Cloud-native ISCCR - Continuous Code Review for webMethods Integration
Overview
This article introduces a container-native implementation of webMethods ISCCR (Integration Server Continuous Code Review) β a solution designed to automate static code checks for Integration Server (IS, MSR, Edge) assets and seamlessly integrate with modern DevOps workflows.
Use-case
In most Integration Server implementations, development teams need to validate consistency, naming conventions, security usage, and performance patterns β manually or using checklist-based reviews.
This modernized ISCCR setup enables:
- Automated code reviews without deep tool coupling
- Seamless integration into CI/CD pipelines
- Dev-friendly execution via container
- Common and configurable rulesets using options
- Better governance, faster reviews, and fewer surprises in PROD
Think of this as your friendly static reviewer that never sleeps and never approves a bad flow π
Architecture & Flow
The new ISCCR setup is packaged as a Docker container, designed to be triggered in a build/test stage β typically after a developer commits Integration Server packages (pkg_) to version control.
π¦ Developer commits IS assets β
π CI pipeline builds repo β
π ISCCR runs automated code checks β
β
Results stored/reported (e.g. JUNIT, SARIF, HTML etc.)
You can easily plug this into GitHub Actions, Azure DevOps, Jenkins, or even test locally.
Scope / Assumptions / Prerequisites
- Input: Exported webMethods IS packages (
pkg_* folders)
- Review options: Defined as
*.xml config under code_review_options
- Output: HTML/SARIF reports in
code_review_results
- Containerized tool, no IS installation required
- Docker & Git environment set up
- Git repository name: wmio-isccr
Clone & Build
bash
git clone https://github.ibm.com/webMethods-Accelerators/wmio-isccr.git
cd wmio-isccr
docker
build -t isccr-image .
Run Review
bash
docker run \
-v ./options:/mnt/code_review_options \
-v ./review:/mnt/code_review \
-v ./results:/mnt/code_review_results \
isccr-image \
pkg_ pkg_
Where:
./options = contains rules.xml or other config files./review = folder with exported IS packages (each starts with pkg_)./results = destination for review output (JUNIT, SARIF, HTML etc.)
Sample Output
- β
HTML Report: Friendly browser-viewable summary
- π SARIF: Use with GitHub Security tab or VS Code plugin
- π JUNIT: Use any JUNIT report parser for example VSCode plugin, Azure Testlab etc
Example Use in CI
You could insert the above docker run command as a job in:
- GitHub Actions workflow
- Azure DevOps YAML pipeline
- Jenkins declarative pipeline
- Pre-merge check
For example:
Benefits
- π‘ Consistent quality without manual reviews
- π§ͺ Testable & repeatable
- βοΈ Easy integration into existing pipelines
- π Central rule maintenance
What's Next
- π¦ Integrate into full DevOps workflow (webMethods.io + MSR/Edge + IS + ISCCR)
- βοΈ Offer as GitHub Action / Azure Task
- π§ Extend rule config and custom scripts
- π Add dashboards for trend tracking
Repository
π¬ Get in Touch
If you're interested in adopting this approach, have feedback, or just want to geek out over DevOps and code quality β feel free to drop a comment or question below. Always happy to connect!