Cloud-native ISCCR - Continuous Code Review for webMethods Integration

Overview

This article introduces a container-native implementation of webMethods ISCCR (Integration Server Continuous Code Review) — a solution designed to automate static code checks for Integration Server assets and seamlessly integrate with modern DevOps workflows.

Use-case

In most Integration Server implementations, development teams need to validate consistency, naming conventions, security usage, and performance patterns — manually or using checklist-based reviews.

This modernized ISCCR setup enables:

• Automated code reviews without deep tool coupling
• Seamless integration into CI/CD pipelines
• Dev-friendly execution via container, no IS required
• Common and configurable rulesets using options
• Better governance, faster reviews, and fewer surprises in PROD

Think of this as your friendly static reviewer that never sleeps and never approves a bad flow 🙂

Architecture & Flow

The new ISCCR setup is packaged as a Docker container, designed to be triggered in a build/test stage — typically after a developer commits Integration Server packages (pkg_) to version control.

📦 Developer commits IS assets →
🚀 CI pipeline builds repo →
🔍 ISCCR runs automated code checks →
✅ Results stored/reported (e.g. HTML, JSON, SARIF)

You can easily plug this into GitHub Actions, Azure DevOps, Jenkins, or even test locally.

Scope / Assumptions / Prerequisites

• Input: Exported webMethods IS packages (pkg_* folders)
• Review options: Defined as *.yml config under code_review_options
• Output: HTML/SARIF reports in code_review_results
• Containerized tool, no IS installation required
• Docker & Git environment set up
• Git repository name: wmio-isccr

Clone & Build

bash git clone https://github.ibm.com/webMethods-Accelerators/wmio-isccr.git

cd wmio-isccr docker

build -t isccr-image .

Run Review

bash

docker run \ -v ./options:/mnt/code_review_options \ -v ./review:/mnt/code_review \ -v ./results:/mnt/code_review_results \ isccr-image \ pkg_ pkg_

Where:

• ./options = contains rules.yml or other config files
• ./review = folder with exported IS packages (each starts with pkg_)
• ./results = destination for review output (HTML, JSON, SARIF etc.)

Sample Output

• ✅ HTML Report: Friendly browser-viewable summary
• 🔍 SARIF: Use with GitHub Security tab or VS Code plugin
• 📜 JSON: For further automation

Example Use in CI

You could insert the above docker run command as a job in:

• GitHub Actions workflow
• Azure DevOps YAML pipeline
• Jenkins declarative pipeline
• Pre-merge check

For example:

Benefits

• 💡 Consistent quality without manual reviews
• 🧪 Testable & repeatable
• ⚙️ Easy integration into existing pipelines
• 🔄 Central rule maintenance

What's Next

• 📦 Integrate into full DevOps workflow (webMethods.io + IS + ISCCR)
• ☁️ Offer as GitHub Action / Azure Task
• 🔧 Extend rule config and custom scripts
• 🔍 Add dashboards for trend tracking

Repository

• Source: wmio-isccr

💬 Get in Touch

If you're interested in adopting this approach, have feedback, or just want to geek out over DevOps and code quality — feel free to drop a comment or question below. Always happy to connect!