Remote Code Vulnerability Analysis in ATC

You are a customer or partner of SAP and intend to check your own custom ABAP code for security risks.

Scope of Documentation

This documentation describes the functionality and the usage of additions to ATC tools that are used for remote Code Vulnerabilty Analysis (in short: CVA). These tools address in particular the execution of remote security checks in SAP NetWeaver releases SAP_BASIS > = 7.00 using the established ATC framework.

Target Audience

AS ABAP System Administrators

ABAP Quality Experts

ABAP Developers

Availability of (Remote) CVA

Bear in mind that the CVA is not available as part of the standard SAP NetWeaver delivery. SAP NetWeaver Application Server, add-on for code vulnerability analysis is a separate, fee-based product. Accordingly, there are additional license costs. For more details, have a look at SAP Note 1855773 Information published on SAP site .

Contents

Usage Scenario and Technical Requirements

Assigning System Role

Configuring Object Providers

Configuring Run Series in the Central System

Scheduling Run Series in the Central System

Viewing Results in the ATC Result Browser

Managing Exemptions in the Remote ATC Scenario

Glossary