Jazz Jazz Community Blog Better Source Code Reuse, Quality, and Security in IBM Rational Team Concert 6.0.1

Jazz Source Control is ideal for teams that prefer the benefits of a centralized source control system like single source of truth, dependency relationships, complete audit history, reuse, and security.  You may need to answer questions that span the history of a long-running project. You may need to find dependency information about a component that is used in multiple applications that might otherwise span multiple repositories in a decentralized system and is now missing that linkage. Or you may need to find all the places in the code where a bad change set or method is used across all of your projects. However, you also want to be able to distribute your teams, your workspaces, your streams and your components easily without having to manage tens or hundreds of source code repositories. We’ve been working on source control enhancements that build on the strengths of centralized source control in order to improve code quality, enhance code reuse, manage code change flow, and enhance code security.

Improve Code Quality:  Integrated Code Review Support

Are you delivering work at a faster cadence, and struggling to maintain code quality? If so, IBM Rational Team Concert 6.0.1 could help. RTC 6.0.1 introduces native code review support, which integrates tightly with work item approvals and Jazz SCM. This integrated code review capability can help teams catch defects early and improve code quality by ensuring that code is reviewed and critical issues are fixed before the code is included in your products. Reviewers can annotate specific lines of code, which helps developers quickly see and fix issues. Team collaboration is accelerated through real time notification of pending reviews, issues, and fixes. And for customers in regulated industries, an audit trail of code reviews is retained on the work items and change sets.

code-review-summary

Enable Code Reuse: Nested Components

Starting in RTC 6.0, you can organize code into hierarchies of nested components. This enables you to track reuse and dependency relationships between software components. It improves usability for large development projects by streamlining the views to help users focus on the components they are modifying, and by making it easy to reuse subcomponents and receive updates from other teams. In release v6.0.1, the capability is now fully enabled and turned on by default, and nested components are now supported in Visual Studio as well as Eclipse and the command line clients.

You can now move from a flat list of components to something more like the way you organize your builds or store your files in the file system:

ComponentHierarchyTAN

Easily Control Code Workflow: Configuring the Flow of Changes between Streams

In v6.0.1, it is easier to configure directional flow for streams and components. Jazz SCM has always had a flexible model for flowing changes, but now it can easily be configured to support workflows such as the following:

  • My team works on component A, and we reuse component B which is developed by another team. Only the other team can deliver changes to component B.
  • We have one team working on new features, and another team working on fixes in a maintenance stream. We want all the fixes to flow to the feature stream, but we don’t want the new features to flow back to the maintenance stream.

This makes it easier to ensure developers deliver their work to the right stream. It also makes it possible to model other stream workflows that your company might require such as working with outside contractors or more advanced multilevel continuous integration or lieutenant-and-commander style workflows.

Better Security for Source Code

A smart friend of mine, who I met at Yale’s computer science department when I was working there, told me a story about computer security.  I think he was worried about a junior programmer (me) writing a mail reader for the department to use!  He said, “Security is a wall and if people want to get over it they can, it’s just a question of how high a wall you need”. Some people who code in the public and write open source apps need a very low wall, others who write code for healthcare, banking, or other regulated industries need a much, much higher wall. I still remember these words, every time I read about a retailer, manufacturer, or financial institution being compromised by a security breach of data, or even worse, source code.  Today, the reality is you might have contractors, suppliers, and developers who may not even work for your company from all over the world working on your code base. How do you easily manage this ebb and flow of users who should only have access to certain parts of your source code base?

In RTC 6.0.1 we’ve enhanced security by using Jazz Access Groups to:

  • Control read access to SCM data by group, down to the component, folder, or file level
  • Easily maintain fine-grained access for dynamic teams where members come and go
  • Easily support different access for contractors or suppliers
  • On-board and off-board teams or team members on coding projects with minimal administration

How do Jazz Access Groups help?  You add users to a group such as “Contractors-project Y” and assign that group the proper access to a set of components or source code files. Then you add and remove members of the group, rather than having to add and remove their individual accesses to a set of components or files. So you might manage a handful of groups for different levels of source code access rather than individual user access—security that scales up and down. Oh, and you don’t have to worry about hundreds of repositories being secured properly either, just the one that counts.

read-access-groups-scm

This blog covers only some of the things we’ve added to RTC 6.0.1 with an emphasis on new source control capabilities. Stay tuned for more great blogs coming your way on RTC and CLM 6.0.1 capabilities.

—Rolf Nelson

RTC Product Manager

 

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
2 Comments
  1. Yaron Norani March 16, 2016 @ 5:34 am

    Hi Rolf,

    Can you create groups and grant the deliver option to a specific stream only for those groups?
    also, can you specify how to create those groups?
    Thanks,

    Yaron

  2. Rolf Nelson April 13, 2016 @ 4:21 pm

    Hi Yaron,
    Yes, you can grant read access to streams by access groups. The new flow rules may also assist with limiting deliver inflows or outflows. Another option, which is a bit more work, would be to use a pre-condition on deliver. I’d have to experiment a bit but there are ways to achieve what you desire. Let us know how it goes. Thanks!
    –Rolf

You must be logged in to post a comment.