- AEMaaCS Home
- Overview
- Release Notes
- Release Information
- AEMaaCS Feature Release Notes
- AEMaaCS Maintenance Release Notes
- Release Notes for Cloud Manager
- Current Release Notes
- 2023
- 2022
- Release Notes for 2022.12.0
- Release Notes for 2022.11.0
- Release Notes for 2022.10.0
- Release Notes for 2022.9.0
- Release Notes for 2022.8.0
- Release Notes for 2022.7.0
- Release Notes for 2022.6.0
- Release Notes for 2022.5.0
- Release Notes for 2022.4.0
- Release Notes for 2022.3.0
- Release Notes for 2022.2.0
- Release Notes for 2022.1.0
- 2021
- Release Notes for 2021.12.0
- Release Notes for 2021.11.0
- Release Notes for 2021.10.0
- Release Notes for 2021.9.0
- Release Notes for 2021.8.0
- Release Notes for 2021.7.0
- Release Notes for 2021.6.0
- Release Notes for 2021.5.0
- Release Notes for 2021.4.0
- Release Notes for 2021.3.0
- Release Notes for 2021.2.0
- Release Notes for 2021.1.0
- 2020
- Release Notes for Migration Tools
- Release Notes for Workfront for Experience Manager enhanced connector
- What is New?
- Notable Changes in AEM Cloud Service
- Deprecated and Removed Features
- Deprecated APIs
- Prerelease Channel
- Security
- Onboarding
- AEM as a Cloud Service Migration Journey
- Getting Started with moving AEM as a Cloud Service
- Readiness Phase
- Implementation Phase
- Go Live
- Post Go Live
- Migration Guide to Experience Manager as a Cloud Service for Partners
- Cloud Acceleration Manager
- Cloud Transition Tools
- Best Practices Analyzer
- Content Transfer Tool
- Overview
- Prerequisites for Content Transfer Tool
- Guidelines and Best Practices for Using Content Transfer Tool
- Getting Started with Content Transfer Tool
- Validating Content Transfers
- Handling Large Content Repositories
- User Mapping and Principal Migration
- Extracting Content from Source
- Ingesting Content into Target
- Viewing Logs for a Migration Set
- Deleting a Migration Set
- Running the Content Transfer Tool on a Publish Instance
- Troubleshooting Content Transfer Tool
- Code Refactoring Tools
- Sites
- AEM Sites as a Cloud Service
- Notable Changes to AEM Sites in AEM Cloud Service
- Authoring
- Getting Started
- Headless Content Author Journey
- Authoring Fundamentals
- Environment and Tools
- Adding Page Annotations
- Creating a New Site
- Creating and Organizing Pages
- Editing Page Content
- The Rich Text Editor
- Page Properties
- Previewing Content
- Publishing Pages
- Content Fragments
- Experience Fragments
- Export to CSV
- Components
- Authoring for Mobile Devices
- Creating Accessible Content (WCAG 2.1 Conformance)
- Troubleshooting
- Keyboard Shortcuts
- Authoring Features
- Projects
- Launches
- Workflows
- Personalization
- Personalization Overview
- Previewing Pages Using ContextHub Data
- Authoring Targeted Content Using Targeting Mode
- Working with Targeted Content in Multisites
- How Multisite Management for Targeted Content is Structured
- Managing Activities
- Managing Audiences
- Creating and Managing Offers (Offers Console)
- Understanding Segmentation
- Configuring Segmentation with ContextHub
- Registration, Login, and User Profile
- Administering
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Content Fragments Console
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Content Fragments Console - Keyboard Shortcuts
- Site Creation
- Administering Workflows
- Reusing Content
- MSM and Translation
- Multi Site Manager
- Translation
- Sites Translation Journey
- Headless Translation Journey
- Translating Content for Multilingual Sites
- Preparing Content for Translation
- Managing Translation Projects
- Language Copy Wizard
- Identifying Content to Translate
- Configuring the Translation Integration Framework
- Connecting to Microsoft Translator
- Translation Best Practices
- Content Fragments
- Integrating with AEM as a Cloud Service
- Integrating with Adobe Analytics
- Integrating with Adobe Analytics Automated Setup
- IMS Configuration for use when Integrating with Adobe Analytics
- Integrating with Adobe Learning Manager
- Integrating with Adobe Target
- IMS Configuration for use when Integrating with Adobe Target
- Exporting Content Fragments to Adobe Target
- Exporting Experience Fragments to Adobe Target
- Integrating with Adobe Campaign
- Assets
- Assets as a Cloud Service
- Overview and what’s new
- Notable Changes to Assets as a Cloud Service
- Assets architecture
- Supported file formats
