaja ,

      This blog is extremely helpful, thank you! I have set up a Central Check system and have a requirement to check and block any TRs upon release that contain custom created transaction codes.

      Is there an ATC Check Variant that can perform this check or is CVA needed for this?

       

      Thanks a lot!

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Mark,

      ATC doesn't have a check for this because it is too specific, also CVA doesn't have it. But you can implement such ATC check using this guide https://blogs.sap.com/2018/09/06/remote-code-analysis-in-atc-how-to-write-an-atc-check/

      In check you only have to allow objects of the "TRAN" type (add_obj_type (‘TRAN’) in the constructor) and immediately bring an error in the run method without checking anything. Then there will be an error at the transport release (if the ATC is configured to run at transport release).

      Regards,

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      We recently had an issue where RFC connections were slow connecting from the satellite to the Central ATC which resulted in transports not being able to be released (blocked for priority 1 and 2).

      Rather than login to each individual satellite system to change the ATC settings and switch off the blocking, is there a way to remotely change ATC settings on the satellite systems connected to the central ATC system?

      Thanks

      Ian

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Ian,

      no, unfortunately it is not possible. Could you please clarify your request: is it about centrally caused error situations or do you just want to make administration easier ("mass maintenance" of the settings for several systems)?

      Thanks!

      Olga.

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Olga

      Thanks for the quick response.

      It was in relation to error situations on the Central ATC system. I think we'll have to manage it manually then.

      Regards

      Ian

      Author's profile photo Stephan Dietrich
      Stephan Dietrich

      Hello Olga,

      first of all thank you for your great blogs!

      At the top of the blog you write "But you can also run ATC checks any time on demand (is possible starting with Solution Manager 7.2 SP3)". Can you provide more info on this? What would you need to do if you want to trigger the ATC checks when the status changes to "To Be Tested"? Does a BAdI need to be implemented? Or is this customizing?

      Thanks and best regards,
      Stephan

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Stephan,

      thank you :-).

      More infos: you need nothing to do on the ChaRM side. Only activate ATC in managed system and the ATC will send the messages to ChaRM transport related check framework.

      Regarding triggering ATC when the status changes to "To Be Tested"? --ToC will be checked during release process. ToC check needs to be activated in ATC:

      Best Regards,

      Olga.

      Author's profile photo Evgeni Kravets
      Evgeni Kravets

      Hi Olga,

      Thanks for the great and helpful blog! We set up Remote ATC about 3 years ago and do not want to miss it. Unfortunately, we need to move the ATC functionality to another system. Do you know if there is a way to move all existing exceptions to another system? I am actually just looking for some guidance on how to migrate the ATC functionality to another system.
      Thank you very much and best regards,

      /evgeni.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Evgeni,

      no, unfortunately it is not possible to migrate exemptions, you would need to create them again on the new system.

      Kind Regards,

      Olga.

      Author's profile photo Dmitry Pavlov
      Dmitry Pavlov

      Hi Olga,

      I’ve read carefully your blog and your answer to the questions above… but i still have a question to the  topic "ATC and SolMan integration"... You write it is impossible to configure ATC centrally in SolMan, but we configure CCM in SolMan centrally and need to activate ATC... the only note which i found regarding this is "2420835 - Quality Collector Job SM_CCLM:QUAL* or Job SM_CCL:QUAL* cancels" which contains a reference on this blog.

       

      the questions are:

      1. in such a situation, where i have to configure the central ATC System? in my understanding it still can be QAS System in the development landscape. Correct?
      2. if i'm right in the first question, how the data will come to Info Cubes in BW inside of SolMan? In other words, how the SolMan will know what the ATC central system is and where to get the data from when I’m configuring CCM in SolMan for a development system.

      Thank you and best regards, dmitry

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Dmitry,

      yes, ATC central check system cannot be set up physically on SolMan system, because ATC needs >=NW 7.51 release, and the SolMan system is on NW 7.4. But if you use CCM in SolMan, then you can extract ATC results to the SolMan. Two scenarios are supported:

      1. ATC runs on managed systems locally and all they are connected to the SolMan
      2. ATC is set up and configured as a central check system (remote ATC scenario, with managed systems connected to the central ATC hub) and this central ATC hub is connected to the SolMan

      It depends which scenario you want to implement. Please refer to the How to Guide: Custom Code Lifecycle Management in SAP Solution Manager 7.2 SP06. The page 45 describes the scenarios.

      Kind Regards,

      Olga.

       

      Author's profile photo Jürgen Creyaufmüller
      Jürgen Creyaufmüller

      Hi Olga,

      we are doing a lot* of ATC checks on task and transport release on a quite newly installed S/4 (755 SP 00) along with Solman 7.2 and CTS and we are having some performance issues with this number of checks. Is there any way to tune this? I did a trace and saw that a lot of time is spent dispatching and waiting.

      So I thought I could increase the number of tasks used in SATC_EXECUTE_PROJECT (in debugging), but that didn't help, at least if you only change it there.
      (I also found enhancement spot SATC_TRANSPORT_INTEGRATION with BAdI BADI_SATC_TRANSPORT_CHECK_CTRL, which might allow me to increase the number of tasks used).

