Configuration management refers to management of all activities related to changes in all constituent elements (i.e. software source code, development environment, build structure, etc.) of computer software, in a computer software development process ranging from a starting stage of development of a project to a final stage at which maintenance is performed.
In a narrow sense, configuration management is considered management of changes(revisions) in a source code produced at implementation and testing of computer software.
Various conventional configuration management systems used for configuration management have been proposed. For example, a conventional configuration management (transfer control) method using a configuration management system is performed in the way described below.
1) A configuration management system receives a transfer request for a source code, from a developer.
The acceptance of the transfer request is carried out in the following sequence: first, the source code that is a transfer request target is added to storage (configuration management storage) or the source code added to the storage is checked out to allow changes thereof; and the changed source code is checked in.
2) The configuration management system calls an analysis engine.
3) The analysis engine analyzes the transfer-requested source code for each check item.
The check items are items associated with a source code stability criterion preset by a manager. For example, the check items may include whether a worker's source code complies with an organization's code conventions or other standards, whether the source code is checked for security or not, and the results of the source code security checking, etc.
4) The configuration management system verifies transfer suitability of the transfer-requested source code with a return value or an identification value which is a value based on the analysis results.
In the above-described conventional configuration management method, a static analysis tool is typically used as an analysis engine that analyzes the transfer-requested source code. The static analysis tool performs static code analysis with respect to a source code that is a configuration management target, detects errors or weak points in the source code, and informs a developer (or a person in charge of analysis) of the detected errors. As the static analysis tool having an automatic source code analysis function, various products have been released.
A transfer control process performed by a conventional configuration management system has problems and limitations described below.
Since the configuration management system calls an analysis engine to implement an analysis function after receiving a developer's transfer request for a source code, it takes time to establish transfer control environment and deal with the transfer of the source code.
In addition, since analysis needs to be performed at every source code transfer event, the time for transfer control is unnecessarily increased.
In addition, since every source code analysis operation consumes system resources, excessive system resources are required.