This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

Extension ID

com.castsoftware.omg-atdm

What's new?

See OMG-CTDM - 2.0 - Release Notes.

Description

Release ≥ 2.x of this extension uses CTDM (Contextual Technical Debt Measure) to calculate Technical Debt values. CTDM is a recognized nomenclature for a customized ATDM (Automated Technical Debt Measure) as described in chapter 6.3 of the OMG ATDM specification 1.0, see: https://www.omg.org/spec/ATDM/1.0/PDF. For this extension, CTDM uses a combination of remediation effort produced by the ISO-5055 measure and remediation effort produced by CAST Imaging Core. This means that the number of rules taken in to account by this release of the extension is higher than in release 1.x of the extension (ATDM), which only considered "CISQ" Business Criteria. As a direct result, Technical Debt values will be higher for release ≥ 2.x of the extension and are therefore not comparable with release 1.x. You can see a list of Technical Criteria used by the extension below.

The technical debt values are computed for all violations which have an entry with a remediation effort at Business Criteria or Rule level. Effort is taken in to account in the following order:

Therefore:

  • If an effort exists at rule level, then this effort is applied for the rule 
  • If an effort exists at CISQ level then this effort is applied 
  • if an effort exists for the rule at ISO-5055 level then this effort is applied
  • otherwise effort from CAST Imaging Core is applied.

Technical Debt is calculated as follows: at the object/rule level and then aggregated at Rule, Technical Criterion, Business Criterion, Module and Application level. The details at rule level are computed on demand by default, this means the results are not stored at the object and rule level - this is to reduce the volume of generated data and to improve performance.

Note that this extension is not a replacement for the built-in Technical Debt measures included in CAST Imaging Core "out-of-the box". Indeed both the existing Technical Debt measures and this extension can be used at the same time. In other words, the installation of this extension does not mean that the calculation of the existing Technical Debt measures will be disabled.

Compatibility and requirements

ProductReleaseRequiredNotes
CAST Imaging Core≥ 8.3.34(tick)For 8.3.34 - 8.3.36, ISO remediation efforts are not available, however, default ISO remediation efforts (as provided in 8.3.37) will be used instead.
Dashboard/RestAPI≥ 2.3.1(tick)-
com.castsoftware.omg-ascqm-indexAnyRecommended If the ISO-5055 extension is not installed, only the Technical Criteria from CAST Imaging Core will be used to generate the Technical Debt values.

com.castsoftware.cisq-index

AnyOptionalOnly required if you want to ALSO view ATDM values (which are based on CISQ Index) as in version 1.x.

OMG-ATDM version

VersionSupported
2.0 (October 2021)(tick)

Download and installation instructions

The extension will not be automatically downloaded and installed in CAST Imaging Console. If you need to use it, should manually install the extension.

Assessment Model

The extension calculates the following metrics as Sizing Measures:

Metric IDNameDescription
1062010

OMG-ATDM: Number of occurrences

An occurrence (or Pattern Occurrence) designates a single instance of a Source Code Pattern (or Pattern) representing a weakness that has been implemented in the measured software.  This sizing measure keeps, per snapshot, the number of occurrences per object, rule, Technical Criterion and Business Criterion.

  • ATDM is calculated as defined with CISQ patterns:
    • ASCMM
    • ASCRM
    • ASCPEM
    • ASCSM
  • CTDM is calculated as defined with CAST TQI patterns and ISO-5055 patterns
1062011OMG-ATDM: Complexity

The Complexity - or Effort Complexity - of the code elements implementing an Occurrence is qualification information that is measured according to the Effort Complexity definition from the Automated Enhancement Points (AEP) specification. (AEP).

1062012OMG-ATDM: Exposure

The Exposure of an Occurrence is qualification information that measures the level of connectedness of the Occurrence with the rest of the software, both directly and indirectly through call paths.

1062013OMG-ATDM: Concentration

Concentration is qualification information that measures the number of Occurrences within any Code Element in the software.

1062014OMG-ATDM: Technological Diversity

The Technological Diversity of an Occurrence is qualification information that measures the number of distinct programming languages in which the code elements included in a single occurrence of a source code pattern are written.