      Do you have any idea how we can increase the performance?

      Best regards

      Jürgen

      * At the moment 40 code pal, 8 performance, 5 security, 6 robust programming, 4 syntax, 4 programming conventions, unit tests, 2 user interfaces. 3 search functions, workflow and finally 3 abap open checks.

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Jürgen,

      normally you don't achieve much through higher parallelization (by increasing number of tasks) in the transport check, unless you really have high quantities of objects in your transports. It is very likely that individual checks are responsible for the fact that the whole check takes so long, especially since it also has a large number of open source checks in its variant (40 Code Pal and 3 ABAP Open Checks). You could take a look at the SATC_AC_CHS_OBJ_INFO view, where you can see how long it took for an object for each check. It might be possible to find the performance intensiv checks.

      Otherwise it is difficult to make a general statement here. Our development support colleagues would need to look into the system. Just open a ticket on BC-DWB-TOO-ATF if you want our detailed help.

      Best Regards,

      Olga.

      Author's profile photo Rob Veenman
      Rob Veenman

      Hello Olga,

      Thank you for you very interesting blogs.

      After coming across central ATC functionality, I implemented this on a sandbox 7.52 stack and gave a demo to the Abap team. The Abap team adopted ATC and further improved the ATC configurations, exceptions, checks, etc. All in all, ATC is a success and we use this to check and adapt our code for S/4 readiness.

      However, ATC is still on implemented on the sandbox without support from our infra-partner. Hence I need to either:

      A. do a system copy from sandbox to a supported server. The drawback is that a system copy would also copy other typical sandbox crap like outdated or no longer relevant add-ons, etc..

      B. install a fresh Abap 7.52 stack on a supported server and export/import all ATC settings from the sandbox.

      C. install a fresh Abap 7.52 stack on a supported server and reimplement all ATC settings.

      If it is possible, option B would be my preferred option, but is there an export/import option? Or can we use R3trans to export/import certain ATC tables?

      Regards, Rob Veenman

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Rob,

      it is not possible to export/import ATC settings, so the option B will not work.

      Kind Regards,

      Olga.

      Author's profile photo Aleksandr karpov
      Aleksandr karpov

      Hello, Olga.

      We have an central ATC system with ABAP 7.53 system. I and we have I lot of generated object with error(such as incorrect naming and so on)

      Are there any Badi, Exit to skip ATC checks by class name or FM name or object type?

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Aleksandr,

      there is only the BAdI BADI_SATC_TRANSPORT_OBJECT for transport release, it should be implemented in the development system (which will be checked with remote ATC). It could be helpful.

      Here is the documentation:

      Use

      The BAdI can be used to change the checked objects which are checked by ATC when a transport is released.

       Activities

      Create a BAdI implementation and implement the method "DETERMINE_OBJECTS_TO_CHECK". Return the list of object keys to be added (E_ADD_OBJECT_KEYS) or the list of object keys to be removed (E_REMOVE_OBJECT_KEYS) from the initial object list I_INITIAL_OBJECT_KEYS (or both lists).

      Example

      You can influence the transport check by evaluating special attributes which are assigned to individual requests.

      Kind Regards,

      Olga.

      Author's profile photo Aleksandr karpov
      Aleksandr karpov

      Thanks, Olga.

      But my question is about scheduled runs in central ATC.  BAdI  ADI_SATC_TRANSPORT_OBJECT doesn't fit  us.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Aleksandr,

      unfortunately we don't have such options for ATC mass runs.

      Kind Regards,

      Olga.

      Author's profile photo Aleksandr karpov
      Aleksandr karpov

      Ok, thanks.

      IF SAP add such option/Badi in future it will be great.

      Author's profile photo Serdar Aydogan
      Serdar Aydogan

      Dear Olga

      could you please describe the differences between the ATC checks "S4HANA_READINESS_REMOTE" and "S4HANA_READINESS_2021".

      Which checks does one variant have that the other does not?

      Are there specific scenarios for the usage of these checks? For example use "S4HANA_READINESS_REMOTE" when upgrading from ECC to S/4HANA, and "S4HANA_READINESS_2021" when updating from a lower S/4HANA-Version?

      Thanks and kind regards

      Serdar

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Serdar,

      see please https://blogs.sap.com/2019/06/25/custom-code-adaptation-for-sap-s4hana-faq/#_Toc470164293

      Regarding your question about specific scenarios you are right: the S4HANA_READINESS_REMOTE is suitable during ERP->S/4HANA conversion and the release specific check variants, e.g. S4HANA_READINESS_2021 is suitable for upgrades within the S/4HANA product family.

      Kind regards,

      Olga.

       

      Author's profile photo Serdar Aydogan
      Serdar Aydogan

      Thank you Olga

       

      for your fast response, appreciate it!

