Configuration
The primary way to configure the application is the appsettings.json file, which is included with the C2M distribution.
JSON schema for the file is available here.
Any settings can be overridden by environment variables or command line options - see corresponding sections below.
Authorization
To use C2M, one needs a CodeWeTrust account, which can be created at https://codewetrust.com/ or in the application.
By default, a new C2M instance is configured with everyone as administrator ("Administrators": "*").
This is fine for a local deployment.
For a public instance intended for multi-user access the recommended approach is:
- Configure a single administrator account in
appssettings.json:
{
"AuthorizationSettings": {
"Administrators": "john.doe.admin@mycompany.org"
}
}
- Use "Access Control" section of the settings UI to manage user accounts and permissions:
Database
See External Database for details.
Options
CodeWeTrustSettings section of appsettings.json contains the following options:
AnalysisDisabled- disable code analysis on this instance. Useful when analysis is performed by a different instance or a console runner.ReadOnly- disable all write operations on this instance. Data can't be edited, analysis can't be started.SkipBrowserOpen- don't open the browser on startup. Enable when running on a server.SkipSystemCheck- don't check the system for potential issues. Speeds up startup.DisableWebView- disable the web view window mode, and use the default system browser to host the UI instead.SkipFrontEndFiles- skip serving the front-end files. Enable when using only the REST API to improve startup performance.AllowMultipleInstances- allow multiple instances of the application to run on the same machine.CacheExpirationTimeout- cache expiration timeout. Default is 5 minutes. Tweak when using the same database from multiple instances.EnableParallelJobExecution- enable multiple jobs from the same scan session (repo) to run in parallel. Default is true. Typically, reduces scan time ~2x, but increases CPU and memory usage. Disable on low-resource machines.MaxParallelRepositories- experimental - maximum number of repositories that can be scanned in parallel within a single product. Default is 1. Increase to improve scan throughput on multi-repo products. Requires roughlyN x 12GBof RAM on Linux.
Example:
{
"CodeWeTrustSettings": {
"AnalysisDisabled": false,
"ReadOnly": false,
"SkipBrowserOpen": false,
"SkipSystemCheck": false,
"DisableWebView": false,
"SkipFrontEndFiles": false,
"AllowMultipleInstances": false,
"CacheExpirationTimeout": "00:05:30",
"EnableParallelJobExecution": true,
"MaxParallelRepositories": 1
}
}
JIRA Connector
Code analysis issues can be exported to JIRA from the C2M UI:
To enable this feature, configure the JIRA connector in appsettings.json:
{
"JiraConnectorSettings": {
"Username": "user",
"ApiToken": "token",
"BaseUrl": "API base url",
"ProjectKey": "JIRA project key"
}
}
This can also be done in the settings UI on per-project basis:
REST API
See REST API for details.
Logging
CodeWeTrust.log file contains the application log. Severity level can be configured in appsettings.json:
{
"Logging": {
"LogLevel": {
"Default": "Warning"
}
}
}
Web Server
By default, built-in web server uses a random port on loopback interface.
Use the Kestrel section to use a specific port on all interfaces:
{
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://0.0.0.0:5000"
}
}
}
}
Environment Variables
Any setting can be overridden by an environment variable. The name of the variable is the same as the setting name, but with __ separator.
Examples:
CodeWeTrustSettings.AnalysisDisabled=>CODEWETRUSTSETTINGS__ANALYSISDISABLED.ConnectionStrings.CodeWeTrustDb=>ConnectionStrings__CodeWeTrustDb.
Command Line Options
Any setting can be overridden by a command line option. The name of the option is the same as the setting name, but with : separator.
Example:
./CodeWeTrust --CodeWeTrustSettings:AnalysisDisabled=true --ConnectionStrings:CodeWeTrustDb="server=localhost;uid=postgres;pwd=hunter2;database=code-we-trust-1;port=5432"