Skip to main content

Trusted Advisor

OutSystems

Trusted Advisor Release Notes

Release notes for every release of Trusted Advisor (both SaaS and LifeTime Plugin components)

August 2018 (R1802)

This release focused on adding new Patterns, fixes and improvements and new Probes to support the breaking changes on the newest platform versions.

SaaS

Code Analysis Patterns

  • 3 new Performance patterns for Mobile applications:

    • “Non Optimized Local storage” - Local storage is a copy of server entities or using complex model

    • “Not taking advantage of Local Storage”- Too many server calls (screen data action) instead of using local storage

    • “Multiple server Calls inside Client Actions”- Multiple Server Aggregates or Server actions calls inside Client Actions

  • 2 new Architecture patterns:

    • “Monolithic Service Module”- Module providing services with too many public elements

    • “Library or Core module with screens”- Misplaced end user screens

  • 1 new Maintainability pattern:

    • “Long undocumented flow”- Action with a long and undocumented flow

  • 3 new Security patterns:

    • “SQL Injection”- User inputs used in expanded inline parameters of a query

    • “Avoid Anonymous Access Screens”- Screens should have specific roles set instead of Anonymous and/or Registered

    • “Not Secure Web Services”- Exposed REST services should enforce SSL/TLS, authentication and hide documentation

  • Improved pattern “Unlimited records in SQL query”, excluding the truncate table statement

 

Changes/Fixes

  • Improved the object path when the object name appears with newline characters, replacing the new lines with spaces

  • Fixed synchronization issue in non UTC installations, where some modules weren’t being analyzed

  • Fixed name of preparation objects that in some cases were being shown with the fact name

  • Fixed deleted Modules and facts being shown in Code Analysis

  • Fixed the issue related with applications of a team not appearing in Code Analysis

  • Fixed link from Runtime performance screen to Code analysis that was not working for Query objects

  • Fixed Code analysis filters issue, that stopped working when a synchronization was running

  • Improved snoozed findings view in Dashboard to be filtered by team

  • In Dashboard (Team Leader View) the order on the Top Modules list was changed to use the new prioritization mechanism

  • Improved bulk snooze view on Dashboard: showing the number of snoozed findings per pattern with an option to see more details

Last_snooze.JPG

  • Improved Charts in Dashboard (Team Leader view)

TL_chart.JPG

LifeTime Plugin

Changes/Fixes

  • Changed the Probe type names to be self-explanatory:

    • DEV= Code Analysis

    • QA= Runtime Performance

    • PRD= Runtime Performance

  • Changed performance engine to support data model changes from LifeTime (version 10.0.804.0 onwards)

  • Changed API calls to support breaking changes made on the authentication mechanism used for communication between OutSystems Platform components due to a  security issue (10.0.816.0 onwards)

May 2018 (R1801)

Release date: 2018/05/25

This release focused on adding GDPR Compliance rules and regulations

SaaS

Code Analysis Patterns

  • Improved pattern "Avoid Hardcoded Literals" :

    • Exclude ".ValidationMessage" assigns and “Ids” being included in SQLs queries

  • Improved pattern “Inline CSS Style”, making sure that only extended properties with tag “Style” are detected, fixing a previously identified bug.

  • Improved “Query data in ViewState” pattern, excluding queries not used in screen actions but bounded to tables or list records with an ajax refresh

  • Improved the pattern "AvoidServerCalls" :

    • Added local variables to be checked

  • Improved the pattern "SitePropertyUpdate", excluding site properties being bootstrapped in timers

  • Improved "Disabled buttons pattern":

    • Added verification for Links

    • Check the extended property style "display:none"

Changes/Fixes

  • Implemented a new Registration Screen with GDPR mandatory consent to continue use of Trusted Advisor

  • Fixed login not being remembered as expected when the user selects “Remember me” option in the login screen

  • Changed application filter to order the list alphabetically

  • Added new icon to highlight the patterns runtime performance evidence and snooze findings

1.JPG

  • Added Code Analysis team filters (teams are defined in LifeTime)