       

      BR
      Serdar

      Author's profile photo Kavita Mane
      Kavita Mane

      Facing error when trying to create Object Provider in ATC Central System:

      Problem reported by RFC Layer

      System failure for RFC destination ATC_EABCLNT110_TRUSTED: Syntax error in program SAPLSCA_REMOTE_DATA_ACCESS              .

      System Response

      It is possible to store the configuration. Before it can be used, however, the issue has to be corrected.

      Procedure for System Administration

      • If function SCA_REMOTE_DATA_VERSION cannot be found, please check whether the remote stub is correctly installed in the target system
      • If an authorization failure has occurred, please check if the user which is assigned to the destination, is authorized to call the respective stub functions.
      • If syntax errors have occurred, please check the correct installation of the RFC stub.

      Further notes

      See note 2190113.

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Kavita,

      have you followed the instructions in the blog https://blogs.sap.com/2016/12/13/remote-code-analysis-in-atc-technical-setup-step-by-step/? All necessary SAP notes (incl. object provider SAP notes) must be installed on the checked system and the RFC destination must be defined on the central ATC hub. Your RFC user must be assigned the corresponding roles as described in SAP Note 2672703 Authorization roles for remote check scenarios If you have done everything properly and still experience this error message, please open a ticket to SAP.

      Kind Regards,

      Olga.

      Author's profile photo Kavita Mane
      Kavita Mane

      Thanks Olga for your response.

      I am checking with SAP for this issue.

       

       

       

      Author's profile photo Bärbel Winkler
      Bärbel Winkler

      Olga Dolinskaja

      Hi Olga!

      We are currently running the ATC checks from a central system which is on NW7.52 SP09 and I'm in the process to duplicate the settings in a central system which is a S/4HANA system on 7.56 SP01.

      We created a user called ATC_APPROVER in both systems which is connected to an email address functioning as an email-group so that a few of us are alerted about incoming exemptions. This works pretty well in the existing 7.52 system where the user can be selected when an exemption is requested from one of the remote systems.

      When I try to use this user in the new 7.56 system from a sandbox for testing, I get an error message:

      We already ran an authorization check but nothing was flagged and the "detailed" message for the error unfortunately doesn't provide provide much of a clue either, like a message ID and number to search for.

      Is there anything specific we can check in the user settings (or elsewhere) which might be causing this?

      Update: I did find two methods in class CL_SATC_CI_EXEMPTION where the code looks quite different in the two systems and there's note 3128712 - Enabling a more flexible means of assigning exemption processing responsibilities but it's difficult to see if that might be related or not.

      Thanks much and cheers

      Bärbel

      Author's profile photo Axel Jebens
      Axel Jebens

      Hi Bärbel,

      Did you change the settings to use the approval areas in ATC -> Setup -> Basic Settings?

      Approver%20Areas

      If yes: If there is no corresponding configuration, better switch it off and test again!

      Best Regards,

      Axel

      Author's profile photo Bärbel Winkler
      Bärbel Winkler

      Axel Jebens

      Hi Axel,

      thanks for your reply but I don't even see that setting and options in the new central system (S/4HANA 7.56 SP01). All I see related to exemptions is this:

      This is mimicking the settings in the existing central system on NW 7.52 SP09.

      With the system-ID entered as Master system.

      Cheers

      Bärbel

      Author's profile photo Bärbel Winkler
      Bärbel Winkler

      Never mind! Turns out that user ATC_APPROVER was still missing in the Maintain Approvers setting. After adding it there, I could select it in the satellite system as the approver.

      Now I need to hunt down why no notification email was triggered even though I set periodicity to "Immediately" in the relevant setting and the user has a valid email address.

      Thanks much and cheers

      Bärbel

      Author's profile photo Axel Jebens
      Axel Jebens

      Hi Bärbel,

      Thanks for the feedback. Feel free to raise an incident on BC-DWB-TOO-ATF at any time if you need more help. It is often difficult to answer questions theoretically since there can be a variety of reasons if something does not seem to work as it should.

      Cheers,

      Axel

      Author's profile photo Svend Nygaard Strandsbjerg
      Svend Nygaard Strandsbjerg

      Hi Olga Dolinskaja

      After succeding in setting up remote security checks via SAP BTP, I am struggling to find a way to set up scheduled runs in BTP.

      Is there a way to set up scheduled runs in BTP or do i need to set it up via Eclipse?

       

      Svend

       

       

      Author's profile photo Olga Dolinskaja
      Olga Dolinskaja
      Blog Post Author

      Hi Svend,

      you can execute security checks on SAP BTP directly using the Custom Code Migration app (scheduling of runs is not yet supported) on SAP BTP for your on-premise ABAP system or your SAP BTP ABAP Environment ABAP system, or you can use ADT in Eclipse with SLIN_SEC check variant over your code in SAP BTP ABAP Environment ABAP system.

      Kind Regards,

      Olga.

      Author's profile photo Svend Nygaard Strandsbjerg
      Svend Nygaard Strandsbjerg

      Hi Olga,

      Thank you for a fast response!

      I assumed as much, but thank you for the clarification, I will look into that.

      Svend