1062015OMG-ATDM: Gap Size

In the context of patterns which rely on roles that model values and threshold values that are not to be exceeded, the gap between these values must be closed to remediate this weakness; the Occurrence Gap Size is the extent of the gap, measured as the difference between the values and the thresholds.

1062016OMG-ATDM: Adjustment Factor

Adjustment Factor is computed based on qualification measures.

1062020OMG-ATDM: Adjusted Remediation EffortRemediation Effort designates the time required to remove an occurrence – or a set of occurrences – of a Technical Debt Item from the software. It covers the coding activity as well as unit/non-regression testing activities.
1062030OMG-ATDM: Remediation Effort ADDED-
1062032OMG-ATDM: Remediation Effort DELETED-

How are results calculated?

Predefined Un-Adjusted Remediation Effort

Configuration data is loaded to have the remediation effort for each pattern ( CISQ, ISO-5055, CAST TQI ). This is called Un-Adjusted Remediation Effort. The unit of effort is minute. The effort taken in to account by CTDM for each pattern is EFFORT_DEFAULT. E.g.:

Un-Adjusted Remediation Effort
STANDARD : CISQ
PATTERN : ASCPEM-PRF-15
EFFORT_DEFAULT: 90
EFFORT_MIN: 30
EFFORT_MAX: 210
EFFORT_UNIT: MIN 

Un-Adjusted Remediation Effort
STANDARD : ISO-5055
PATTERN : CWE-125
EFFORT : 30

For all violations of pattern ASCPEM-PRF-15, the Un-Adjusted Remediation Effort is equal to 90 minutes. 

For all violations of pattern CWE-125 , the Un-Adjusted Remediation Effort is equal to 30 minutes. 

Scope

  • For each of the violations, the number of occurrences and related objects are collected, with related technologies.
  • For a violation of type Bookmark, the number of occurrences corresponds to the number of bookmarks and the related object is the main object of the violation.
  • For a violation of type Path, the number of occurrences corresponds to the number of paths, and the related objects are the main object of the violation, plus all related objects in the path(s)

The table below lists the Technical Criteria used by this extension:

