Dear ABAP testers and troubleshooters,

I am setting up ATC to automate our code review process, and I am experiencing some spurious priority 1 and 2 errors being reported. I call these "false negatives" because ATC is reporting violations where none exist.

The first is coming from Extended Program Check: "Security check without a released licence" (misspelling of the word "license" is SAP's, not mine). I did some research and found OSS note 1985478, but that note is already in our system, so that doesn't help. I also read note 1865277, which directed me to note 1855773, which told me about the Code Vulnerability Analyzer, a spearately licensed product that we do not own and do not intend to purchase. It doesn't seem to matter which SLIN checks I have selected; if I run any SLIN checks I get this false negative result. Any clues on how to get rid of this "false positive" priority 1 message?

The second false positive is coming from the Code Inspector checks I have configured. It is coming from both the "Naming Conventions" and the "Extended Naming Conventions for Programs" checks: "Inconsistent Name ... PROGRAM/REPORT". The first oddity is that there is no program/report naming convention input field in the Naming Conventions check! Now, I have entered a regular expression in the "Framework programs" section of Extended naming conventions, in the Reports field: "Z[A-Z][A-Z][RIOCEF]_*". An example of a program name that complies with our standard--and should pass this test--is "ZBCE_ZTABLE_ACCESS", but when I run ATC on this program it gives me the aforementioned false negative check messages. When I put this regular expression and program name into the REGEX Toy program, it finds the text string as expected, so I believe that my regular expression is correct. Any clues as to what I'm doing wrong here?

Any and all suggestions are welcome.

Cheers,

TerryB

P.S. We are on ECC 7.31, SP 13.