|
|
# VM4SECTutorial
|
|
|
|
|
|
The purpose of this page is to provide guidelines on how the VM4SEC Dashboard could be utilised for analysing a specific software project with the solutions (i.e., services) that are offered by the VM4SEC Platform. These guidelines are provided in the form of an interactive tutorial, using an actual open source software project as the basis of our analysis, with the goal to help the user quickly understand the main steps that should be followed in order to get a specific project analysed with the SDK4ED Platform.
|
|
|
|
|
|
## *Step-by-step Guide*
|
|
|
|
|
|
### Step 1: Connection to the VM4SEC Dashboard and Project Creation
|
|
|
|
|
|
Initially, the user should navigate to the VM4SEC Dashboard, which is located at the following URL at CERTH's premises:
|
|
|
|
|
|
http://160.40.52.130:3004/
|
|
|
|
|
|
> **Attention:** If you have set up an instance of the VM4SEC Platform locally following the instructions provided in this [Wiki](home), then the above IP address and PORT of the above link should be replaced with the IP and PORT of your local instance that you selected during the [installation](vm4sec-dashboard).
|
|
|
|
|
|
The user is redirected to the *Home Page* of the *VM4SEC Dashboard* (see Figure below). In this web page the user is presented with the projects that he/she has analysed in the past. In case that the user connects for the first time, this page will be empty.
|
|
|
|
|
|
![vm4sec-home-page](uploads/62b670e62b638c00c8f7d4c4d929f548/vm4sec-home-page.PNG)
|
|
|
|
|
|
The user needs to create a new project in order to define the characteristics of the software project that they would like to analyse (in our example, the *sonar-scanner-ant* repository). For this purpose, the user should initially navigate click on the *“New Project”* button (see Figure below).
|
|
|
|
|
|
A pop-up window will be displayed to their screen, allowing them to define the details of the selected project (see Figure below). As can be seen by the figure below, the user should define:
|
|
|
- The desired name of the project
|
|
|
- The Git URL of the online repository (i.e., Git URL)
|
|
|
- The username and password of the remote Git Repository (the password is required only in case that the selected project is private)
|
|
|
- The language of the project (i.e., "java" for Java projects or "cpp" for C/C++ projects)
|
|
|
|
|
|
![create-new-project](uploads/0f956d4a924fab26e4de9fcf711129dc/create-new-project.PNG)
|
|
|
|
|
|
After defining the required parameters, the user should click on the "Save Changes" button. This will lead to the creation of a new Tile that corresponds to the newly added project as can be seen in the figure below.
|
|
|
|
|
|
In order to run a new analysis, the user must click on the tile of the newly added project in order to select it and then he/she should click on the "Run Central Analysis" button (see figure below).
|
|
|
|
|
|
![vm4sec-execute-new-analysis-highlighted](uploads/0dd178b35b50aa8697cf6daadcafd8f0/vm4sec-execute-new-analysis-highlighted.png)
|
|
|
|
|
|
The analysis will start and the user will be reported when the analysis is finished through an indication on the top left corner of the page. In particular, the status of each service will turn from "pending" to "finished".
|
|
|
|
|
|
After the analysis is finished, in order to see the results of the analysis, the user should click on the tile of the project in order to select it, and then on the "Security Report" option that is available on the Menu on the left side of the web page.
|
|
|
|
|
|
![vm4sec-execute-view-analysis-results-highlighted](uploads/b4a2c32be3cf69f5a209d6ca50b2d27a/vm4sec-execute-view-analysis-results-highlighted.png) |