The Semmle Mend for Eclipse plugin allows users to view Semmle results in Eclipse. This document describes how to install and use the plugin for local analysis. You can install the plugin using a Semmle update site or a zip file containing the Mend installer (available on the private wiki). Mend for Eclipse quick start guide local analysis Introduction Semmle Mend is an IDE plugin or extension. It highlights code that violates Semmle analysis rules directly in Eclipse. Mend includes a Violations window, which allows you to locate violations by type or resource(s). Mend can be used in two modes: Download analysis In this mode, Mend displays analysis results that are generated remotely for a Semmle Project Insight dashboard and then downloaded and displayed within Eclipse. There is a separate quick start guide for download analysis. Local analysis When using this mode, the code stored locally on your computer is analyzed. This document describes how to install Mend for Eclipse for local analysis. Semmle Mend for Eclipse is available for Eclipse version 3.5 and later versions. Installing Mend for Eclipse (local analysis) 1. Start Eclipse. 2. Open the Help menu and select Install New Software. 3. The Install dialog box is displayed. 4. Click Add. 5. In the Name box, type a name for the Semmle Software site and in the Location box type the URL for the Semmle update site. 6. When finished, click OK. 7. Select Semmle Products (this will select all the components): Semmle Mend: Local analysis using Eclipse 2016 Semmle 1
8. Click Next to display the Install Details page and then click Next to display the Review Licenses page. 9. When you are ready to accept the license agreement and install the software, click Finish to install the software. The Installing Software dialog box is displayed and shows the progress of the installation. 10. When the installation finishes, you are prompted to restart Eclipse to complete the process. We recommend that you click Restart Now unless you need to save some changes before restarting Eclipse. 11. When Eclipse has restarted, Semmle Mend is ready to configure to show results from locally performed analysis of Java projects If you are installing Mend using a local archive downloaded from the private wiki, replace steps 5 and 6 above by the following: 5. Click the Archive button and select the zip archive that you would like to use, and click OK. 6. When the archive path appears in the Location box, click OK. Configuring Mend for Eclipse Mend analysis is controlled by Eclipse configurations of type "Analysis Configuration." Each configuration defines how to analyze one or more projects, either by downloading violations from a Project Insight dashboard or by performing local analysis of Java code. Before you can perform local analysis in Eclipse you will need to have one of the following: Project Insight URL used to configure Mend for analysis by downloading setup information from a Project Insight dashboard. Analysis uses the rules and categorizations configured for the project in Project Insight, including any customizations. Semmle Mend: Local analysis using Eclipse 2016 Semmle 2
Mend License file used to configure Mend for standalone analysis using the default Mend configuration file. Analysis uses the Java standard rules and categorizations included with Mend. No network access to a Project Insight dashboard is required. Mend can only analyze projects that build without errors in Eclipse. To create a configuration for Java analysis: 1. On the Launch toolbar, click the arrow displayed on the right of the launch analysis button 2. Select Analysis Configurations from the drop-down menu to display the Analysis Configurations dialog box. 3. In the left panel, select Local Java to define the type of configuration to create. 4. In the toolbar above the left panel, click the New launch configuration button to create a new analysis configuration. 5. Define a Name for the new configuration (text box displayed top right). 6. On the Main tab, define the location of a Mend license file, either: Download settings from Project Insight select this option, and then define the Project Insight URL and Project to use. The license file and configuration of rules are both downloaded from the dashboard. Enter settings manually define the location of a Mend License file. Optionally, also define the location of a custom Mend configuration file. 7. Use the Projects tab to define which Java projects the Analysis Configuration is for. Semmle Mend: Local analysis using Eclipse 2016 Semmle 3
8. When you have finished defining the details, click Analyze to save the new configuration and launch the analysis using the new Analysis Configuration. Finding violations using Mend for Eclipse When you have run local analysis, you can display the results in the Violations window by clicking Window > Show View > Other, expanding the Semmle folder and selecting Violations. The Violations window is an Eclipse window that is available when Semmle Mend is installed. It shows violations of coding rules: Any violations that are new since the previous version of the code was analyzed are shown in red. (For example, the first two violations shown above.) In the Violations window: 1. Expand categories and expand the rule that you want to explore. 2. Double-click a violation to open the associated resource and highlight the code in the editor. 3. To display a brief description of the rule, place the mouse cursor over the highlighted code in the editor. A tooltip is displayed: 4. To display detailed help for the rule in a browser window, select the violation in the editor and click View Dashboard Help on the tooltip that gets displayed. Semmle Mend: Local analysis using Eclipse 2016 Semmle 4
For more information, please refer to the Semmle Mend for Eclipse Online Help available via the following link http://help.semmle.com/mendeclipse. Semmle Mend: Local analysis using Eclipse 2016 Semmle 5