With SAP BTP ABAP Environment 2105 we delivered the basic scope of ATC exemptions. Now you can create and approve ATC exemptions using ADT in Eclipse and transport them between different SAP BTP ABAP Environment systems.
NOTE: In order to incorporate feedback from early adapters before making this functionality free available for all, it is currently available via the feature toggle. You need to create a customer ticket on the BC-CP-ABA component to turn it on in your SAP BTP ABAP Environment system.
Let’s take a look at the ATC exemption process in detail. The following class contains the hard-corded user name and will be checked with the ABAP Test Cockpit for security violations:
As a result, the following security risk ATC error will be reported in the ATC Problems View:
Now it is possible to request an exemption for this ATC finding using the corresponding context menu:
You probably already know this wizard from applying for exemptions in ADT in your on-premise SAP systems. Currently the scope of the ATC exemption in SAP BTP ABAP Environment is limited to the finding:
After choosing Next on the second page of the wizard, you can enter Reason and add Justification:
Then you can select the transport request on the next page and finish the creation of the ATC exemption, which will then be displayed in the new ADT exemption editor, where you can edit it further (e.g. change the validity date). After saving your changes in the exemption object, you can send the link (Share Link) to your exemption to the approver:
You will notice that the new exemption development object is created in the same package as the object it refers to, and is now visible in your Project Explorer under the ABAP Test Cockpit node:
We created a new development object for the ATC exemption to support CI/CD scenarios in SAP BTP ABAP Environment. This way, ATC exemptions can be transported together with the source code.
After you shared the ADT link to the exemption (e.g. per E-Mail):
the approver can open it in his/her ADT in Eclipse and by clicking on the Class (ABAP Objects) navigate to the class, rerun the ATC over it and e.g. verify that the ATC exemption which he/she gets is the same as requested (by comparing the Checksums), enter Assessment and approve it finally:
After approval and rerun of ATC the finding about the security risk error does not appear anymore in the ATC results since it was exempted:
In order to see the exempted ATC finding again you can use the corresponding menu:
If you now go to the Transport Organizer view, you will see this ATC exemption within a task in your transport request. The transport request can be released, and the ATC exemption will be transported across your SAP BTP ABAP Environment systems:
Source: sap.com
No comments:
Post a Comment