sca 2.0.0

This release introduces Teams capabilities, and some fixes and improvements.

Features and Improvements

Teams Lockdown

  • Requests to get correlated defects will fail with a 403 if the defects belong to project(s) that the requesting user does not have access to.

Flexible Build Version

  • Previously, correlating on a build version required an attribute specifically named build. This led to some breakage when an upstream change prevented querying for attribute names that do not exist. It also wasn’t flexible for users. This release fixes the breakage and allows users to specify the name of your build attribute, via a field called matchColumn. matchColumn is an optional value which should be the name of an attribute. As usual, any attributes that you would like submitted with the defect report should be appended to the endpoint as query string parameters. However, only the attribute with the matchColumn attribute name will be used specifically for correlation. This is useful for correlating defects to error objects based on a build version.
curl -X POST'https://sca.backtrace.io/api/sca/submit/clang-analyzer?<some-attribute-name>=<some-attribute-value> \
  -H 'Content-Type: multipart/form-data' \
  -F report=@/path/to/report/report.tar.gz \
  -F projectName=<project-name> \
  -F 'submitUrl=https://<coroner-instance>:<submission-port>/post?format=json&token=<token>' \
  -F matchColumn=<some-attribute-name>

Breaking Changes

  • Defect submission now requires a projectName field.
curl -X POST 'https://sca.backtrace.io/api/sca/submit/clang-analyzer' \
        -H 'Content-Type: multipart/form-data' \
	-F report=@scanbuild-reports.tar.gz \
	-F projectName='my-project-name' \
	-F "submitUrl=https://my-universe.sp.backtrace.io:6098/post?format=json&token=<token>"