1. Developing Oracle JET Apps Using MVVM Architecture
  2. Audit Oracle JET App Files

18 Audit Oracle JET App Files

An Oracle JET audit runs against the app files of your JET project and performs a static analysis of the source code from an Oracle JET perspective. Audit diagnostic messages result from an invocation of the Oracle JET Audit Framework (JAF) command-line utility and are governed by rules that are specific to a JET release version.

Oracle JET Audit Framework (JAF) relies on the configuration file created by the JET tooling when you invoke the JAF initialization command ojaf --init in a Command Prompt window on the JET app.

The oraclejafconfig.json file that you create when you initialize Oracle JAF the first time defines the properties that you can use to control many aspects of your JET app audit. For example, by configuring the JAF audit, you can perform the following.

  • Specify the JET version when you want to use audit rules that are specific to a JET version. This is configured by default as the JET version of the app to be audited.

  • Specify the file set when you want to exclude app directories and file types. This is configured by default to include all files of the app to be audited.

  • Invoke custom audit rules that are user-defined and assembled as a JAF rule pack for distribution.

  • Prevent specific audit rules from running in the audit or limiting the audit to only rules of a certain severity level.

  • Include the metadata of Oracle JET Web Components to audit the HTML files of your app's custom components.

  • Control the JavaScript source code to audit based on JAF comments that you embed in your source files.

  • Work with the output of the audit to customize the presentation of audit messages or to suppress audit messages.

The properties in the oraclejafconfig.json file configuration settings are up to you to specify. By doing so, you can fine-tune the audit to focus audit results on only the source that you intend. Multiple configuration files can created for specific runtime criteria or projects. The configuration files are JSON format, but JavaScript style comments are permitted for documentation purposes. The configuration file to be used can be specified on the command-line.

Each time you run the audit from a Command Prompt window, Oracle JAF searches the directory in which you initiated the audit for the JAF configuration file oraclejafconfig.json. If no configuration file is found there, then JAF processes only HTML files found in the current directory. In that case, the default JAF configuration settings are used for the audit.

If the built-in audit rules provided with the JAF installation do not meet all the diagnostic requirements of your app, you can write custom audit rules to extend JAF. You implement user-defined audit rules as JavaScript files. The JAF API allows you to register event listeners and handle the audit context created by JAF on the file set of your JET projects. Custom audit rules can be assembled into distributable rule packs and invoked by developers on any Oracle JET app.

For more information about JAF, see Using and Extending the Oracle JET Audit Framework.