If at any point you would like some help, join us in Slack! You'll find the AppMap team there, along with other AppMap users.
Make sure to install the AppMap App from the GitHub Marketplace before you start the installation process.
AppMap can work within GitHub Actions to collect, store, analyze, and report on the behavioral changes within each Pull Request. AppMap will analyze the changes in your application on each pushed commit or pull request. AppMap performs a thorough analysis of the runtime differences, giving you:
Configuration of the AppMap GitHub Action happens inside a branch and can be easily tested in a Pull Request before merging any code changes to the mainline branch. This allows users to easily test AppMap in the environment before deploying across the repository.
Installing the AppMap GitHub App into your repository will allow the AppMap installer to properly detect your repositories for installation. Your data is your data, AppMap does not store your code or any AppMaps that are generated. For more details about AppMap security controls, review the Security FAQ.
AppMap runs as a GitHub Action in your project. Add AppMap to a project with an existing GitHub workflow that runs tests successfully. Choose if you would like to install AppMap manually into your project or use the automated AI assisted installation.
Granting AppMap access to your repositories allows AppMap to complete an automated installation for your project. For the automated installation to be successful you’ll need an existing GitHub workflow which builds and tests your application successfully.
Note: If you do not currently have a GitHub Action that can run your test cases, refer to the GitHub documentation to build an Action that will execute your test cases.
Follow the steps in the AppMap installation process to complete the AppMap Installation. AppMap will add a Configuration Report as a comment in the initial pull request.
The initial AppMap report will give you details about:
After completing the initial configuration report, AppMap will analyze your entire source code repository. In this report AppMap will display recently introduced code flaws and problems. A sample of all the problems that were found in the AppMaps are listed in order of when they were most likely introduced, with most recent first.
Congratulations! You’ve successfully set up the AppMap GitHub Action and can now merge this into your project to make it available for every other developer to use on each of their subsequent pull requests.
To see AppMap in action, create a draft pull request with some changes that you don’t plan to merge. Some suggested changes include:
AppMap will execute runtime code analysis on every pull request in this repository.
AppMap comes with a comprehensive set of rules that are categorized by their impact on applications: Performance, Reliability, Maintainability, Stability, and Security.
You can refer to the AppMap Documentation for more information about all the rules that are available within AppMap.
To enable additional rules simply add them to an
appmap-scanner.yml file in the root of your project directory and commit it to your project.
This is a sample
appmap-scanner.yml file which you can use to enable or disable certain AppMap analysis rules. Rules can be disabled by commenting them out with the
- rule: authz-before-authn
# - rule: circular-dependency
- rule: deprecated-crypto-algorithm
- rule: deserialization-of-untrusted-data
- rule: exec-of-untrusted-command
- rule: http-500
# - rule: illegal-package-dependency
# - equal: actionpack
# equal: app/controllers
# - rule: incompatible-http-client-request
# - rule: insecure-compare
# - rule: job-not-cancelled
- rule: logout-without-session-reset
# - rule: missing-authentication
- rule: missing-content-type
- rule: n-plus-one-query
# - rule: query-from-invalid-package
# - rule: query-from-view
# - rule: rpc-without-circuit-breaker
# - rule: save-without-validation
- rule: secret-in-log
# - rule: slow-function-call
# timeAllowed: 0.2
# - match: Controller#create$
# - rule: slow-http-server-request
# timeAllowed: 0.5
# - rule: slow-query
# timeAllowed: 0.05
- rule: too-many-joins
- rule: too-many-updates
# - rule: unbatched-materialized-query
- rule: unauthenticated-encryption
- rule: update-in-get-request
Add these changes to Git and commit and put them into the PR branch.
$ git add .
$ git commit -m "ci: Add customized scanner configuration"
Push the changes upstream to your branch which updates the Pull Request.
$ git push
The AppMap analysis report will be updated on the completion of the build and a new report will be displayed.
For more details about AppMap GitHub Actions refer to the reference documentation