Need a tool to perform static application code analisys, for an IT security audit. Something like SonarCube or Fortify, to go over all our custom C# in BPM/customizations/UBAQs in on-prem E10.2. (We have ~10KLoCs in BPMs and such)
Any suggestions would be much appreciated! Thanks!
I dont have a tool suggestion, but I can suggest that you can use a BAQ to Query the BPM tables in Epicor and extract all the code with the BAQ. I have used this technique to search out BPMs for certain field or logic that I cannot find.
Thank you!
You can go to BPM and select the generate source code checkbox which takes the custom code and drops it to a file then you can easily attach it to a visual studio project and have it scanned
Should work for BPM Functions and UBAQs
On that note if you are on the latest versions.