Administration Center - Settings - Extensions Strategy

Introduction
Out of the box settings
Extension versions range
Auto update (global)
User Community/Labs
Force installation
- Auto update (individual)
White list
- Release number locking mechanism
Rules

Summary: documentation for the Extensions Strategy panel in the Console Administration Center.

Options available here are global to ALL Applications managed in Console. Note that this page describes settings available only in CAST Console ≤ 2.7. For newer releases, please see Administration Center - Extensions Strategy instead.

Introduction

The Extensions Strategy setting provides various options for managing at a global level (i.e. for all Applications managed in the Console) the extensions that are used in each Application analysis. The main objective of these options is to ensure that the extensions that are available for use in an analysis by an Application owner or Analysis Manager can be controlled - for example, admins can choose to do any of the following:

allow/prevent the use of specific extensions depending on their status (LTS, funcrel, beta, alpha etc.)
allow only specific extensions and specific versions of extensions to be used in all analyses - a white list
force the installation/use of specific extensions in all analyses

The settings can be seen as controlling mechanisms to prevent or grant access to any specific official or custom extensions that have been published by CAST. It is not mandatory to make any changes to the default options, however, CAST does recommend that you evaluate the correct strategy for your own environment.

Click to enlarge

Out of the box settings

Out of the box, Console will have the following pre-defined settings:

Extension Version Range

The Extension Version Range is set to Funcrel and LTS. This means that Beta and Alpha releases will not be automatically installed:

Auto Update and User Community/Labs

Auto Update is disabled and User Community/Labs is enabled:

Force installed extensions

A set of extensions (providing reporting capabilities) will be listed in the force install list out of the box (and also after upgrade). This means that these extensions will be installed for all Applications managed within Console during the next source code delivery:

The extensions are the following:

Application Information (from 2.6)
Automatic Links Validator
Console Information for Imaging (from 2.8)
Core Metrics (from 2.5)
Highlight to MRI (from 2.10 and ONLY when the entries in Administration Center - Settings - CAST Highlight Settings have been populated)
ISO-5055 Index
KB Portable Root Paths (internal extension, from 2.10)
Module Definition Types (from 2.5)
Quality Standards Mapping

It is not mandatory to use any of these extensions (they can be removed), but they do provide additional insight and information and CAST highly recommends that they are left enabled. Some additional notes:

If any of these extensions are already installed for your Applications, then nothing will happen, the release you are using will not be overridden (unless you activate the Auto Update option (see below)).
If you are using CAST Extend Offline or CAST Extend local server and you intend to use these extensions (i.e. leave them listed in the table) you must ensure that you update your service to include these extensions.
The release number of extensions will be determined the first time you run an analysis on your first Application. The most recent extension release will be downloaded (respecting the Extension Version Range setting) and this release will be locked (see below about the release number locking mechanism).
The Auto Update option at extension level will be disabled by default - this means that extension will not update automatically unless you either:
- enable Auto Update at global level
- manually enable Auto Update at extension level by moving the slider to the enabled position alongside the extension

Extension versions range

This option provides the ability to control which type of extensions can be used for Application analyses (you can see more about this in Release types).

LTS (or longterm: Long Term Support)
Funcrel (i.e.: Functional Release)
Beta
Alpha

For example, it may not be desirable to allow the use of extensions that are in Funcrel, Beta or Alpha status in a "production" analysis. Therefore the slider can be adjusted to allow only LTS extensions:

When the strategy is updated, a notification is displayed:

This strategy change will be visible at Application level when looking at the Available Extensions tab (see Application - Extensions) - only extensions whose version status matches the strategy chosen at global level will be available for selection - in the image below, Funcrel, Beta and Alpha extensions are no longer available since the strategy has been changed to LTS only:

Click to enlarge

If you find that your analyses are failing at the "install extensions" step due to Console automatically requesting an extension that does not meet the strategy requirements (i.e. it is an alpha or beta where only LTS or funcrel extensions are allowed), you can blacklist the extension to prevent Console from automatically attempting to install it. See Blacklisting extensions. Note that this may mean your analysis results are compromised where the extension provides specific functionality required for your source code.

Auto update (global)

When enabled, this option provides a global (i.e. for all Applications managed in Console) method of ensuring that:

all Applications will always use the latest release for all Included extensions ( Console will respect the setting applied via the Extension versions range slider - in other words, if you only permit LTS or funcrel via the slider, the "latest extension" will be the most recent LTS or funcrel release - any other more recent alpha or beta releases will be ignored)
and that a manual update of an extension release is disabled (i.e. not possible to change the extension release in the Application - Extensions screen):

When an extension update is required, it will be applied either before an analysis or before a snapshot in a dedicated job step

In addition, when this option is enabled (not the default position):

the setting will be applied only to those Applications where the Enable Auto Configuration option is already enabled (default position):

The Enable Auto Configuration option has been removed in ≥ 2.3, therefore the Auto Update option applies to all Applications in these releases of Console.

the Auto Update option for individual extensions in the Force Install list will be deactivated and cannot be moved (disabling Auto Update will re-activate the Auto Update option for individual extensions option):

the White list option (see below) will also be deactivated and cannot be moved (disabling Auto Update will re-activate the White list option):

If the Auto update option cannot be moved, this means that the White list option has been enabled.