StandardTagIDNameEffort value
AIPNULL61001Architecture - Multi-Layers and Data Access60
AIPNULL61013Architecture - Object-level Dependencies180
AIPNULL61004Architecture - OS and Platform Independence60
AIPNULL66009Architecture - Reuse180
AIPNULL61009Complexity - Algorithmic and Control Structure Complexity60
AIPNULL61029Complexity - Dynamic Instantiation30
AIPNULL61029Complexity - Dynamic Instantiation60
AIPNULL61031Complexity - Empty Code12
AIPNULL66008Complexity - Functional Evolvability120
AIPNULL61010Complexity - OO Inheritance and Polymorphism180
AIPNULL61011Complexity - SQL Queries120
AIPNULL61026Complexity - Technical Complexity60
AIPNULL61027Dead code (static)24
AIPNULL61008Documentation - Automated Documentation12
AIPNULL61007Documentation - Bad Comments12
AIPNULL61017Documentation - Naming Convention Conformity12
AIPNULL61006Documentation - Style Conformity12
AIPNULL61028Documentation - Volume of Comments24
AIPNULL66068Efficiency - Expensive Calls in Loops120
AIPNULL61018Efficiency - Memory, Network and Disk Space Management60
AIPNULL61019Efficiency - SQL and Data Handling Performance120
AIPNULL61014Programming Practices - Error and Exception Handling60
AIPNULL61015Programming Practices - File Organization Conformity60
AIPNULL61020Programming Practices - Modularity and OO Encapsulation Conformity60
AIPNULL61003Programming Practices - OO Inheritance and Polymorphism60
AIPNULL61024Programming Practices - Structuredness24
AIPNULL66069Programming Practices - Unexpected Behavior60
AIPNULL66063Secure Coding - API Abuse30
AIPNULL66066Secure Coding - Encapsulation60
AIPNULL66062Secure Coding - Input Validation60
AIPNULL66065Secure Coding - Time and State60
AIPNULL66064Secure Coding - Weak Security Features30
AIPNULL61022Volume - Number of Components60
AIPNULL61023Volume - Number of LOC60
ISO-5055CWE-10411061105CWE-1041 - Use of Redundant Code40
ISO-5055CWE-10421061106CWE-1042 - Static Member Data Element outside of a Singleton Class Element120
ISO-5055CWE-10431061107CWE-1043 - Data Element Aggregating an Excessively Large Number of Non-Primitive Elements120
ISO-5055CWE-10451061108CWE-1045 - Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor90
ISO-5055CWE-10461061109CWE-1046 - Creation of Immutable Text Using String Concatenation30
ISO-5055CWE-10471061110CWE-1047 - Modules with Circular Dependencies300
ISO-5055CWE-10481061111CWE-1048 - Invokable Control Element with Large Number of Outward Calls360
ISO-5055CWE-10491061112CWE-1049 - Excessive Data Query Operations in a Large Data Table360
ISO-5055CWE-10501061113CWE-1050 - Excessive Platform Resource Consumption within a Loop180
ISO-5055CWE-10511061114CWE-1051 - Initialization with Hard-Coded Network Resource Configuration Data120
ISO-5055CWE-10521061115CWE-1052 - Excessive Use of Hard-Coded Literals in Initialization30
ISO-5055CWE-10541061116CWE-1054 - Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer120
ISO-5055CWE-10551061117CWE-1055 - Multiple Inheritance from Concrete Classes180
ISO-5055CWE-10571061118CWE-1057 - Data Access Operations Outside of Expected Data Manager Component180
ISO-5055CWE-10581061119CWE-1058 - Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element120
ISO-5055CWE-10601061120CWE-1060 - Excessive Number of Inefficient Server-Side Data Accesses240
ISO-5055CWE-10621061121CWE-1062 - Parent Class with References to Child Class120
ISO-5055CWE-10641061122CWE-1064 - Invokable Control Element with Signature Containing an Excessive Number of Parameters180
ISO-5055CWE-10661061123CWE-1066 - Missing Serialization Control Element40
ISO-5055CWE-10671061124CWE-1067 - Excessive Execution of Sequential Searches of Data Resource150
ISO-5055CWE-10701061125CWE-1070 - Serializable Data Element Containing non-Serializable Item Elements90
ISO-5055CWE-10721061126CWE-1072 - Data Resource Access without Use of Connection Pooling300
ISO-5055CWE-10731061127CWE-1073 - Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses300
ISO-5055CWE-10741061128CWE-1074 - Class with Excessively Deep Inheritance300
ISO-5055CWE-10751061129CWE-1075 - Unconditional Control Flow Transfer outside of Switch Block90
ISO-5055CWE-10771061130CWE-1077 - Floating Point Comparison with Incorrect Operator40
ISO-5055CWE-10791061131CWE-1079 - Parent Class without Virtual Destructor Method90