Teams.JPG

  • Improved Presentation of Findings in a new Structure Tree

Findings.JPG

  • Last analysis info changed to be presented in the customer timezone

  • Added info icon with synchronization details (Last Analysis, Number of Espaces processed and Next Run)

sync_details.JPG

  • Added First and Last Button to Navigation Lists

navigation_buttons.JPG

  • When a new customer is registered, it shows a welcome message until the 1st sync runs

New Features

  • Team Leader View on Dashboard to Team Admin User Role (Team User Role defined in LifeTime)

TL_View.JPG

  • Project Evolution Chart in Team Leader View with “Open vs Closed” findings

Evolution_chart.JPG

  • Top Modules with findings

top_modules_findings.JPG

  • Last Snoozed Findings with Bulk Snooze feature

Bulk_Snooze.JPG

  • Added a new Snooze Reason, named “Dismissed” (only available for Team Admin User Role, defined in LifeTime)

snooze_dismiss.JPG

  • Ignored Modules list with the possibility to define your list of modules to be ignored (while ignored all facts contained in modules selected are marked as solved in next sync onward)

ignore_modules.JPG

add_modules.JPG

Add New Modules to ignore

LifeTime Plugin

Changes/Fixes

  • Added support for Oracle

  • Changed Probes Architecture to be GDPR complaint

  • Added the option to download the Performance JSON

download_Performance.JPG


December 2017 (R1712)

Release date: 2018/01/10

This release focused on the new recommendation prioritization algorithm, which was designed to help developers be more impactful by solving higher priority findings first, and in improvements to the findings correlation features.

Happy New Year!

SaaS

Code Analysis Patterns

  • No changes were made to code analysis patterns in this release

Changes/Fixes

  • New recommendation prioritization algorithm in Code Analysis
    • [UPDATE 2018/01/19] The new algorithm and screen has been enabled for all installations!
    • [UPDATE 2018/01/11] This new algorithm is being enabled for each customer installation, in a phased approach, to allow us to closely monitor it in each installation. You should see it enabled in your installation in a day or two. You can confirm you're seeing the new algorithm results by checking that the Code Analysis screen URL ends in "Rebuild_CodeAnalysisScreen.aspx"
    • Previously the algorithm that prioritized recommendations in Code Analysis view was only based on a fixed severity value associated with each pattern and the total number of recommendations of each pattern. This was a simplistic approach to prioritization that resulted in cases where more severe findings related with e.g. Architecture or Performance were shown below findings related with Maintainability (which are typically less severe). It also didn't account for the potential runtime performance impact that a finding may have (even though it bubbled up findings with performance impact to the top of the list).
    • The new prioritization algorithm takes into account several dimensions to most accurately determine the priority of a pattern and of the findings inside a pattern:
      • Severity values are now assigned at different levels like the pattern category, the pattern and may also have different values even per finding inside a pattern depending on the analysis rules
      • Runtime performance impact of findings is now one of the top values contributing to the prioritization allowing for easier troubleshooting of performance issues
      • Total number of findings of each pattern still counts towards the priority of the pattern (even though not as important as before)
      • Findings with runtime performance impact not only bubble up in the findings list inside a pattern (as before) but will now be ordered by descending average duration of their related performance findings
    • The ultimate goal of this new prioritization algorithm is that, just by going in a top-down approach of fixing the findings as shown in Code Analysis view, should help teams focus in the issues that may have a bigger overall impact in their solutions

TrAd-R1712-New Prioritization Algorithm-20180109.png

  • Improved correlation of recommendations between Code Analysis and Performance Analysis
    • The correlation message displayed under a finding in Code Analysis, when it is related with a performance finding, now includes more information like the number of performance findings related and the average duration of those events
    • This same message also now links to the Performance Analysis view and highlights the related performance findings (which may be more than one)

TrAd-R1712-Finding correlation link and highlight-20180109.png

  • Added Application filter in the Performance Analysis view
    • Also added the detail of the Application to which the screen's module belongs (when not filtering by a specific application)

