cancel
Showing results for 
Search instead for 
Did you mean: 
ArjunGowdaKR
Level 4
Status: Needs More Info

I would like to suggest the implementation of a built-in code scanning tool within Blue Prism. Currently, we face challenges in identifying bugs or vulnerabilities in our Blue Prism projects, as there is no dedicated code scanning tool available. While we attempted to integrate with SonarQube, it did not yield satisfactory results.

The primary issue we encountered with SonarQube is its treatment of the .bprelease files as XML, which leads to inaccurate analysis results. The tool primarily focuses on detecting code smells, which are not applicable or relevant to our specific requirements.

Therefore, I kindly request the development team to consider incorporating a native code scanning tool into Blue Prism which can scan code stages like C#, Visual Basic, JavaScript . This tool would be tailored to analyze Blue Prism's unique code structure and provide comprehensive feedback on potential bugs, vulnerabilities, and any other code-related issues specific to Blue Prism processes.

By having a dedicated code scanning tool within Blue Prism, we can streamline our code review process, enhance the overall quality of our projects, and ensure compliance with security standards. This tool would greatly contribute to maintaining the integrity and reliability of Blue Prism solutions.

Thank you for considering this suggestion, and I look forward to the possibility of a built-in code scanning tool being introduced in Blue Prism.

8 Comments
HanumanthYemmet
Level 3

Its very much required to be compliant with industry code standards which are followed in software engineering space.

Thank you for suggesting the implementation of a built-in code scanning tool within Blue Prism. I wholeheartedly support this idea and believe it would greatly benefit our development process.

The challenges we currently face in identifying bugs or vulnerabilities in our Blue Prism projects highlight the need for a dedicated code scanning tool. 

I would like to bring to your attention the recent Log4j vulnerability that has been affecting various software systems, including Blue Prism. This vulnerability, identified as CVE-2021-44228, poses a significant security risk and requires immediate attention. There was huge effort put in to identify the impacted servers and provide a workaround from our end

This is long pending feature which is must required now with Blueprism, since RPA space is not supported by standard code scanning tools in market like SoarQube or Mend it becomes very difficult to find out any code smells or bugs in any generic VBA or C# code written under code stage or to find out Log4j type vulnerability. 

We where hoping to see this feature in Blueprism Process Validator but it seems more of a testing automation. If we can have similar code scanning tool which can help to identify any code smells and check for QA Rules, Blueprism best practices, Naming conventions, etc. - this can reduce time taken for reviews before any deployment. 

Also if reports comes from Blueprism tool - it can be considered as compliant & can add added authenticity to any code 

I would strongly recommend product team to pick up this idea on priority 

ShwetamKumar
Level 1

Thank you for bringing this up as it is very imperative to align our code with enterprise standard SonarQube. We as developers face lot of problems in identifying code smells, bugs which leads to vulnerabilities in Blue Prism project as it lacking scanning tool.

We are hoping to see such similar feature which might help us in overcoming our challenges with respect to QA.

PavanR
Level 3

Popular code scanning tools like SonarQube, Mend, and others provide a wide range of features to support code analysis, including static code analysis, security vulnerability detection, and reporting.

This feature is a big miss within BluePrism and providing it within the product either inbuilt or compatibility to integrate the available tools will be a huge improvement.

It should've been prioritized long back but hoping BP would make this into their to-do list.

Hi @ArjunGowdaKR

I had a question about your idea, if you could provide some insight.

You mention that other tools in the market could theoretically help with this, but because your code stages are wrapped up with the rest of the business object definition, you get a lot of results that aren't relevant for your code stages.

If this was no longer the case and code stages were somehow separated out from object definition so they could be scanned individually, would you still be looking to Blue Prism to provide the code scanning capability, or would the other tools you already use me capable to meet your needs from that point on?

I'm going to mark this idea as Needs more info pending your response.

Regards,

Rob

ArjunGowdaKR
Level 4

@robert.nicklin 

Kindly provide me with a sample file where the code stages are separated from the object definition (.bprelease file)? I would like to evaluate the files and provide feedback based on the separate code stages.

Hi @ArjunGowdaKR,

Apologies for the delay - I was away on annual leave and just picked up your comment.

We don't currently have a prototype sample of what export files would look like if we were to separate code stages, I was more wanting to understand what your requirements would be to integrate your existing scanning tool.

Perhaps we could catch up on this subject in a 1-on-1 call? If so, I can reach out via your organization's account manager.

Regards,

Rob