ISO-5055CWE-10801061132CWE-1080 - Source Code File with Excessive Number of Lines of Code180
ISO-5055CWE-10821061133CWE-1082 - Class Instance Self Destruction Control Element60
ISO-5055CWE-10831061134CWE-1083 - Data Access from Outside Expected Data Manager Component90
ISO-5055CWE-10841061135CWE-1084 - Invokable Control Element with Excessive File or Data Access Operations180
ISO-5055CWE-10851061136CWE-1085 - Invokable Control Element with Excessive Volume of Commented-out Code30
ISO-5055CWE-10861061137CWE-1086 - Class with Excessive Number of Child Classes300
ISO-5055CWE-10871061138CWE-1087 - Class with Virtual Method without a Virtual Destructor50
ISO-5055CWE-10881061139CWE-1088 - Synchronous Access of Remote Resource without Timeout90
ISO-5055CWE-10891061140CWE-1089 - Large Data Table with Excessive Number of Indices240
ISO-5055CWE-10901061141CWE-1090 - Method Containing Access of a Member Element from Another Class40
ISO-5055CWE-10911061142CWE-1091 - Use of Object without Invoking Destructor Method30
ISO-5055CWE-10941061144CWE-1094 - Excessive Index Range Scan for a Data Resource360
ISO-5055CWE-10951061145CWE-1095 - Loop Condition Value Update within the Loop60
ISO-5055CWE-10961061146CWE-1096 - Singleton Class Instance Creation without Proper Locking or Synchronization60
ISO-5055CWE-10971061147CWE-1097 - Persistent Storable Data Element without Associated Comparison Control Element90
ISO-5055CWE-10981061148CWE-1098 - Data Element containing Pointer Item without Proper Copy Control Element40
ISO-5055CWE-11211061149CWE-1121 - Excessive McCabe Cyclomatic Complexity120
ISO-5055CWE-1191061021CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer40
ISO-5055CWE-1201061022CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')30
ISO-5055CWE-1231061023CWE-123 - Write-what-where Condition30
ISO-5055CWE-1251061024CWE-125 - Out-of-bounds Read30
ISO-5055CWE-1291061025CWE-129 - Improper Validation of Array Index50
ISO-5055CWE-1301061026CWE-130 - Improper Handling of Length Parameter Inconsistency30
ISO-5055CWE-1311061027CWE-131 - Incorrect Calculation of Buffer Size60
ISO-5055CWE-1341061028CWE-134 - Use of Externally-Controlled Format String60
ISO-5055CWE-1701061029CWE-170 - Improper Null Termination50
ISO-5055CWE-1941061030CWE-194 - Unexpected Sign Extension60
ISO-5055CWE-1951061031CWE-195 - Signed to Unsigned Conversion Error60
ISO-5055CWE-1961061032CWE-196 - Unsigned to Signed Conversion Error60
ISO-5055CWE-1971061033CWE-197 - Numeric Truncation Error60
ISO-5055CWE-221061010CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')60
ISO-5055CWE-231061011CWE-23 - Relative Path Traversal60
ISO-5055CWE-2481061034CWE-248 - Uncaught Exception50
ISO-5055CWE-2521061035CWE-252 - Unchecked Return Value50
ISO-5055CWE-2591061036CWE-259 - Use of Hard-coded Password90
ISO-5055CWE-3211061037CWE-321 - Use of Hard-coded Cryptographic Key120
ISO-5055CWE-361061012CWE-36 - Absolute Path Traversal60
ISO-5055CWE-3661061038CWE-366 - Race Condition within a Thread120
ISO-5055CWE-3691061039CWE-369 - Divide By Zero60
ISO-5055CWE-3901061040CWE-390 - Detection of Error Condition Without Action50
ISO-5055CWE-3911061041CWE-391 - Unchecked Error Condition50
ISO-5055CWE-3921061042CWE-392 - Missing Report of Error Condition50
ISO-5055CWE-3941061043CWE-394 - Unexpected Status Code or Return Value50
ISO-5055CWE-4011061044CWE-401 - Missing Release of Memory after Effective Lifetime180
ISO-5055CWE-4041061045CWE-404 - Improper Resource Shutdown or Release180
ISO-5055CWE-4071061046CWE-407 - Inefficient Algorithmic Complexity120
ISO-5055CWE-4151061047CWE-415 - Double Free90
ISO-5055CWE-4161061048CWE-416 - Use After Free90
ISO-5055CWE-4241061049CWE-424 - Improper Protection of Alternate Path120
ISO-5055CWE-4341061050CWE-434 - Unrestricted Upload of File with Dangerous Type90
ISO-5055CWE-4561061051CWE-456 - Missing Initialization of a Variable30
ISO-5055CWE-4571061052CWE-457 - Use of Uninitialized Variable30
ISO-5055CWE-4591061053CWE-459 - Incomplete Cleanup120
ISO-5055CWE-4761061054CWE-476 - NULL Pointer Dereference50
ISO-5055CWE-4771061055CWE-477 - Use of Obsolete Function30
ISO-5055CWE-4781061056CWE-478 - Missing Default Case in Switch Statement90
ISO-5055CWE-4801061057CWE-480 - Use of Incorrect Operator30
ISO-5055CWE-4841061058CWE-484 - Omitted Break Statement in Switch90
ISO-5055CWE-5021061059CWE-502 - Deserialization of Untrusted Data40
