Its very much required to be compliant with industry code standards which are followed in software engineering space.

Thank you for suggesting the implementation of a built-in code scanning tool within Blue Prism. I wholeheartedly support this idea and believe it would greatly benefit our development process.

The challenges we currently face in identifying bugs or vulnerabilities in our Blue Prism projects highlight the need for a dedicated code scanning tool. 

I would like to bring to your attention the recent Log4j vulnerability that has been affecting various software systems, including Blue Prism. This vulnerability, identified as CVE-2021-44228, poses a significant security risk and requires immediate attention. There was huge effort put in to identify the impacted servers and provide a workaround from our end

This is long pending feature which is must required now with Blueprism, since RPA space is not supported by standard code scanning tools in market like SoarQube or Mend it becomes very difficult to find out any code smells or bugs in any generic VBA or C# code written under code stage or to find out Log4j type vulnerability. 

We where hoping to see this feature in Blueprism Process Validator but it seems more of a testing automation. If we can have similar code scanning tool which can help to identify any code smells and check for QA Rules, Blueprism best practices, Naming conventions, etc. - this can reduce time taken for reviews before any deployment. 

Also if reports comes from Blueprism tool - it can be considered as compliant & can add added authenticity to any code 

I would strongly recommend product team to pick up this idea on priority 

Thank you for bringing this up as it is very imperative to align our code with enterprise standard SonarQube. We as developers face lot of problems in identifying code smells, bugs which leads to vulnerabilities in Blue Prism project as it lacking scanning tool.

We are hoping to see such similar feature which might help us in overcoming our challenges with respect to QA.

Popular code scanning tools like SonarQube, Mend, and others provide a wide range of features to support code analysis, including static code analysis, security vulnerability detection, and reporting.

This feature is a big miss within BluePrism and providing it within the product either inbuilt or compatibility to integrate the available tools will be a huge improvement.

It should've been prioritized long back but hoping BP would make this into their to-do list.

Hi @ArjunGowda

I had a question about your idea, if you could provide some insight.

You mention that other tools in the market could theoretically help with this, but because your code stages are wrapped up with the rest of the business object definition, you get a lot of results that aren't relevant for your code stages.

If this was no longer the case and code stages were somehow separated out from object definition so they could be scanned individually, would you still be looking to Blue Prism to provide the code scanning capability, or would the other tools you already use me capable to meet your needs from that point on?

I'm going to mark this idea as Needs more info pending your response.

Regards,

Rob

@robert.nicklin 

Kindly provide me with a sample file where the code stages are separated from the object definition (.bprelease file)? I would like to evaluate the files and provide feedback based on the separate code stages.

Hi @ArjunGowda,

Apologies for the delay - I was away on annual leave and just picked up your comment.

We don't currently have a prototype sample of what export files would look like if we were to separate code stages, I was more wanting to understand what your requirements would be to integrate your existing scanning tool.

Perhaps we could catch up on this subject in a 1-on-1 call? If so, I can reach out via your organization's account manager.

Regards,

Rob