TrAd-R1712-Application filter on Performance-20180109.png

  • Added links to the Code Patterns list and release notes in Knowledge Base to the user menu
    • Also added the release number to the user menu for easy reference
    • Removed duplicated information on last analysis timestamp and release number from screens

TrAd-R1712-KB links in user menu-20180109.png

  • Improved ability to identify screen or action widgets in the code finding widget path
    • Some widgets were not easily identifiable due to not having the Name property set in the module and were being shown only as "If" or "Button" for instance
      • Unnamed Web Block usages inside web screens now display the name of the Web Block itself
      • Unnamed Button widgets inside web screens/blocks now display their label
      • Unlabeled If widgets inside web screens/blocks or actions now display their condition

TrAd-R1712-Widget names in path-20180110.png

  • Fixed pagination of code findings being reset after snoozing a finding
  • Fixed average duration of performance events in Performance view being displayed as "0 ms" instead of the real decimal value (e.g. 0.5)
  • Fixed a situation on Discovery snapshot analysis that could result in modules not classified in Discovery to generate a finding in one of architecture layer violations patterns, when they should be considered only in the "Lack of module classification" pattern
  • Fixed some cases on module collection mechanism where some module versions may have not been collected, due to small time differences between SaaS and customer installation or errors in the previous synchronization
  • Minor performance improvements and cleanups (e.g. removed a few session variables and OnSessionStart logic)

LifeTime Plugin

Changes/Fixes

  • Improved collection of deleted modules and inactive users
    • Prior to this release of the plugin, all deleted modules and all inactive users were being collected and sent to the SaaS on every synchronization
    • This data is now cached on the plugin side and is only sent to SaaS once per day or when a module is deleted or a user is inactivated, in which case only that specific module or user is sent (which are relatively infrequent changes)
    • This reduces the size of the data collected and processed on each synchronization
  • Added timestamp of when modules are collected on plugin side to the data sent to SaaS

November 2017 (R1711)

Release date: 2017/12/15

Internal release containing only changes in back office and internal modules for improved configuration, scalability, monitoring and troubleshooting operations.

No changes were made to SaaS or Plugin.


October 2017 (R1710)

Release date: 2017/11/15

Update 2017/11/25: Added the top 50 components from OutSystems Forge to the modules ignored in code analysis. Any facts uncovered from analyzing these components will no longer be visible or accounted for.

This release focused in improving code analysis patterns and synchronization mechanisms, namely automatic adjustment of SaaS to an installation's time zone.

Thank you very much for all your feedback that allows us to keep improving!
P.S. Stay tuned for more news on the snooze feature!

SaaS

Code Analysis Patterns

  • New "Avoid hard-coded literals" Maintainability pattern
    • This one replaces the "Avoid hard-coded identifiers" pattern previously released, which was more limited and had many issues with false positives
    • All findings of the previous pattern were considered solved
  • Improved Performance patterns "Unlimited records in aggregate" and "Unlimited records in SQL query"
    • Eliminated false positives when aggregate/SQL is bound to ForEach, TableRecords, ListRecords or ComboBox widgets
    • Eliminated false positives when SQL query is being limited by using LIMIT (MySQL specific)
    • This is expected to substantially reduce the number of findings - current findings will be automatically dismissed the next time each eSpace changes and is analyzed by Trusted Advisor

Changes/Fixes

  • Increased time of snooze options
    • "False positive" is now 3 months - to be used when you think a specific finding was wrongly created by Trusted Advisor
    • "Discontinued" is now 6 months - to be used for findings of elements that are no longer in use - expectation is that they are cleaned during this period
    • "Other" is now 1 month - to be used when you want to snooze the finding for any other reason - e.g. it is a justifiable implementation but will be improved in the near future

TrAd-R1710-Snooze-reasons.png

  • Added snooze reason and comment (in tooltip) in details of snoozed code findings

