Summary: This page provides information about the Action Plan Recommendation feature.
This feature is currently in BETA.
The Action Plan Recommendation is a feature designed to help you automatically build an Action Plan to improve the score of a chosen Health Factor (Business Criteria). In short, for a given Health Factor, you can configure one of the "remediation targets" listed below and the Action Plan Recommendation will automatically suggest a list of violations to be added to the Action Plan for future correction. The correction of the suggested violations will match the desired remediation target when a new snapshot is generated and therefore improve the grade of the chosen Health Factor. Available remediation targets:
- The number of violations you want to fix, OR
- The amount of effort in man/days you would like to "spend" on fixing the violations
- The feature requires a login with the QUALITY_MANAGER role.
- This feature supports Health Factors introduced by the following industry standard extensions:
- This feature is supported only in AIP versions ≥8.3.29
- This feature does not work for old snapshots (the "APR" and "download data as excel file" icons are disabled)
How does it work?
The Action Plan Recommendation uses an optimization algorithm to build an Action Plan according to the target you want to achieve. This algorithm functions as follows for each of the available remediation targets:
- You select a specific number of violations to fix: the system will search for an Action Plan (i.e. a list of violations) that matches (where possible) the selected number of violations and that maximizes the grade/score of the chosen Health Factor.
- You select a specific effort: the system will search for an Action Plan (i.e. a list of violations) that matches with the selected total effort and that maximizes the grade/score of the chosen Health Factor.
This algorithm attempts to solve a "combinatorial optimization problem". This means that the perfect solution (i.e. Action Plan or list of violations) is unknown, and the algorithm will try to find the very best solution it can by selecting the best result using the three heuristics (grade/score, number of violations and effort). As a result, the algorithm may find a solution (i.e. Action Plan or list of violations) which may differ slightly from your requested remediation target.
- As soon you re-select or deselect a rule in the interface the algorithm will re-compute the action plan recommendation. Depending on the rules you have already excluded, some rules may be added/removed by the algorithm compared to a previous recommendation.
- The effort is calculated for a number of objects and does not depend on the number of objects to fix (especially for cost complexity).
- An effort "unit" is set by a hard coded rule. The value of the effort unit depends on the parent Technical Criterion of the rule.
- By default, all rules that belong to the same Technical Criterion are set with the same effort unit.
- By default, an initial remediation target is set when the interface is first opened - this is to correct one violation - if you already have violations added to Action Plan, this initial remediation target will be set to correct one additional violation.
Calculation of the remediation effort
The remediation effort of a rule is determined as follows:
- For ISO rules the remediation effort applied is deduced from its ISO characteristic
- For CISQ rules, the remediation effort applied is deduced from its CISQ characteristic
- For other rules, the remediation effort applied is deduced from the technical criterion of the rule (see the table below)
For a rule, the total remediation effort proposed by the Action Plan Remediation feature is: (the remediation effort) x (average number of occurrences of violations) x (number of violations to be corrected).
The total remediation effort
The remediation effort is an estimate to be used to select an action plan. It cannot claim to have a predictive value. In reality, it is necessary to take into account the technology (a C++ remediation effort will be different from a COBOL remediation), the development practices (unit tests, integration tests, etc.), the level of competence of the teams, the functional or technical complexity (backend, frontend).
Default efforts by technical criterion:
Documentation - Naming Convention Conformity
12 minutes (0.2 x 60 minutes)
Documentation - Volume of Comments
24 minutes (0.4 x 60 minutes)
Complexity - Dynamic Instantiation
30 minutes = (0.5 x 60 minutes)
Local Impact & Sensitive changes
Programming Practices - Unexpected Behavior'
1 hour = (1 x 60 minutes)
Global Impact & Sensitive Change
Efficiency - SQL and Data Handling Performance
2 hours = (2 x 60 minutes)
Very Sensitive changes
Complexity - OO Inheritance and Polymorphism
3 hours= (3 x 60 minutes)
The difference with the OMG Technical Debt calculation is as follows:
- OMG Technical Debt is limited to CISQ, while the Action Plan Remediation feature makes a calculation for all CISQ and non-CISQ rules (except if one explicitly selects the CISQ scope).
- OMG Technical Debt is adjusted for each object according to its characteristics (e.g. cyclomatic complexity) - the Action Plan Remediation feature does not make this adjustment due to calculation time.
- OMG Technical Debt is adjusted as close as possible to the number of occurrences of violations - the Action Plan Remediation feature is based on an average of occurrences of violations for reasons of calculation time.
Accessing the Action Plan Recommendation
The Action Plan Recommendation feature can be accessed from the Action Plan using the icon in the top right corner:
Action Plan Recommendation interface
Click to enlarge
|Select Health Measure|
This option provides a drop down list of the available Health Factors to target for grade improvement. By default the Total Quality Index Health Factor will be selected. Choose the required Health Factor in the drop down:
This option allows you to Improve Total Security Compliance (in%).
|Compliance (in %) slider|
The Compliance slider indicates the target Compliance (in %) you would like to achieve for the chosen Health Factor (Compliance percentage go from 0 (worst) to 100 (best)):
When you select Compliance (in %) from the Improve Total Quality Index drop-down, Minimize (Violations and Effort) option gets disabled.
|Select a Module|
This option provides the drop down list of the available Modules, by default "All Modules" is selected. Users can specify the improvement scope to the application, which is the "All Module" option, or any particular module can be selected from the module dropdown.
|Compliance manual entry|
This option indicates the target Compliance you would like to achieve for the chosen Health Factor (Compliance percentage go from 0 (worst) to 100 (best)):
|Violation manual entry|
This option indicates the number of violations that you want to fix:
|Effort manual entry|
This option indicates the amount of effort in man/days you would like to "spend" on fixing the violations:
The FINALIZE button will add all the violations for selected rules into the Action Plan. In the following example, 7 violations have been added to the Action Plan:
Click to enlarge
Note that the Comment in the Action Plan will be populated automatically and will describe the target remediation, for example:
|Exclude previously selected criterias (available in ≥ 2.11.3)|
This option (when enabled) will exclude all rules that have ALREADY been added to the Action Plan, i.e. enabling the option will remove all rules from the recommendation list that are already listed in Action Plan. By default the option is not enabled, therefore you may find that rules that you have already added to the Action Plan will be listed in the Recommendation List:
|Action Plan Recommendation list|
This section lists the rules that the Action Plan Recommendation algorithm thinks are the best match for the target remediation. You can sort each column in ascending or descending order by clicking on the column header.