Frequently Asked Questions

Is the Codex a Static Code Analyzer (SCA)?

No. The Codex looks at the output from the SCAs.

What SCAs are the Codex integrated with?

The Codex has been integrated to run with the Java Deprecator Scanner and the SonarSource SonarQube scanner. If you would like us to look at integrating with a different SCA please let us know through our Contact Us page.

What languages can the Codex migrate?

The Codex is currently programmed to migrate Java source code projects. However, multiple issues that are picked up through the SonarQube SCA from a non-Java project can be fixed by the Codex. Additional languages are on the Roadmap. Contact us if you need a language sooner than we are currently planning.

Can the Codex migrate a Java project that was written in something earlier than Java 8?

Yes!

How long does it take to get results from the Codex?

This depends on how large your project file is. Remember that the running is not just the Codex. The process when integrated with an SCM such as GitHub is Checkout, Build, SCAs, Codex, Verify Update, Publish. We have seen times from 30 minutes to 5 hours so far for all steps.

Will it work if my code won’t compile?

If your code fails to compile the Codex will not run. We recommend automated testing (aka Unit Testing).

Who sets up the SCA?

We are setup to run as either a SaaS service or a PaaS service. The latter is more expensive though.

The Java Deprecated Scanner doesn’t scan third-party libraries, does the Codex?

No. If you want us to run a third-party library you will need to talk to us about it. Note that we are already supporting several Opensource projects.

What steps do you use in creating a Solution Template?

We follow precise steps in the development of our Solution Templates. First the problem is identified by an SCA. We label and categorize the problem based on our own assessment of difficulty. Second, we refer to industry recommendations and solutions for best application of a solution, ie. how to use or implement a new API. The industry recommendations are broken into three categories for us and we refer to specific sources for each category:

  • Deprecated APIs -> Oracle & JCP documentation
  • Performance, code smell (maintainability), stability -> SonarSource, Joshua Block, et al
  • Vulnerabilities & bugs -> SonarSource, Cert, OWASP, MITRE

The code is tested after a thorough review period before being used as a complete solution.
There are outlying solutions that a customer may be using that we cannot catch. We always recommend that the customer vet all migrations and updates that are submitted by our service. We do not actually read the customer code. Since we do not keep a copy of the customers code we cannot see if an outlier occurs.

Do you store any of the customers code?

We do not store any customer files without customer permission.

What is a Solution Template?

We refer to a Solution Template as the blueprint applied to a specific code segment to fix a problem – whether the problem is a deprecated API, a code smell, a vulnerability, or something else.