Thoughts, ideas, tips, musings, and pontifications (not necessarily in that order) by Ben Forta ...
NOTE: This is my personal blog, and the opinions and statements voiced here are my own.
Posted At : 8:47 PM
Related Categories:
ColdFusion
Kurt Bonnet wrote to tell me that two tools from Atlassian, Crucible (used for code review), and FishEye (used for source code repository analysis), now support CFML (as of version 1.3.5).
I think you may have a bit of a misunderstanding as to what Crucible does. Crucible is an awesome product that helps facilitate code reviews, its not a static analysis tool. It will show, more accurately now, changes from one version to another and allow for reviewers to leave comments about certain code. There is more to it than just that but that's the part we like the most at my company. In a group its an invaluable tool, especially for groups that are in different geographic areas. As far as I know the only Static Analysis tool ColdFusion is CodeCop from Steve Bryant, and I think he is slowly working on a 2.0 release :)
(Disclaimer: I'm biased I sold FishEye, Crucible & Clover to Atlassian)
> What makes either of these any better than the open source Trac tool?
Trac is a great tool, no question. However, the Atlassian tools are much richer standalone products that also work together pretty well. E.g. Trac provides source browsing and a changelog as a handy adjunct - FishEye provides source browsing, per user feeds, spanky annotations, line history, comprehensive search, and API among other stuff. A similar story for the other Trac features; issues - JIRA, wiki - Confluence, source - FishEye. There are also other tools available include Crucible - peer code review and Bamboo a CI tool.
So it really depends on what you want/need, Trac gives you a lot of nicely integrated stuff. Atlassian's tools provide heaps more features but do add more complexity (and they cost a few dollars for commercial use). Give them a whirl and see if they help. Remember there is no reason you can't use Trac and FishEye.
Any cheap suggestions for a static code analysis tool that checks for security vulnerabilities for my ColdFusion 7 and 8 code? That would be nice. Real nice.
DT, in case you are subscribed to this still, check out HP's scrawler. It is a SQL injection crawler. Its free from HP, with the hope you buy into their enterprise suite I am sure. Might check it out.
I think you may have a bit of a misunderstanding as to what Crucible does. Crucible is an awesome product that helps facilitate code reviews, its not a static analysis tool. It will show, more accurately now, changes from one version to another and allow for reviewers to leave comments about certain code. There is more to it than just that but that's the part we like the most at my company. In a group its an invaluable tool, especially for groups that are in different geographic areas. As far as I know the only Static Analysis tool ColdFusion is CodeCop from Steve Bryant, and I think he is slowly working on a 2.0 release :)
The FishEye + JIRA combination is simply fantastic - well worth the trial downloads. Haven't looked at crucible as I'm lead of a team of two.
Great products, and available free in support of Open Source projects.
> What makes either of these any better than the open source Trac tool?
Trac is a great tool, no question. However, the Atlassian tools are much richer standalone products that also work together pretty well. E.g. Trac provides source browsing and a changelog as a handy adjunct - FishEye provides source browsing, per user feeds, spanky annotations, line history, comprehensive search, and API among other stuff. A similar story for the other Trac features; issues - JIRA, wiki - Confluence, source - FishEye. There are also other tools available include Crucible - peer code review and Bamboo a CI tool.
So it really depends on what you want/need, Trac gives you a lot of nicely integrated stuff. Atlassian's tools provide heaps more features but do add more complexity (and they cost a few dollars for commercial use). Give them a whirl and see if they help. Remember there is no reason you can't use Trac and FishEye.
http://www.communities.hp.com/securitysoftware/blo...