Page tree
Skip to end of metadata
Go to start of metadata

 

Analysis and Measurement Cookbook
Improving Analysis Consistency and Repeatability

On this page:

Overview and objectives

The Analysis Cookbook contains all essential information for the user to make full use of CAST Application intelligence Platform (CAST AIP) for performing application source code analysis.  This cookbook assumes the point of view of the end users and includes a description of the system functions and capabilities, contingencies and alternate modes of operation, and step-by-step procedures for system access and use.  

In particular this document provides specific guidelines for using CAST AIP that:

  • improve consistency and quality of analysis results regardless of the AIA's skills
  • detail a "one-way-to-do-it" that applies to 80% of the applications to be analyzed

These guidelines are based on the CAST recommended analysis process depicted below:

Both the initial application analysis with CAST AIP (a.k.a. on-boarding) and re-analysis of a new version/release are supported by this process.  Compliance to the analysis process is a key condition to ensure an accurate application analysis. Volatility and inconsistency of analysis output are often the results of situation including:

  • skipped steps,
  • inconsistent use of product features,
  • differences in analysis strategies and configurations,
  • differences in AIA skills.

Strict adherence and compliance to the recommended process greatly improve the analysis output.

Note about "Initial analysis/ on-boarding"

The initial analysis (aka on-boarding) of an application with CAST AIP requires a special process to address some unique challenges associated with:

  • the application's technical qualification
  • setting up a procedure for the extraction and delivery of the application source code
  • the configuration of the application analysis in CAST AIP to accommodate special cases and the application's unique characteristics

To stay true to our objectives, we will focus on standard supported technologies and "off the shelf" capabilities. All other situations (the remaining 20%) will be considered out of scope of this document. These situations may be addressed by senior and experienced consultants on an ad hoc basis with ad hoc documentation.

While some of the principle described apply to all version of CAST AIP, this document will refer specifically to the use of CAST AIP 7.2.

Who this cookbook is for?

This document is mainly intended for CAST Admins (AIAs) who want or need to learn about how to perform an analysis with CAST AIP leveraging CAST's known best practices. It has been written from the perspective of the CAST Admin and provides pragmatic recommendations and guidelines on how to perform the analysis of a software application with CAST AIP.

Beyond the CAST Admin, section 1. Application qualification and version delivery (see below for further details) is also relevant to application team Delivery Managers and others participants in the registration, scheduling and delivering of the application source code that is selected for analysis with CAST AIP.

What this cookbook covers...

This cookbook covers the entire analysis process from the initial analysis kick-off with the Application team, to the publication of the analysis results. It also discuss the automation to support a more efficient re-analysis of new releases/versions of an application. There are two main sections as follows:

Application qualification and version delivery

1. Application qualification and version delivery discusses the initial kick-off with the Application owner and the technical qualification of the application. In addition we discuss how to deliver the Application source code. The section is divided into various sections:

  • Step 1 discusses the creation of the Domain/Application in the CAST AIC Portal and definition of the Application Owner and Delivery Managers
  • Step 2 and 3 discuss the initial kick-off with the Application owner and the technical qualification of the application with the key stakeholders in the development team to assess CAST AIP's "out of the box" analysis support and gather all the information required to completely configure the analysis. These activities can be performed in different ways and do not directly rely on the use of CAST AIP. Likewise, they are often translated into operational procedures that are customized to the target organization's operating framework. As such, this chapter provides a collection of CAST recommended best practices and tools that could serve as guidance and ready to use solutions supporting an initial deployment or may suggest improvements to an existing process.
  • Step 4 discusses the CAST Delivery Manager Tool download and source code packaging (responsibility of the application team's Delivery Manager) via the Source Code Delivery Guide for Application Teams.

Application analysis process with CAST AIP

  • Step 1 discusses the acceptance and validation of the source code delivered by the Application Team's Delivery Manager(s), the validation of the automatically suggested settings defined by the CAST Delivery Manager Tool discovery and the configuration of the analysis in the CAST Management Studio. Also in this section we discuss how to organize your portfolio so that analysis result data is displayed as required in the CAST Engineering Dashboard and CAST Application Analysis Dashboard.
  • Step 2 deals with the analysis execution from explaining best practices to running the analysis in various ways: test mode, analysis only, snapshot generation. A further section explains how to validate and fine tune the analysis. This later section covers the validation of the configuration via inspection of the analysis logs, the review and validation of Dynamic Links and the various analysis options (e.g. XXL Table, user security data flow, Modules, etc.). Also in this section is an in-depth discussion about best practices and solutions for resolving missing and broken transactions. Finally, this section also includes a library of simple workarounds and enrichment packages successfully deployed to address the most common scenarios identified by CAST consultants over several Automated Function Point analysis performed on behalf of our Clients.
  • Step 3 deals with analysis automation: both the creation of an automation script for source code extraction and delivery as well as for the analysis execution.

Previous:
Next: 1. Application qualification and version delivery

  • No labels