- Overview of asset microservices
- Accessibility in Assets
- Manage digital assets
- Micro-Frontend Asset Selector
- Share assets
- Monitor activities and DAM tasks
- Get started using asset microservices
- Add and upload assets
- Search assets
- Common asset management tasks
- Manage publication
- Preview 3D assets
- Smart tags for images
- Smart tag your video assets
- How to organize assets
- Use Adobe Stock assets
- Manage collections
- Metadata overview
- Integrate with Adobe Creative Cloud
- How to add or edit metadata
- Review folder assets and collections
- Use and configure Assets Insights
- Metadata profiles
- Metadata schema
- Manage video assets
- Reuse assets using MSM
- Download assets
- Check-in and check-out assets to edit
- Create and share private folders
- Digital Rights Management for assets
- Watermark assets
- Process assets using Creative Cloud APIs
- Color tags for images
- Manage PDF documents
- Configure, administer, and extend Assets
- Developer docs and APIs references
- Folder metadata schema
- Work with image and video profiles
- Configure transcription for audio and video assets
- Translate assets
- Search facets
- Assets HTTP API
- Content Fragments support in Assets HTTP API
- Connected Assets
- Generate For Placement Only renditions
- Asset reports
- Cascading metadata
- XMP metadata
- MediaLibrary capabilities
- Import and export asset metadata
- Configure asset upload restrictions
- Share and distribute assets
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Dynamic Media
- Dynamic Media Journey: The Basics
- Dynamic Media newsletter archive by Experience League
- Set up Dynamic Media
- Work with Dynamic Media
- Configure Dynamic Media
- Optional - Configure Dynamic Media, General Settings
- Optional - Configure Dynamic Media, Publish Setup
- Troubleshoot Dynamic Media
- Configure a Dynamic Media Alias Account
- Accessibility in Dynamic Media
- Manage Dynamic Media assets
- Best practices for optimizing the quality of your images
- Image Profiles
- Video Profiles
- Manage Dynamic Media Image Presets
- Apply Dynamic Media Image Presets
- Manage Dynamic Media Viewer Presets
- Apply Dynamic Media Viewer Presets
- Batch Set Presets
- Invalidate the CDN cache by way of Dynamic Media
- Invalidate the CDN cache by way of Dynamic Media Classic
- Smart Imaging
- Smart Imaging with client-side Device Pixel Ratio
- Deliver Dynamic Media assets
- Activate hotlink protection in Dynamic Media
- 3D Support
- Dynamic Media limitations
- Image Sets
- Panoramic Images
- Mixed Media Sets
- Spin Sets
- Video in Dynamic Media
- Carousel Banners
- Interactive Images
- Interactive Videos
- 360 VR Video
- Integrate Dynamic Media Viewers with Adobe Analytics and Adobe Experience Platform Tags
- Create custom pop-ups using Quickview
- Deliver optimized images for a responsive site
- Preview Dynamic Media assets
- Add Dynamic Media assets to pages
- Embed the Dynamic Video or Image viewer on a web page
- Link URLs to your web application
- Use Rulesets to transform URLs
- Publish Dynamic Media assets
- Work with Selective Publish in Dynamic Media
- Work with Selectors
- HTTP2 Delivery of Content FAQ
- Flash Viewers End-of-Life
- DHTML Viewers End-of-Life
- Integration with Adobe Workfront
- Forms
- Overview
- Setup and migrate
- Integrate
- Adaptive Forms
- Authoring Adaptive Forms - Core Components
- Authoring Adaptive Forms - Foundation Components
- Convert your PDF forms to Adaptive Forms
- Create an Adaptive Form
- Add components to an Adaptive Form
- Configure layout and apply style to an Adaptive Form
- Add rules and use expressions in an Adaptive Form
- Use Adobe Sign
- Configure Submit Actions and metadata submission
- Prefill Adaptive Form fields
- Generate Document of Record
- Add support for new locales to an adaptive form
- Add or improve metadata
- Improve accessibility of an Adaptive Form
- Configure Forms Portal
- Create and manage reviews
- Forms Centric Workflows
- Communications APIs
- Developer API Reference
- Troubleshooting
- Screens
- AEM Screens as a Cloud Service
- Overview to Screens as a Cloud Service
- Onboarding to Screens as a Cloud Service
- Configuring Screens as a Cloud Service Project
- Creating Content
- Managing Player and Registration
- Using Core Product Features
- Developing in Screens as a Cloud Service
- Screens as a Cloud Service FAQs
- Content and Commerce
- Headless
- What is a Headless CMS?
