Technology Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

CPILint version 1.0.5 is here

MortenWittrock
SAP Mentor
SAP Mentor
‎2024 Aug 29 12:40 AM
2,332

CPILint-1.0.5.png

The very first version of CPILint was released on August 31st, 2019. With the 5th anniversary just around the corner, I am excited to announce that version 1.0.5 is complete and ready for you to install.

If you already run version 1.0.4, you will automatically be notified that there is a new version available. You can also go directly to GitHub to download it.

In this blog post, I will give you an overview of what’s in version 1.0.5. If you are new to CPILint, let me start by giving you the elevator pitch:

CPILint is an open-source tool that automates your SAP Cloud Integration governance. It ships with a range of built-in rules covering topics like developer guidelines, naming conventions and security. You choose the rules you want to put in place, and CPILint does the heavy lifting of checking your integration flows for compliance.

Now, let’s take a look at all the good stuff in the new release!

OAuth 2.0 support

CPILint communicates with your SAP Cloud Integration tenant via the official OData API. This requires authorization, of course, and so far we’ve done this by providing a username and password.

In version 1.0.5, however, you can authorize simply by creating a service key for CPILint in the SAP BTP Cockpit and downloading it to your local machine. You use the new -key command line option to point to that key. CPILint then uses your key to authorize its API calls using the OAuth 2.0 client credentials flow.

This has several benefits for you. First off, you no longer need to provide a username and password. Second, since the tenant hostname is already in the key, you no longer need to provide that either. Third, running CPILint with minimal permissions is now very easy to get right. Finally, the OAuth 2.0 client credentials flow is more secure than basic authentication.

With the new OAuth 2.0 support, checking your entire tenant for compliance is now as simple as:

cpilint -key my-key.json -rules my-rules.xml

Short and sweet!

Rules file import

Up until now, every single rule you wanted to check had to be stored in a single rules file. With CPILint version 1.0.5, we get a lot more flexibility. The new version introduces the ability to import a rules file into another rules file. You do this using the new <import> element.

If you have, for instance, a separate rules file for a specific project package but also want to reuse naming conventions that apply to the entire tenant, you can now simply import those naming conventions into the project’s rules file like this:

 

<cpilint>
    <imports>
        <import src="/path/to/naming-conventions.xml"/>
    </imports>
    <rules>
        <!-- Your project-specific rules would go here. -->
    </rules>
</cpilint>

 

This feature opens up entirely new ways to shape and mold your rules files and I’m excited to see how the community will put it to use! To learn more about rules file imports, visit this wiki page.

New rule: UserRoles

UserRoles is a new rule in CPILint 1.0.5 that lets you specify which user roles should and should not be used in sender channels that support user role authorization (meaning AS2, AS4, HTTPS, IDoc, SOAP, XI, and OData). If you, for instance, do not allow the use of the default user role (ESBMessaging.send), you would add this rule:

 

<disallowed-user-roles>
    <disallow>ESBMessaging.send</disallow>
</disallowed-user-roles>

 

You can also use the UserRoles rule to require, for instance, that only certain custom user roles be used.

Other news

1.0.5 adds 30 supported names to the NamingConventions rule. Check out this page in the CPILint wiki for the full list of supported names.

There’s a new command line option called -skipvercheck that skips the automatic check for a new version. If you run CPILint in a non-interactive way, like for instance in a CI/CD pipeline or other automation context, you might want to do this to save a little time and bandwidth.

The DuplicateResourcesNotAllowed rule now supports JSON resources.

There is now an FAQ page in the project wiki.

Last but definitely not least: The CPILint ASCII art is now 3D. Yes, I saved the best for last!

Over to you

That’s it for the CPILint 1.0.5 overview. Take the new release for a spin and please share your feedback with me in the comments below.

1 Comment