With the release of CLEVR Dev Suite 3.1 or in short CDS 3.1, we are introducing an exciting capability! With CDS, you can now review your custom code! #confetti. This means we now cover the entire Mendix model .
But we didn’t stop there; we also did the following:
- Enhanced the way we compare different revisions. For example, to find differences in security configurations. This allows users to better peer review as well as conduct security audits.
- We made it possible to compare revisions from different branches. For example, to assess the impact on the mainline before merging a branch.
- We now support up until Mendix 9.16.
- Some UX tweaks to make your lives easier.
This was just a quick summary. If you want to know more, keep on reading!
Analyzing custom code
Mendix drastically simplifies the software development lifecycle through abstraction. Software quality is a part of this life cycle. The most significant risk for software quality is human error; by abstracting most of the code away from the developer (through building blocks), Mendix reduces the risk of human error and improves the overall software quality. Of course, connecting these components is still risky, but way less than designing everything from scratch. Now, why is this relevant?
Within Mendix, you can also add custom code. What is custom code? Custom code is every instance where a developer introduces Java or Javascript actions instead of using standard platform capabilities.
Custom code is a significant risk in every Mendix application. It poses a quality risk because the responsibility of writing proper code falls on the Mendix developer instead of the Mendix platform (which is the case with platform components). Custom code can significantly impact quality, for example, using Java libraries that contain security vulnerabilities or not escaping user input resulting in the risk of malicious injection during the runtime.
When looking at a code review (or static analysis tool) for Mendix, supporting custom code is seen as a requirement (maybe even a check-the-box feature). Customers don’t want dozens of tools, so they prefer a single platform approach and need ways to mitigate the risk of custom code in Mendix. We already support dependency management with CDS, which identifies security vulnerabilities in Java libraries. But we are still missing the static analysis of the custom code.
From now on, CDS also gives insight into your Java and JavaScript code quality. This step brings us closer to being THE DevOps platform for Mendix. A sneak peek below:
Widgets are considered libraries as they are most often minimized, obfuscated, and maintained in a separate Git repo.
Violations are collected per file and separate from Mendix model violations to not overwhelm you with the total number.
Improved collaboration and audit
It is impossible to automate software quality fully. That is why we aim to make software quality as easy and productive as possible for Mendix teams. The compare functionality allows Mendix teams to see the differences between specific revisions. This is extremely helpful when you have to peer review a branch before merging into the main line (which we always recommend you do before merging). It is also constructive with security auditing, showing differences in the static configuration.
We’ve enhanced the compare functionality in two ways:
- You can now compare revisions from different branches, and
- You can now focus on specific differences:
- Security: looks for all security-related changes. This helps to assess the impact on security.
- Data: looks for all changes in the domain model that would trigger a synchronize database. This helps to prepare a deployment and assess upgrade impact.
- Translations: look for all changes in translatable texts. This helps in multi-lingual apps to check whether all languages are correctly translated.
- Published API: looks for all changes in the published APIs so that other parties can be contacted, proper testing can be done, and synchronized deployments.
Using Compare as a basis for the audit or peer review ensures you don’t miss any changes.
Improved Widget handling
In CDS, various functions help handle widgets in your Mendix application. CDS already checked for the following Mendix best practices concerning App store widgets:
- App store widgets shouldn’t be modified.
- Always use the latest version of the app store widget.
Next to these, we made it easier for you to handle changes inside widgets.
We expanded the compare capability to widgets. This works well for CSS files, XML files, and plain text javascript. For minimized or obfuscated javascript and binary files, this does not work.
It is now also possible to download the local and app store widgets.
Improved dashboard reporting
The dashboard contains various functions to give insight into your application’s quality quickly. The graphs displayed information per revision. However, we got some feedback that people would like to group revisions in the graphs. It is now possible to group revisions:
- Per day, CDS will select the latest revision of each day. If revisions 194, 195, and 196 are committed on the same day, CDS will select 196 for that day.
In CDS, you can manually upload MPK packages. Because we cannot verify the revision number, CDS automatically assigns the number of the revision where you upload with a + sign. For example, if you upload an MPK package in revision 195, a new revision is created called 195+, which is the uploaded MPK package.
Please be aware that the MPK file might be revision 60, as we cannot verify its source.
- Per rev, CDS will group revisions that have the same number. For example, when you have 195 and 195+, CDS selects 195+. This is only relevant when you upload MPK packages manually.
When both per day and rev are not selected, the graph will display the revisions separately.
Other changes
- We now support up until Mendix 9.16.
- We have improved handling situations where we cannot validate your access to the Mendix ecosystem. You will now be brought to the no apps page. Once your access is validated, you can use the Refresh apps functionality in the Can’t find my app section to retry.
- The drop-down for branches and apps shows more items, reducing your clicks. In addition, the app’s drop-down now allows you to favorite apps.
- Code review / App Settings / Download model check has been improved. Faster, more to the point, and more variations are checked.
- The Dashboard graphs now have dots.
Bug smash
- Bug fix: Determining if a review is a free trial has been improved to prevent licensed users from getting an error that they can only download and review one model at a time.
- Bug fix: The Dashboard report now contains the correct information.
We hope you enjoy this new release. Please don’t hesitate to reach out if you have something to share. We always appreciate honest feedback.