Code Analysis for Oracle
Published 16 January 2019
Code Analysis for Oracle checks PL/SQL code for “smells”, suggests best practices, identifies deprecated syntax, and can be used to enforce naming conventions. Rules can be customized according to your organization’s own chosen standards, conventions, and policies. Code analysis can be run as part of an automated process, like Continuous Integration (CI), to identify issues early before they are released to Production.
Code Analysis for Oracle is only available as part of the Deployment Suite for Oracle license. Download the latest version from the documentation page for the Deployment Suite for Oracle.
See all the rules in the product documentation.
Configure the Code Analysis for Oracle rules with the following options to meet your needs. For your convenience, a sample cao.settings.xml is included that you can edit.
Each rule can be classified with one of the following severities: Ignore, Warning and Error. Ignored issues will not be reported. Warnings will be reported, and will cause the command line to exit with the code "4" (see below). If at least one Error is found, the exit code will be "3", which can be used to fail a build when running as part of a CI process.
Specify a subset of rules to run
By default, all rules will be run and are set to the "Error" severity. To specify a subset, either use the /include, /exclude and /warning switches, or use /config with a configuration settings file and simply remove or comment out the rules that you don't want to run. This can be customized on a project by project basis.
Naming convention rules
For the objects in the cao.settings.xml, specify the allowed or disallowed naming conventions for the specified objects. These names should be provided in the form of a regular expression supported by the Regexp class. So if you want to exclude a Function where the name starts with ‘z’, you should write ^z.*, for example. For further hints on the Regular Expression language, read this Quick Reference.
- 0 - Code Analysis for Oracle successfully completed its analysis and reported no issues in the analysed SQL files.
- 1 - Code Analysis for Oracle failed to complete its analysis due to a fatal error.
- 2 - Code Analysis for Oracle managed to finish but only partially completed its analysis - often this is because one or more SQL files could not be parsed (such files are currently excluded from the generated reports)
- 3 - Code Analysis for Oracle ran successfully but reported one or more errors in the analysed SQL files
- 4 - Code Analysis for Oracle ran successfully but reported one or more warnings in the analysed SQL files
One Windows, the Code Analysis for Oracle command line is added to the PATH environment variable on installation. For Linux users, the command line can be executed directly. In either case, the command line is executed by running cao.cmd without any parameters for help.
To analyze a specific script or a folder of .sql scripts, use the /source switch. The /outfile switch saves the code analysis results.
The following targets a folder of scripts and outputs an html results report.
cao.cmd /source:MySQLScriptsFolder /outfile:CodeAnalysisResults.html
The following targets a single script and outputs an xml results report.
cao.cmd /source:deployment_script.sql /outfile:CodeAnalysisResults.xml
To specify a subset of rules it is easiest to specify a settings file using /config:
cao.cmd /config:myRules.cao.settings.xml /source:MySQLScripts /outfile:CodeAnalysisResults.xml
- Supported on Windows or Linux using .NETCoreApp v2.2 (let us know if you have any problems getting this running on your preferred OS)
Known issues and limitations
Please contact us if any limitations are causing inconvenience, or are outright blockers.
- It is only possible to analyze SQL scripts, not a live database.
Please see the Code Analysis release notes in the Deployment Suite for Oracle.