TrAd-R1710-Snooze-details.png

  • Fixed "Discontinued" snooze reason not requiring a comment to be added
  • Fixed some cases where a code finding would not being shown in Code Analysis view, when opened from a related runtime finding in Performance view (e.g. code finding was snoozed or was not recent)
  • Several minor fixes and improvements to UI, filters and tooltips in Code Analysis view
  • Reduced number of instructions sent to plugin when a previous synchronization didn't finish successfully
    • There were specific situations where the plugin could repeatedly received the same instructions whenever a synchronization was not successful in SaaS side

LifeTime Plugin

Changes/Fixes

  • Added time zone information to the data collected in LifeTime Plugin
    • This information is then used in SaaS to automatically adjust the generation of instructions for the installation's time zone

September 2017 (R1709)

Release date: 2017/10/17

This release focused in adding new Mobile patterns and improving developer experience and scalability. There were also many additions/changes to the internal GAP reports and backoffice (not described here).

SaaS

Code Analysis Patterns

  • 2 new Performance patterns for Mobile applications:
    • "Avoid server calls" - Server actions being called in client events
    • "Non-optimized local data fetch" - Local data fetch performed in client events
  • 1 new Maintainability pattern:
    • "Avoid hard-coded identifiers"
  • Improved Maintainability pattern "Missing description on public element"
    • Added "is_active" (and similar) to exclusion list of attribute/parameter names not requiring description
    • Added to exclusion list cases of attributes/parameters that have an Id suffix and an identifier type
  • Fixed Architecture patterns to not include findings related to System applications (e.g. "Cyclic Reference between applications")

New Features

  • Unified login mechanism using an OutSystems account
    • From this release on, login must be done through an OutSystems (OS) account (and not a platform installation user, as it was until now)
    • Whenever the email of the logged in OS account is the same as the email of a user of a platform installation registered in Trusted Advisor, the users will be associated, effectively allowing that OS account to access that installation in Trusted Advisor
    • When a user opens Trusted Advisor via the plugin home screen, a token is sent to allow for association between the platform installation user logged into LifeTime and the OS account that will login to Trusted Advisor (if not already logged in)
    • For current Trusted Advisor users, follow these steps to keep access to your installations in Trusted Advisor:
      • Log in to Trusted Advisor with your OutSystems account (the one you use to log in to Community)
      • On first login, Trusted Advisor will try to automatically associate the OS account with your installation user(s) via email
      • If after this first login, there are any installations missing in your user menu, go to the Trusted Advisor plugin home screen, on each missing installation's LifeTime and click "Go To Trusted Advisor". Both logged in users will be automatically associated.

TrAd OutSystems Account Login

Changes/Fixes

  • UI changes to user menu when user has access to more than one platform installation and included link on how to add a platform installation to a user

TrAd-R1709-UserMenu.png

  • Fixed issue with last synchronization timestamp which could lead to getting only part of the module changes since the previous synchronization (when previous synchronization had errors or took too long)
  • Fixed issue with count of modules to be received from probe on each synchronization, which could lead to synchronization seemingly taking too long and timing out, even though it had finished successfully much earlier

LifeTime Plugin

Changes/Fixes

  • Changed "Go to Trusted Advisor" link in plugin home screen to open Trusted Advisor SaaS in a way that allows it to:
    • Associate the logged in user in LifeTime with the logged in user in Trusted Advisor SaaS (when not done already). This is necessary for the new SaaS unified login mechanism to work properly.
    • Redirect a user (after logged in in SaaS) directly to the findings of that specific installation
  • Added licensing information (customer name, current application object count and limit) to the data collected for each installation
  • Increased to 10 minutes the time that the probe will wait to get more instructions from SaaS when asked to. This will reduce the possibility in very large factories that SaaS hasn't generated further instructions when probe asks for them.

 

August 2017 (R1708)

Release date: 2017/09/04

This release was mostly focused in preparing Trusted Advisor to be used for creating reports for GAP (in an internal module). There were still a few improvements and optimizations, like the most requested feature: "application filter".