- Introduction to AEM Headless
- Developer Portal (Additional Resources)
- Setup
- Content Fragments
- GraphQL API
- Content Fragments REST API
- Security
- Deployment
- Headless Journeys
- Headless Developer Journey
- Understand Headless in AEM
- Learn about CMS Headless Development
- Getting Started with AEM Headless as a Cloud Service
- Path to your first experience using AEM Headless
- How to model your content as AEM Content Models
- How to access your content via AEM delivery APIs
- How to update your content via AEM Assets APIs
- How to put it all together
- How to go live with your headless application
- Optional - How to create single page applications with AEM
- Developer Portal (Additional Resources)
- Headless Content Architect Journey
- Headless Translation Journey
- Headless Content Author Journey
- Headless Developer Journey
- Implementing
- Implementing Applications for AEM as a Cloud Service
- Using Cloud Manager
- Programs
- Creating an AEM Application Project
- Managing Environments
- Managing your Code
- Environment Variables
- Cloud Manager CI-CD Pipelines
- Deploying Your Code
- Understanding your Test Results
- Accessing and Managing Logs
- SLA Reporting
- New Relic One
- Notifications
- SSL Certificates
- Custom Domain Names
- IP Allow Lists
- License Dashboard
- Cloud Manager FAQs
- Developing for AEM as a Cloud Service
- AEM Project Structure
- AEM Project Repository Structure Package
- AEM as a Cloud Service SDK
- AEM Rapid Development Environments
- AEM as a Cloud Service Development Guidelines
- Logging
- Configurations and the Configuration Browser
- AEM Technical Foundations
- API Reference Materials
- Generating Access Tokens for Server Side APIs
- Quick Site Creation and Front-End Customization
- Developing Sites with the Front-End Pipeline
- Customizing Site Templates and Themes
- Headful and Headless in AEM
- Full Stack AEM Development
- Getting Started Developing AEM Sites - WKND Tutorial
- Structure of the AEM UI
- Sling Cheatsheet
- Using Sling Adapters
- Using the Sling Resource Merger in AEM as a Cloud Service
- Overlays in AEM as a Cloud Service
- Using Client-Side Libraries
- Page Diff
- Editor Limitations
- Naming Conventions
- Components and Templates
- AEM Tagging Framework
- Building Tagging into AEM Applications
- Search
- Custom Error Pages
- AEM Node Types
- Headless Experience Management
- Hybrid and SPA Development
- Hybrid and SPA with AEM
- Enabling JSON Export for a Component
- SPA Introduction and Walkthrough
- SPA WKND Tutorial
- Getting Started using React
- Getting Started using Angular
- SPA Deep Dives
- Developing SPAs for AEM
- SPA Editor Overview
- SPA Blueprint
- SPA Page Component
- Dynamic Model to Component Mapping
- Model Routing
- The RemotePage Component
- Editing an External SPA within AEM
- Composite Components in SPAs
- Server Side Rendering
- Enabling JSON Export for a Component
- Launch Integration
- SPA Reference Documents
- Developer Tools
- Personalization
- Configuring and Extending AEM as a Cloud Service
- Extending AEM with App Builder
- Extending Experience Fragments
- Customizing and Extending Content Fragments
- Content Fragments Configuring Components for Rendering
- Customizing the Content Fragment Console
- Manage Search Forms
- Configure Rich Text Editor
- Configure the RTE plug-ins
- Configure RTE to create accessible sites
- Deploying to AEM as a Cloud Service
- Author Tier
- Preview Tier
- Content Delivery Overview
- Connectors
- Operations
- Compliance
- Universal Editor
Code Quality Testing
Learn how code quality testing of pipelines works and how it can improve the quality of your deployments.
Introduction
Code quality testing evaluates your application code based on a set of quality rules. It is the primary purpose of a code-quality only pipeline and is executed immediately following the build step in all production and non-production pipelines.
Refer to the document Configuring Your CI-CD Pipeline to learn more about different types of pipelines.
Code Quality Rules
Code quality testing scans the source code to ensure that it meets certain quality criteria. This is implemented by a combination of SonarQube and content package-level examination using OakPAL. There are over 100 rules, combining generic Java rules and AEM-specific rules. Some of the AEM-specific rules are created based on best practices from AEM Engineering and are referred to as custom code quality rules.
You can download the complete list of rules with this link.
Three-Tiered Ratings
Issues identified by code quality testing are assigned to one of three categories.
-
Critical - These are issues which cause an immediate failure of the pipeline.
-
Important - These are issues which cause the pipeline to enter a paused state. A deployment manager, project manager, or business owner can either override the issues, in which case the pipeline proceeds, or they can accept the issues, in which case the pipeline stops with a failure.
-
Info - These are issues which are provided purely for informational purposes and have no impact on the pipeline execution
In a code quality only pipeline, important failures in the Code Quality gate cannot be overridden since the code quality testing step is the final step in the pipeline.
