Q247 Enterprise Plugin
Priviledges
Plugin runs in a local directory, and does not require superuser access. While running it creates temporary directories in the current directory to which code history and increments are downloaded which are automatically removed when code analysis and effort calculation is completed.
It also runs a local database that stores configuration and connection parameters and also key repository informations for interconnectivity.
The plugin does not access any folders outside it’s home folder.
Firewall rules
Following firewall rules are required to be configured on the server for plugin to operate:
Outgoing rules
| Source host | Source port | Destination host | Destination port | usege |
|---|---|---|---|---|
<plugin host> | any | <your-git-repository-address> | 443 | Plugin connects via https to retrieve your git repository data |
<plugin host> | any | any | 443 | Plugin sends increments' footprints via https to central panel. Plugin retrieves SCM configurations and information about repositories to be scanned. |
Incoming rules
All incoming traffic must be blocked.
Data Exchange
All data exchanged between Q247 Enterprise Plugin and Q247 Management Portal is secured with HTTPS with following specification:
Minumum TLS Version: 1.2
Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
HTTPS Only: yes
Following information is exchanged between Q247 Enterprise plugin and Q247 Management Portal.
Increment related informations:
- Remote repo information (URL) (string)
- Commiter information (usually full name, email) (string)
- Increment effort vector (array of numbers)
- Increment calory score (number)
- Algorithm information (string)
- Q247 Project/account information (string)
- Calories Model & Version information (string)
Repositories related informations:
- git server address (string)
- git access token (string)
- repositories information (name, url, group name, status) (string)
Code Repositories access
Access to source code repositories is handled by appropriate access tokens that plugin uses to connect to repository. Only read only access is required so tokens must be configured in SCM accordingly.
Plugin will read all repositories (eventual limitations is managed in SCM system or via approriate token configuration) and will also locally read history of increments from repositories.