SaaS

Code Analysis Patterns

  • New Maintainability pattern: "Unidentified public action managing transaction"
    • Public actions that manage the database transaction (commit or abort) should have a description stating it to clearly identify them in consumers

New Features

  • Added ability to filter by Application in Code Analysis view
    • Filter icon will now also serve as "Clear filters" action and "Show or hide snoozed" filter was simplified to a button

Changes/Fixes

  • Changes to Code Analysis view
    • When applied filters yield no results, filters section is no longer hidden, so user can easily "clear filters"
    • Performance and CSS optimizations to Code Analysis view
    • Fixed Preparation element name not being shown in paths
  • Fixed a situation where some findings were being assigned to an extension module instead of an eSpace module - they would still appear in Code Analysis but would be difficult to filter
  • Fixed a situation where modules changed would not be correctly detected for a period of time (up to 3 hours) because the previous analysis process took too long or had errors

LifeTime Plugin

There were no changes to the LifeTime Plugin in this release.


July 2017 (R1707)

Release date: 2017/08/10

This release was mostly focused in improving scalability and reliability of the analysis engines. It also included many back office improvements to ease operations of Trusted Advisor.

SaaS

Code Analysis Patterns

  • New Architecture pattern: "Public entities should be exposed as read only"
  • Improved pattern "Missing description on public element"
    • Included check for missing descriptions on public Structure attributes
    • Added more cases to exclusion list of attribute/parameter names not requiring description
  • Added check for large resources in module to pattern "Large images" and renamed it to "Large image or resource"
  • Reviewed "Impact" and "How to Fix" content of several patterns

New Features

  • New "Already fixed" snooze reason
    • Use this snooze reason for cases where you've already applied Trusted Advisor's recommendation in your code and you want the recommendation to be removed from the list. The recommendation will be snoozed until the next analysis runs, at which time, if it was actually fixed, it will be considered solved and no longer appear in the list.
    • This reason replaced the "Reminder me tomorrow" reason

Changes/Fixes

  • Several performance and scalability improvements to Code and Architecture analysis engines
    • There were a few cases of Discovery and module analysis timeouts in SaaS, which prevented in these cases recommendations to be generated and shown to the user - these should no longer occur
  • Improved performance of element path widget (shown for each finding)
  • Some findings were incorrectly being shown as belonging to an Extension module, when they belonged to an eSpace module which internally had the same identifier
  • Renamed "Not working on it now" snooze reason to "Remind me later" (same snooze period)

LifeTime Plugin

There were no changes to the LifeTime Plugin in this release.

 


June 2017 (R1706)

Release date: 2017/07/19

This release was mostly focused in improving solution stability and probes installation and configuration experience. Included some quick-wins to improve analysis and address feedback received from early adopters and many back office changes.

SaaS

Code Analysis Patterns

  • Improved analysis on "Required description on public elements" pattern
    • Included checks for description in application, module, processes, timers, themes, site properties and session variables
    • Only the first occurrence of lack of description is reported if the element contains more than one
      • e.g. a public action with description set and with multiple input parameters without description set will result in only 1 occurrence of the pattern

New Features

  • Modules belonging to Trusted Advisor Probes (which are also published in customer installations) are now being ignored in analysis and won't be displayed or accounted for in pattern occurrences, which will lead to a reduction in total occurrences

Changes/Fixes

  • Mobile client entities and actions were not being properly displayed in pattern occurrences
  • Fixed missing "Learn More" content links in most patterns
  • Last analysis time is now displayed in the user's time zone
  • Streamlined UI for installation switcher and log out in user menu

  • Renamed menu options to "Code Analysis" and "Performance" (before they were "Development" and "Runtime")
  • Streamlined text and UI in title section
  • Added "beta" tag to header

LifeTime Plugin

New Features

  • New plugin home screen with a direct link to Trusted Advisor SaaS

  • Plugin is now time zone aware
    • Allows SaaS to properly communicate with probes with any time zone difference
    • All times displayed in Monitor screen are now in UTC time zone
    • For this reason, there is a new dependency on Time Zone component, that must be installed in Development and LifeTime environments
  • Improved configuration experience
    • SaaS API URL configured by default is now correct, avoiding the need to change URL when installing the plugin for the first time
    • Any further changes to SaaS API URL are now being validated by invoking the URL before making the change permanent
  • Reduced Application Object consumption of probes

