Methods for Configuring Analysis 6.4.0

Configuring analysis

• Using the command line

• Using environment variables

• Using a configuration file

  • Properties file

  • YAML file

  • Using profiles

• Other configuration methods

• Providing sensitive values such as credentials

You can configure the Synopsys Detect analysis by assigning values to properties. For information about properties, refer to Properties. This section describes the various methods available for defining properties:

• Setting properties on the command line,

• Using environment variables to configure properties.

• Using a configuration such as a properties file or a YAML file.

• Using profiles
  A specially-named configuration file can define a profile: you can define multiple profiles and use Spring Boot to define the order in which these are used.

You can use the --interactive command-line option to obtain guidance through configuring Synopsys Detect.

Using the command line

One method for configuring Synopsys Detect is by setting Synopsys Detect property values on the command line. When setting a property value on the command line, prefix the property name with two hyphens (--). For example, to set property detect.project.name, use the following format:

Using environment variables

Synopsys Detect properties can also be set using environment variables.

On Linux, when setting a property value using an environment variable, the environment variable name is the property name converted to uppercase, where the period characters (.) are converted to underscore characters (_). as shown in the following example:

On Windows, the environment variable name can either be the original property name, or the property name converted to uppercase with period characters (".") converted to underscore characters (_) as shown in the following example:

Using a configuration file

Another commonly-used method of configuring Synopsys Detect is to provide a configuration file. The configuration file can be a Java properties (.properties) file or a YAML (.yml) file.

Spring looks for a configuration file named application.properties or application.yml in the current working directory, or a ./config subdirectory. If it exists, it will read property values from it.

For example, if you wanted to set a property detect.project.name using a configuration (.properties) file, you could do it as follows:

Because the configuration file has one of the file names that Spring looks for by default (in this case, application.properties) and exists in one of the locations that Spring looks in by default (in this case, the current directory), there is no need to specify the path to the configuration file on the command line.

Properties file

When setting a property value in a .properties file, do not prefix the property name with hyphens (--), and you must adhere to Java .properties file syntax, for example, propertyName=propertyValue, one per line.

YAML file

When setting a property value in a .yml file, do not prefix the property name with hyphens, and you must adhere to the YAML syntax for dictionaries, for example, 
propertyName: propertyValue, one per line.

Using profiles

Switching between multiple profiles

A profile is, essentially, a set of pre-defined properties. You select the profile (property settings) you want when you run Synopsys Detect.

Creating a profile

To define a set of properties for a profile, create a configuration file named application-{profilename}.properties or application-{profilename}.yml in the current working directory, or in a subdirectory named config. Populate it with property assignments as previously described.

Selecting a profile at the command line

To select one or more profiles on the Synopsys Detect command line, assign the comma-separated list of profiles to the Spring Boot property spring.profiles.active, as follows.

This capability is provided by Spring Boot. For more information, refer to Spring Boot's profile mechanism.

Other configuration methods

Synopsys Detect reads property values by using Spring Boot's externalized configuration mechanism, which provides capabilities beyond those described on this page.

The most common methods used to pass a property value to Synopsys Detect are listed as follows. A method with a lower number in Spring Boot's order of precedence overrides a method with a higher number.

• Using a command-line argument (#4 in Spring Boot's order of precedence):

   

• Using one environment variable per property (#10 in Spring Boot's order of precedence):

   

• Using property assignments in a .properties configuration file (#14 in Spring Boot's order of precedence):

   

• Using property assignments in a .yml configuration file (also #14 in Spring Boot's order of precedence, but .properties takes precedence over .yml):

   

• Using the SPRING_APPLICATION_JSON environment variable with a set of properties set using JSON format (#5 in Spring Boot's order of precedence): 

   

Refer to the Spring Boot documentation for more details and more complex methods to set properties.

Providing sensitive values such as credentials

You can provide sensitive values such as credentials to Synopsys Detect using a variety of mechanisms provided by Spring Boot, including:

On the command line; for example, --blackduck.password={your password}

• As an environment variable value; for example, export BLACKDUCK_PASSWORD={your password}

• In a configuration (.properties) file; for example, ./application.properties

Sensitive values provided on the command line might be visible to other users that are able to view process details. Typically, setting sensitive values using environment variables is considered more secure. Connecting to another system; for example, Black Duck, using an access token (also called an API token) is considered more secure than connecting using a username and password.