Report Bundles and Call Graphs
The Report Bundle, better described within the overview section, is generated on a per build basis and its artifacts are created to be consumed by the Reshift servers. The artifacts are serialized into a proprietary format. To send the report bundle to the server, the Reshift-plugin requires a unique reporter token, generated during the Add Project steps. If a report token is supplied to the Reshift-plugin, the Reshift-plugin will establish an encrypted TLS 1.2 connection between the build machine and one of the Reshift servers. Once a successful connection has been established, the Reshift-plugin will use the encrypted channel to send the report bundle. The Reshift servers will deserialize the information within the report bundle and discard the original report bundle leaving no trace of information within the server. The data within the report bundle is stored within an encrypted database housed within a secure data center.
The code graphs, better known as static call graphs within the software development community are the graphical representation of the source code. They outline the interconnections between subroutines within a computer program. They consist of a node and a vertex representing a relationship between a caller and a callee within a software program. The important point to note is that call graphs are a byproduct of the source code itself, and the conversion between source code and code graphs have varying degrees of precision. There are many tools to generate code graphs from source code, however, there is currently no tool available today to convert code graphs back into their source code counterpart. Reshift generates code graphs of the source code being analyzed and transmits them to the Reshift server to be analyzed for security violations against its global knowledge base.