User Community/Labs

This option either allows or prevents the installation of User Community or Labs extensions (see Contributor types for more details). By default the option is disabled, meaning that no User Community or Labs extensions will be available for installation either in the Application - Extensions interface or for Force Installation purposes (see below).

Force installation

This section controls which extensions will always be used for all analyses (i.e. force the use of):

Out of the box a set of extensions will already be listed - these are set by default, as described in Out of the box settings above. If you would like to force install other extensions, you can do so by clicking the ADD button and then choosing the extensions you want:

Note that you can also search for a specific extension using the search field at the top of the dialog.

Extensions that you have added will then be visible in the list - in the example below, the .NET Analyzer extension has been added. Note that there is no specific release number listed - this will be determined the first time you run an analysis on your first Application. The most recent extension release will be downloaded (respecting the Extension Version Range setting) and this release will be locked during the first analysis (see below about the release number locking mechanism):

When an extension is added to the list, the extension will ALWAYS be used in an analysis. This strategy change will be visible at Application level when looking at the Included Extensions tab (see Application - Extensions) and filtering on Force Installed:

If you no longer wish to retain an extension in the list, you can remove it using the trash can icon:

Auto update (individual)

For each individual extension added to the force installation list, it is possible to enable an Auto update option. This option functions in the same way as the Auto update (global) option described above (in summary it ensures that all Applications will always use the latest release for all Included extensions. If the Auto update (global) option is enabled, then the sliders at individual extension level are deactivated and cannot be moved since the global option takes precedence:

You can also enable multiple extensions in one go if required:

White list

This section and option controls which extensions and which releases of extensions can be used in all analyses (a white list). Out of the box, no extensions are listed and the option is disabled:

When this option is enabled:

You can add extensions to the list using the All from product or Add buttons.
Console will only offer (via the Available Extensions tab (see Application - Extensions)) extensions that have been explicitly added to this list. I.e. if the extension is not present in the list, it cannot be downloaded automatically and used in an analysis.
any extension that is automatically "discovered" by Console (i.e. required for analysis) or automatically installed for any other reason MUST be present in the list before an analysis can proceed. If not, the analysis will fail.
the Auto update option will be automatically deactivated.

Before activating the option you need to first decide which extensions you will add to the list. You can select the extensions by clicking the All from product or Add buttons and then choosing the extensions you want:

Note that you can also:

search for a specific extension using the search field at the top of the dialog
use the ALL FROM PRODUCT option to add ALL extensions to the list

Extensions that you have added will then be visible in the list - in the example below, the .NET Analyzer extension has been added. Note that there is no specific release number listed - this will be determined the first time you run an analysis on your first Application. The most recent extension release will be downloaded (respecting the Extension Version Range setting) and this release will be locked (see below about the release number locking mechanism):

If you no longer wish to retain an extension in the list, you can remove it using the trash can icon - note that removing an extension from the list when the Enable white list option is enabled will prevent an analysis from proceeding if the extension is required (i.e. "discovered").

Release number locking mechanism

The release number locking mechanism is automatically active for both the Force installation and White list sections and cannot be disabled. It will ensure that a specific release of the extension is always used for your analyses, therefore providing result stability. During the first analysis following the addition of an extension to either the White list or Force installation list, the release number of the extension used in that analysis will be displayed, and then all subsequent analyses will always use this specific release of the extension - i.e. the release number is "locked".

Rules

The following rules are in operation:

After source code delivery, extensions discovered by Console will be used:
- except if the white list is enabled and the extension is not present in the list (in which case the analysis will not be permitted to proceed)
- latest/recommended release of the extension is used if the extension is in the white list but not yet "locked" to a specific release
- "locked" release is always used if the extension is present in the list and "locked" to a specific release
- if the "locked" release is an LTS, all Service Pack releases can be also selected for use at Application level. If a Service Pack release is manually selected, it will be used for the current Application only
- if the release of any dependent extension is older than the "locked" release, then the "master" extension cannot be used in the current Application

After source code delivery, extensions set as "force install" will be used:
- latest/recommended release of the extension is used if the extension is not yet "locked" to a specific release
- "locked" release is always used if the extension is "locked" to a specific release
- if the "locked" release is an LTS, all Service Pack versions can be also selected for use at Application level. If a Service Pack release is manually selected, it will be used for the current Application only

After source code delivery when extensions are present in the lists and Enable white list option enabled, it is only possible to add additional extensions that are in the list:
- latest/recommended release of the extension is used if the extension is not yet "locked" to a specific release
- "locked" release is always used if the extension is "locked" to a specific release
- if the "locked" release is an LTS, all Service Pack versions can be also selected for use at Application level. If a Service Pack release is manually selected, it will be used for the current Application only
- it is not possible to change the release of a "locked" extension