CodeScene: Difference between revisions

CodeScene

https://codescene.com/

CLI Tools

https://codescene.io/docs/cli/index.html

CLI - Check

Check a specific file for code health issues

cs check [file]

EXAMPLES
  $ cs check test.c                       Check the file test.c
  $ cs check master:./test.c              Check the file test.c on the master branch
  $ cs check 801b0c0f:./test.c            Check the file test.c at the given commit
  $ cs check --file-name test.c < test.c  Read file data from stdin

CLI - Review

Score a file, and provide a review

cs review [file]

EXAMPLES
  $ cs review test.c                       Check the file test.c
  $ cs review test.c --output-format json  Check test.c and output the results as json
  $ cs review master:./test.c              Check the file test.c on the master branch
  $ cs review 801b0c0f:./test.c            Check the file test.c at the given commit
  $ cs review --file-name test.c < test.c  Read file data from stdin

CLI - Update

Command for updating the CLI:

cs update

CLI - Help

$ cs help
USAGE
  $ cs <command> [--help | <args>]

COMMANDS
  delta       Perform a delta analysis in the current git repository
  review      Score a file, and provide a review
  check       Check a specific file for code health issues
  docs        CodeScene CLI documentation topics
  version     Display CLI version info
  update      Command for updating the CLI
  check-rules Find code health rule matches for input file

GETTING HELP
  For more information about a specific command, run `cs <command> --help`
  For more general documentation, run `cs docs`

Invalid arguments: ("help")

CLI Configuration

Version update check failed, proceeding.
In order to use the full CLI tool you will need to set up your environment
with a Personal Access Token.

- codescene.io -> https://codescene.io/users/me/pat

- CodeScene Enterprise -> https://your.codescene.com/configuration/user/token

Generate a new PAT token then set your environment variables as follows:

- codescene.io -> $env:CS_ACCESS_TOKEN = '<your-PAT>'

- CodeScene Enterprise -> $env:CS_ACCESS_TOKEN = '<your-PAT>'

Windows CLI Tools Installation

Powershell Installation:

Invoke-WebRequest -Uri 'https://downloads.codescene.io/enterprise/cli/install-cs-tool.ps1' -OutFile install-cs-tool.ps1
.\install-cs-tool.ps1

$env:CS_ACCESS_TOKEN = 'your-access-token'

If using an onpremise code scene server:

$env:CS_ONPREM_URL = 'https://codescene.example.com'

Run a code scene command:

cs review

Installs the tool to:

%LOCALAPPDATA%\Programs\CodeScene\cs.exe

Linux CLI Tools Installation

The install script will download the binary, move it to ~/.local/bin and make it executable. If ~/.local/bin is not in the user’s PATH, it will be added.

Shell Installation:

curl https://downloads.codescene.io/enterprise/cli/install-cs-tool.sh | sh

export CS_ACCESS_TOKEN=your-access-token

If using an onpremise code scene server:

export CS_ONPREM_URL=https://codescene.example.com

Installs the tool to:

~/.local/bin/cs
$HOME/.local/bin/cs
/home/USER/.local/bin/cs

Issues

SSL Certificate Issues

Untrusted On-Premise CodeScene Server - Legitimate SSL Certificate

Okay, so you paid for an official SSL Certificate, but CodeScene is not trusting it? No worries, likey the problem is the web server is just simply not exporting out the full SSL certificate chain. Should be easily resolved. Just tell your IT team not to just export the end leaf SSL certificate, but the full SSL chain, including the intermediary certificates. This should resolve the issue

Error:

PS C:\code> cs review

Version update check failed, proceeding.
License check failed (https://good-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Can't Wait on IT, Test Now

If you don't want to wait for IT, you can test it out by checking out the next section, "Custom SSL Certificate"...

But first, collect the SSL Certificate chain:

Use Firefox, view the SSL certificate chain, and export it out. (Click the lock in the address bar, select Connection Secure, select More Information, View Certificate, under Miscellaneious select Download "PEM (chain)".

Then open this PEM text file, and split this chain file into several files named 1.pem, 2.pem, 3.pem, etc... depending on how many levels deep it is, and copy these to some place convenient like C:\code\

1.pem:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

2.pem

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

etc...

Untrusted On-Premise CodeScene Server - Custom SSL Certificate

Okay, so you didn't pay for an official SSL Certificate? Sigh, Java is the worst when it comes to dealing with Custom SSL Certificates. Sorry. But you've made your bed, and wish to sleep in it, so buckle up, and here we go...

Error:

PS C:\code> cs review test.py

Version update check failed, proceeding.
License check failed (https://bad-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

First, you will need to build a custom Java Keystore, and every command, tool, and application will need to reference this custom Keystore. It's ugly. Very ugly.

Install OpenJDK for Keytool

Install the OpenJDK ( https://openjdk.org/install/ | https://jdk.java.net/ ), because screw Sun/Oracle and their schenaigans:

winget install openjdk --source winget

Gather your custom certificate file(s) and name them something like 1.pem

Build custom keystore

# Pick a place to put the keystore file, for example, c:\code\codescene.jks
mkdir c:\code
cd \code

keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -keystore codescene.jks -storepass changeit
keytool -importcert -trustcacerts -file 2.pem -alias codescene_2 -keystore codescene.jks -storepass changeit
keytool -importcert -trustcacerts -file 3.pem -alias codescene_3 -keystore codescene.jks -storepass changeit
...etc...

Note: If you are asked by keytool to trust the certificate, or if it reports the certificate is already in the system's keystore, agree to add it to the keystore anyway (default is "[no]" to type "yes").

Note: It's not needed, as the default is a PKCS12 format, but if you want you can add the storetype in the above commands:

keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -storetype PKCS12 -keystore codescene.jks -storepass changeit

Test CS-CLI with Keystore

To use the keystore you will need to inject it in various ways with Visual Code, CS-CLI, CS-MCP, etc. For the CS-CLI, for example:

# Powershell example
$CS_ONPREM_URL = 'https://bad-codescene.example.com'
$CS_ACCESS_TOKEN = 'insert-my-access-token-key-here-xxxxxxxxxxxxxxxx'
cs review -D"javax.net.ssl.trustStore=C:/code/codescene.jks" -D"javax.net.ssl.trustStorePassword=changeit"

Note: the java parameters use forward slashes "/" not back slashes "\" - I know this is windows, and this may break some brains.

Note: once the license has been cached, you should be able to call the CS-CLI command again without the keystore parameters, at least until the cached license expires:

cs review

License Caching

The license will be cached in:

%APPDATA%\Codescene

If you wish to force the license to be reaquired, delete this folder, and rerun the CS-CLI command

Untrusted SSL Certificate - Corporate SSL Proxy

If your company uses a SSL decryption monitoring certificate, you may run into this:

PS C:\code> cs review

Version update check failed, proceeding.
License check failed (https://api.codescene.io/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Solution

• First - cry. Java is the worst at dealing with custom SSL keystores. Sorry.

• Second - okay, so you still want to continue?