/application-portfolio-auditor

Application Portfolio Auditor is a tool assessing cloud readiness, quality, and security of large sets of apps. It gathers and aggregates insights of multiple software analyzers.

Primary LanguageShellApache License 2.0Apache-2.0

Application Portfolio Auditor

Application Portfolio Auditor is an open-source assessment tool that automates and simplifies the audit of large sets of applications. By leveraging up to 15 analysis tools, it generates comprehensive reports helping you to quickly gain insights on your applications and build an effective application modernization roadmap.

Key features:

  • Comprehensive CLI: The audit Command Line Interface (CLI) lowers the barriers to reliably analyze a large set of applications.

  • Hardened by default: Systematically validates prerequisites and pre-configures analysis tools following best practices.

  • Wide variety of applications supported: Covers most modern programming languages (Java, Python, .NET, NodeJS) and analyzes as well source as compiled binaries.

  • Combined intelligence: Harnesses and combines insights of up to 15 free and open-source application analysis tools.

  • Aggregated summaries: Generates static HTML pages connecting all results to help you understand your portfolio from different perspectives such as cloud-readiness, security, languages used, licensing, and quality.

  • Portable results: Exports reports as exploded directory, ZIP files, Kubernetes or Cloud-Foundry deployments.

Getting Started

Follow these steps to get started with Application Portfolio Auditor:

  1. Clone the repository:
$ git clone git@github.com:vmware-tanzu/application-portfolio-auditor.git
  1. Install prerequisites:
$ cd application-portfolio-auditor
$ ./audit setup

Note: This command automates the installation of all required prerequisites. It automatically configures based on the detected operating system (MacOS, Ubuntu, or CentOS) and requires sudo rights. The process may take several minutes to complete.

  1. Retrieve necessary tools and frameworks:
$ ./audit download

Note: This command downloads the required resources from the Internet and builds multiple Docker images locally. The process may take several minutes to complete.

  1. Generate your first report:
    1. Download a test application: mkdir -p apps/test; wget -P apps/test https://repo1.maven.org/maven2/org/codehaus/cargo/simple-ear/1.10.9/simple-ear-1.10.9.ear
    2. Start the analysis ./audit run -a -g test
    3. Open the index.html file in the created reports/TIMESTAMP directory to view the generated reports.
    4. Start the Cloud Suitability Analyzer backend by executing ./launch_csa_ui.sh in the reports/TIMESTAMP directory. All other reports are static files.
    5. Explore the reports, findings, and tool capabilities!

Frequently Asked Questions

What are the technical prerequisites to run the tool?
This table summarizes all prerequisites to use Application Portfolio Auditor:
Category Mininum Recommended
Operating System CentOS, Ubuntu or MacOS Latest version installed
RAM 16+ GB 32 GB
Disk 100+ GB SSD disk
CPU 8+ Cores / vCPUs -
Chips Intel or Apple silicon -
Internet Available for setup and updates Available during the analysis
What types of applications can be analyzed?
Most modern application implemented leveraging modern programming languages are supported (Java, Python, .NET, NodeJS). As well binaries as source code can be analyzed.
Where can I learn more and find the documentation?
Please check the ABOUT.md page.
I have an issue, what should I do?
First, make sure that you are meeting all prerequisites. Especially ensure you have enough RAM allocated to your docker environment.

If a restart, some cleanup or a glance at the documentation does not further helps, you can create an issue on GitHub. For specifics on what to include in your report, please follow the pull request guidelines above and share:

  • What happened: Also tell us, what did you expect to happen.
  • Version used: What version of application-portfolio-auditor are you running.
  • Environment: What Operating System, Chip (Intel/Apple Silicon) is the software running on.
  • Any other potentially relevant information like the browser of JDK used.

Contributing

The Application Portfolio Auditor project team welcomes contributions from the community. If you wish to contribute code and you have not signed our Contributor License Agreement, our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. For more detailed information, refer to CONTRIBUTING.md.

License

Application Portfolio Auditor is released under the Apache License 2.0. For more detailed information, please refer to the LICENSE file.