Copyright 2013 Black Duck Software, Inc.
Code Estimation Tools Directions for a Services Engagement
Summary
Black Duck software provides two tools to calculate size, number, and category of files in a code base. This information is necessary when companies are interested in purchasing or participating in a Code Audit performed by Black Duck. These tools, when run over a file system (a directory or folder on a hard drive), provide output that Black Duck can use to determine the time and level of effort required for the services engagement.
Our Open Source audit is focused on finding open source and third party software within a code base. The primary focus is on finding open source code, but it will also frequently find third party commercial code as well. We have included instructions concerning what code typically should be part of the audit versus what code typically should not be part of the audit.
The tools
Depending on the OS running on the machine where the code base to be analyzed resides you can choose the tool you want to use. They both determine the size of the code base and the quantities of each file type. This information is needed to scope the effort and create the Statement-Of-Work (SOW).
MB Estimator
The MBE is available for Windows and Linux. It’s an executable you will install and then run against the code base to analyze.
The output of the tool is a single HTML file that can be emailed to Black Duck.
Bdsest.pl
This Perl script is available for Windows, Linux and Mac OS. No installation is required and it can be launched on a machine where Perl is already installed.
The output of the tool is a single text file that can be emailed to Black Duck.
Code Preparation
Place the files to be analyzed on a local file system (local relative to where you running the tool you chose) as performance file system tasks is not good over shared network drives. Files to be analyzed are:
1) All source code and third-party binary files. This includes the following (if appropriate): a. All Company Owned source
b. Third party source code c. Web files (HTML, etc…)
Copyright 2013 Black Duck Software, Inc. d. Script language files
e. All binary files in which dependencies exist. This includes (but is not limited to) static libraries, dynamic libraries, independent applications (exe files), installers and other objects. This includes binary files that are distributed and those in which dependencies exist, but are not distributed.
2) We would like to see redistributable packages from others (Tomcat, Visual C runtime, driver install helper, etc.) 3) In addition, we would like to see executable files built from other parts of the tree that are checked into source
control but NOT executable files checked in that you do not use
a. If you are distributing any executable files that are not your own proprietary binaries, then those files should be included. We don’t need to see your own executable files built from your own code (since we will be looking at the source code already). In the case of proprietary executable files from some other product of yours, we wouldn’t be able to identify them – so there isn’t much point of including them. 4) Document files that go with the software (readme files, license & copyright files, etc.)
5) Files to be analyzed do NOT need to include the actual build tools and build scripts, unless these are also distributed and/or contribute code to the application.
6) Files to be analyzed do NOT need to include the binaries that are produced by the build process, if the source for those binaries is also included. For example, any compiled object code, classes, jars derived from the build process and other files derived from the source code that is also analyzed.
7) Files to be analyzed do NOT need to include debugging tools.
8) Please run the tool you chose over each product separately (one report/product).
9) After running the tool, create an archive of the code base that the tool was run over and save it. When the audit is conducted, we will want to perform the audit on the exact same code base.
Using the MB Estimator
Installing
1) Download and install the MB Estimator tool. You can download the utility from
http://www.blackducksoftware.com/cet
Note that the tool requires your system have the X11 Development Package that is compatible with your JRE (either 32 or 64-bit).
2) Once installed, run the utility as described in the following section.
Running the tool
1. Click the Code Estimation tool icon or run bdsest to open the application. The Select Start Directory dialog displays.
Copyright 2013 Black Duck Software, Inc.
2. Click Browse. The Open dialog displays.
Copyright 2013 Black Duck Software, Inc.
3. Choose a file or path name for the application to search and click Open. The Select Start Directory dialog re-displays.
Figure 3 Begin Scan
4. Click Begin Scan. The Summary dialog displays initial results; you can view further details, save the report save to a file, or close the tool.
Figure 4 Select Start Directory Dialog
Note: Protex analysis options can be configured so that more code would be consumed than indicated by this
utility. Archive files (.zip, and .jar, for example) are left compressed when creating the estimate. We do not normally expand/analyze the contents of archives as part of the audit unless they are expanded prior to scoping the quantity of work. If you need us to analyze the contents of any of your archives, please expand them prior to running the Code Estimation Tool.
Copyright 2013 Black Duck Software, Inc.
5. Click Details. The Details dialog displays.
Figure 5 Details Dialog
6. Click Close and return to the Results dialog.
7. Click Save Estimate to save the results in an HTML file. View this file in a browser and if it is acceptable, please email this file to the appropriate Black Duck or third-party contact.
Figure 6 Saved Output File
8. Unless it is necessary, please do not edit the HTML output. We have automated tools designed to read the HTML output and editing the file will require a longer, manual process to scope the quantity of work.
Copyright 2013 Black Duck Software, Inc.
Using Bdsest.pl
On Linux or Mac OS
1. Download the Bdsest.pl script. You can download it from:
http://www.blackducksoftware.com/cet
2. Open a shell window and confirm the Perl location with the following command: which perl Default is /usr/bin/perl
3. Navigate to the folder and run the script using the following syntax: /usr/bin/perl <local path>bdsest.pl <code base path> > Estimation.out <local path> is the path to the folder where you saved the bdsest.pl script. <code base path> is the path to the code base to be scanned.
4. Open Estimation.out with any text editor to confirm the results, if it is acceptable, please email this file to the appropriate Black Duck or third-party contact.
On Windows
1. Download the Bdsest.pl script. You can download it from:
http://www.blackducksoftware.com/cet
2. Open a shell window and confirm the Perl location with the following command: C:\> dir perl.exe Default is C:\Perl64\bin\
3. Navigate to the folder and run the script using the following syntax:
C:\Perl64\bin\perl <local path>bdsest.pl <code base path> > Estimation.out <local path> is the path to the folder where you saved the bdsest.pl script. <code base path> is the path to the code base to be scanned.
4. Open Estimation.out with any text editor to confirm the results, if it is acceptable, please email this file to the appropriate Black Duck or third-party contact.