Ratings
The results of this step is delivered as Ratings.
The following table summarizes the ratings and failure thresholds for each of the critical, important and information categories.
| Name | Definition | Category | Failure Threshold |
|---|---|---|---|
| Security Rating | A = No vulnerabilities B = At least 1 minor vulnerability C = At least 1 major vulnerability D = At least 1 critical vulnerability E = At least 1 blocker vulnerability |
Critical | < B |
| Reliability Rating | A = No bugs B = At least 1 minor bug C = At least 1 major bug D = At least 1 critical bug E = At least 1 blocker bug |
Critical | < D |
| Maintainability Rating | Defined by the outstanding remediation cost for code smells as a percentage of the time that has already gone into the application
|
Important | < A |
| Coverage | Defined by a mix of unit test line coverage and condition coverage using the formula: Coverage = (CT + CF + LC)/(2*B + EL)
|
Important | < 50% |
| Skipped Unit Tests | Number of skipped unit tests | Info | > 1 |
| Open Issues | Overall issue types - Vulnerabilities, Bugs, and Code Smells | Info | > 0 |
| Duplicated Lines | Defined as the number of lines involved in duplicated blocks. A block of code is considered duplicated under the following conditions. Non-Java Projects:
|
Info | > 1% |
| Cloud Service Compatibility | Number of identified cloud service compatibility issues | Info | > 0 |
Refer to SonarQube’s Metric Definitions for more detailed definitions.
To learn more about the custom code quality rules executed by Cloud Manager, please refer to the document Custom Code Quality Rules.
Dealing with False Positives
The quality scanning process is not perfect and will sometimes incorrectly identify issues which are not actually problematic. This is referred to as a false positive.
In these cases, the source code can be annotated with the standard Java @SuppressWarnings annotation specifying the rule ID as the annotation attribute. For example, one common false positive is that the SonarQube rule to detect hardcoded passwords can be aggressive about how a hardcoded password is identified.
The following code is fairly common in an AEM project, which has code to connect to some external service.
@Property(label = "Service Password")
private static final String PROP_SERVICE_PASSWORD = "password";
SonarQube will then raise a blocker vulnerability. But after reviewing the code, you recognize that this is not a vulnerability and can annotate the code with the appropriate rule ID.
@SuppressWarnings("squid:S2068")
@Property(label = "Service Password")
private static final String PROP_SERVICE_PASSWORD = "password";
However, if the code was actually this:
@Property(label = "Service Password", value = "mysecretpassword")
private static final String PROP_SERVICE_PASSWORD = "password";
Then the correct solution is to remove the hardcoded password.
While it is a best practice to make the @SuppressWarnings annotation as specific as possible, i.e. annotate only the specific statement or block causing the issue, it is possible to annotate at a class level.
While there is no explicit security testing step, there are security-related code quality rules evaluated during the code quality step. Refer to the document Security Overview for AEM as a Cloud Service to learn more about security in Cloud Service.
Content Package Scanning Optimization
As part of the quality analysis process, Cloud Manager performs analysis of the content packages produced by the Maven build. Cloud Manager offers optimizations to accelerate this process, which are effective when certain packaging constraints are observed. Most significant is the optimization performed for projects that output a single content package, generally referred to as an “all” package, which contains a number of other content packages produced by the build, which are marked as skipped. When Cloud Manager detects this scenario, rather than unpack the “all” package, the individual content packages are scanned directly and sorted based on dependencies. For example, consider the following build output.
all/myco-all-1.0.0-SNAPSHOT.zip(content-package)ui.apps/myco-ui.apps-1.0.0-SNAPSHOT.zip(skipped-content-package)ui.content/myco-ui.content-1.0.0-SNAPSHOT.zip(skipped-content-package)
If the only items inside myco-all-1.0.0-SNAPSHOT.zip are the two skipped content packages, then the two embedded packages will be scanned in lieu of the “all” content package.
For projects that produce dozens of embedded packages, this optimization has been shown to save upwards of 10 minutes per pipeline execution.
A special case can occur when the “all” content package contains a combination of skipped content packages and OSGi bundles. For example, if myco-all-1.0.0-SNAPSHOT.zip contained the two embedded packages previously mentioned as well as one or more OSGi bundles, then a new, minimal content package is constructed with only the OSGi bundles. This package is always named cloudmanager-synthetic-jar-package and the contained bundles are placed in /apps/cloudmanager-synthetic-installer/install.
- This optimization does not impact the packages which are deployed to AEM.
- Because the matching between the embedded content packages and the skipped content packages is based on file names, this optimization cannot be performed if multiple skipped content packages have exactly the same file name or if the file name is changed while embedding.
Business.Adobe.com resources
Resources
Adobe Account
