Code Change Reviews
Guide on recording and reporting Code Change Reviews using Ketryx
Last updated
Was this helpful?
Guide on recording and reporting Code Change Reviews using Ketryx
Last updated
Was this helpful?
Code reviews play a crucial role in the software development lifecycle as they help identify and rectify defects, security vulnerabilities, and other issues in the software code.
This guide is dedicated to providing guidance on setting up code reviews in Ketryx. It aims to address common questions and offer insights into the process of establishing code reviews.
Tools used to develop and release a product with Ketryx Lifecycle Management are provided in . The release process is described in detail in , while setting up code repositories is described in .
Ketryx supports Code Change Review (CCR) data fetching for repositories hosted on GitHub and Bitbucket.
If you need support for other platforms like GitLab, Azure DevOps, etc., please .
Please see our SOUP documentation for more information about adding your repository to Ketryx:
If you've added your GitHub repository, but still can't see the CCR Report, follow the below process to make sure you have added an authentication token for your repository in the project settings page.
Open the settings area of the project
Add the repository from which you want to pull the Code Change Reviews
Click Enable repository authentication,
set username: name of the token (just for your own reference, can be anything),
set password: the actual GitHub token
Click Save
For Ketryx to fetch Pull Request data from GitHub, authentication needs to happen via a Personal Access Token. Access tokens can be generated at the user level and provide authorization for specific scopes.
This Personal Access Token will serve as the authentication method to fetch both Pull Request data and the Git repository for SOUP dependency analysis from GitHub.
The Personal Access Token needs certain permissions for the Code Change Review feature to work.
For the classic Personal Access Token, the following scopes are required:
repo
read:user
For the fine-grained Personal Access Token, the following permissions are required:
Contents
Metadata
Pull requests
The same authentication method is used to fetch the Git repository (for SOUP dependency analysis) as well.
The repository access token needs to have at least the following permissions:
Repository: Read
Pull requests: Read
When entering the authentication credentials in Ketryx, set the following:
Password: (the access token)
Once set up, the Code Change Review report is available on a project's Code page. To go there, navigate to the project for which a report should be generated. In the Configuration section of the sidebar, press Code. In the upper right hand corner of the page is a download button that will generate the report and initiate a download. Optionally, choose a version for which you want to generate the report for.
Additionally, the Code Change Review report can be generated and approved for a release on a version's Documents page.
There are several steps to generate a GitHub token (classic), which can be found . To enable the CCR features, the token needs specific permissions mentioned below.
To find out how to generate a classic or fine-grained Personal Access Token, please see our GitHub FAQ entry .
For Ketryx to fetch Pull Request data from Bitbucket, authentication needs to happen via a Repository Access Token. Access tokens can be defined at the repository, project, or organization level. Any of these work (just note that only the repository level is possible in the free version of Bitbucket). A guide on how to create such a token can be found .
Username: x-token-auth (as a verbatim value, as documented )