Fixes

  • Removed unneeded validation of probe installation in environment, when activating probe in environments other than Development
    • Validation was intended to prevent activation of environments without Environment Probe installed, but for non-Development environments all data is collected from LifeTime, so no need for Environment Probe to be installed
  • Fixed encoding used in messages exchanged between SaaS and Probes to always be the same and not system dependent

 




May 2017 (R1705)

Release date: 2017/06/09

First release meant to be used internally by Services project teams. Focused in adding Architecture patterns, making improvements to the experience and reducing false positives following feedback received from early adopters.

SaaS

New Features

  • 9 first Architecture patterns implemented in code analysis
    • Orchestration module providing services
    • End user module providing services
    • Core Module consumed by libraries
    • Cyclic references between modules
    • Orchestration application providing services
    • End User application providing services
    • Core application consumed by Libraries
    • Cyclic references between applications
    • Lack of module classification
      • For Architecture analysis to be executed, Discovery version 2.0.9 (for P9.1) / 3.0.9 (for OS 10) or higher must be installed in Development environment 
  • New Maintainability category with first pattern implemented in code analysis
    • Required description on public elements
  • New "Analysis in progress" message is displayed at the top of the screen while an analysis is running

  • Last analysis execution time is now displayed at the top of the screen to make it easier to check if recommendations being shown are fresh
  • Announcement of a new release is shown the first time user logs in after a release containing a link to the release notes (link also at the bottom of the screen)

FixesFindings.JPG

  • Reduced false positive findings in "Unlimited records in SQL query" by no longer considering INSERT, UPDATE, DELETE or SELECT TOP/ROWNUM queries
    • Existing findings for queries with these patterns will be removed the next time the module is changed and analyzed
  • Fixed trend graphs shown per category in Code Findings screen displaying multiple lines when changing categories

LifeTime Plugin

New Features

  • Improved initial configuration and synchronization experience
    • In environment configuration, saving and activating probe are now 2 separate actions
    • Connection from LifeTime to environment probe is being tested before activating environment probe
    • First synchronization with SaaS after probe activation will happen automatically to register installation in SaaS

 




 

April 2017 (R1704)

Release date: 2017/05/04

This is a private early adopters release which marks the first release in the new monthly release scheme we've adopted for 2017. It has been mainly focused in incorporating feedback from early adopters and preparing TrAd for a public release planned for later in the year.

SaaS

New Features

  • Implemented 3 new Mobile exclusive patterns in code analysis:
    • Monolithic mobile UI
    • Server and client entities not isolated
    • Server calls without timeout
  • Expanded analysis scope to include server and client user actions for the following patterns (previously only done in Web Screen actions - this is expected to cause an overall increase in number of findings):
    • Inefficient empty list test
    • Inefficient query count
    • Dynamic inline parameter in SQL
    • Unlimited rows in Aggregate/SQL
    • Site property update
  • Added snooze finding feature to allow developers to snooze individual code findings for a specific amount of time depending on the reason selected. While snoozed, findings will not appear in code findings view unless the "Snoozed" filter checkbox is marked.
    • When snoozing a finding, a comment field is made available for the developer to further detail why it is is being snoozed
    • We encourage you to be particularly detailed when using "False Positive" or "Other" reasons since we'll be looking at those particularly to seek possible improvements

Trusted Advisor Snooze Finding

  • Added installation switcher feature available in header user menu to developers that have the same username and email in multiple installations. This removes the need to create a separate account in LifeTime for such developers to be able to use TrAd.

Trusted Advisor Installation Switcher

Fixes

  • Fixed typo in title of "Large variable in ViewState" pattern
  • Fixed snapshot creation and closing time not using UTC times which led to no code changes being detected when communicating with plugins using a different timezone than the TrAd server
  • Fixed favicon not displayed

Known Issues

  • Trend graphs shown per category in Code Findings screen are not properly displayed when changing categories

LifeTime Plugin

New Features

  • Added option to include or exclude system modules in OML sync
  • Was this article helpful?