Release 1.2.0

Changelog

• Added filtering and sorting to custom issue list
• All confidence scores are now fetched at once
• Previously calculated confidence scores are stored and are only updated when a new SonarQube analysis has been run. Otherwise, the stored score is returned, reducing response time
• Updated docs
  • Sections: user guide, implementation notes
  • Updated how the pages are arranged
• Separated logging in flaskapp backend into three files:
  • app.log: general logs of the application
  • fp.log: logs specific to the false positive classification
  • aifix.log: logs specific to the AIFix

Bug Fixes

• No issues are shown in issue list if the flaskapp (for confidence scores) is not reachable
• AIFix not working in error tree
• Crash when clicking group node in error tree
• gunicorn workers time out very quickly during AIFix, making it almost impossible to get a response
• "Create GitHub PR" button in quick fix tab doesn't show as disabled

Release 1.1.1

Changelog

• Removed Maven and Gradle from Dockerfile for new SonarQube server, because neither are needed and the Maven version would require frequent updating

Setup

See Release 1.1.0

Release 1.1.0

Changelog

• Combined AIFix and Confidence Score docker containers
• Removed Ollama and replaced it with Gemini for Code Generation
• Made server IP dynamic and not hard coded

Setup

1. Download the following files:
   • zip archive: secai-for-exist-sq if you already have a SonarQube server, secai-for-new-sq if you intend to create a new one
   • SecAI plugin jar
2. Unzip the archive on the intended host machine in a location that all administrators can access.
3. In the file Flaskapp/aifix/.env:
   • Replace the placeholders for the API keys of the LLMs you intend to use.
   • Unless you are hosting all components including the projects to analyse on the same machine, change the FLASK_IP to the IP address of the host machine
4. Run docker compose up -d --build within the unzipped directory. You may have to use sudo for admin permissions.
5. Configure SonarQube:
   • For a new SonarQube server: The server configuration in the docker-compose.yml is not meant for production use. Please adjust the configuration to your needs using the official SonarQube documentation
   • If you are extending an existing SonarQube server: Add the file Flaskapp/aifix/.env through the env-file attribute of your docker compose file or docker run command, or, if not using docker, define the environment variables on your host machine
   • Add the plugin jar to the plugin folder:
     • In docker: Use docker container cp to move the file to /opt/sonarqube/extensions/plugins (on the running container). Alternatively, if you used our docker compose file for your server there should be a plugins folder in the base directory that is connected directly to the mentioned location inside the container.
     • With SonarQube installed from a zip file: Locate the extensions/plugins folder inside your SonarQube distribution and move the jar into it.
   • Restart the SonarQube instance for the changes to take effect. You should receive a warning about third-party plugins and the plugin should be listed under Administration > Marketplace > Plugins > Installed.
6. Refer to the documentation on how to set up the analysis using the SecAI plugin.

Release 1.0.2

Changelog:

• Updated dependencies
• Removed superfluous files from zip archives

Release 1.0.1

This release consists of the final version from the original project group with improved setup documentation for easier installation.