ISO-5055CWE-5431061060CWE-543 - Use of Singleton Pattern Without Synchronization in a Multithreaded Context60
ISO-5055CWE-5611061061CWE-561 - Dead Code30
ISO-5055CWE-5621061062CWE-562 - Return of Stack Variable Address50
ISO-5055CWE-5641061063CWE-564 - SQL Injection: Hibernate90
ISO-5055CWE-5671061064CWE-567 - Unsynchronized Access to Shared Data in a Multithreaded Context120
ISO-5055CWE-5701061065CWE-570 - Expression is Always False30
ISO-5055CWE-5711061066CWE-571 - Expression is Always True30
ISO-5055CWE-5951061067CWE-595 - Comparison of Object References Instead of Object Contents30
ISO-5055CWE-5971061068CWE-597 - Use of Wrong Operator in String Comparison30
ISO-5055CWE-6061061069CWE-606 - Unchecked Input for Loop Condition60
ISO-5055CWE-6111061070CWE-611 - Improper Restriction of XML External Entity Reference60
ISO-5055CWE-6431061072CWE-643 - Improper Neutralization of Data within XPath Expressions ('XPath Injection')60
ISO-5055CWE-6521061073CWE-652 - Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')60
ISO-5055CWE-6621061074CWE-662 - Improper Synchronization120
ISO-5055CWE-6651061075CWE-665 - Improper Initialization30
ISO-5055CWE-6671061076CWE-667 - Improper Locking120
ISO-5055CWE-6721061077CWE-672 - Operation on a Resource after Expiration or Release90
ISO-5055CWE-6811061078CWE-681 - Incorrect Conversion between Numeric Types60
ISO-5055CWE-6821061079CWE-682 - Incorrect Calculation60
ISO-5055CWE-7031061080CWE-703 - Improper Check or Handling of Exceptional Conditions50
ISO-5055CWE-7041061081CWE-704 - Incorrect Type Conversion or Cast60
ISO-5055CWE-7321061082CWE-732 - Incorrect Permission Assignment for Critical Resource60
ISO-5055CWE-7581061083CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior30
ISO-5055CWE-7641061084CWE-764 - Multiple Locks of a Critical Resource120
ISO-5055CWE-771061013CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')90
ISO-5055CWE-7721061085CWE-772 - Missing Release of Resource after Effective Lifetime120
ISO-5055CWE-7751061086CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime120
ISO-5055CWE-7781061087CWE-778 - Insufficient Logging90
ISO-5055CWE-781061014CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')90
ISO-5055CWE-7831061088CWE-783 - Operator Precedence Logic Error15
ISO-5055CWE-7861061089CWE-786 - Access of Memory Location Before Start of Buffer50
ISO-5055CWE-7871061090CWE-787 - Out-of-bounds Write30
ISO-5055CWE-7881061091CWE-788 - Access of Memory Location After End of Buffer50
ISO-5055CWE-7891061092CWE-789 - Uncontrolled Memory Allocation50
ISO-5055CWE-791061015CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')120
ISO-5055CWE-7981061093CWE-798 - Use of Hard-coded Credentials90
ISO-5055CWE-8051061094CWE-805 - Buffer Access with Incorrect Length Value30
ISO-5055CWE-8201061095CWE-820 - Missing Synchronization90
ISO-5055CWE-8211061096CWE-821 - Incorrect Synchronization90
ISO-5055CWE-8221061097CWE-822 - Untrusted Pointer Dereference50
ISO-5055CWE-8231061098CWE-823 - Use of Out-of-range Pointer Offset50
ISO-5055CWE-8241061099CWE-824 - Access of Uninitialized Pointer50
ISO-5055CWE-8251061100CWE-825 - Expired Pointer Dereference50
ISO-5055CWE-8331061101CWE-833 - Deadlock240
ISO-5055CWE-8351061102CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')90
ISO-5055CWE-881061016CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')90
ISO-5055CWE-891061017CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')90
ISO-5055CWE-901061018CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')50
ISO-5055CWE-9081061103CWE-908 - Use of Uninitialized Resource30
ISO-5055CWE-911061019CWE-91 - XML Injection (aka Blind XPath Injection)50
ISO-5055CWE-9171061104CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')60
ISO-5055CWE-991061020CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')50

Qualification information

Complexity

The Complexity - or Effort Complexity - of the code elements implementing an Occurrence is qualification information that is measured according to the Effort Complexity definition from Automated Enhancement Points:

EC/LowEffortComplexity

EC is computed by the following metrics:

  • 10351: EC ADDED
  • 10353: EC UPDATED
  • 10354: EC UNCHANGED

LowEffortComplexity

The technology related Low Complexity column for ADDED artifacts ( from COST_CONFIG ). When the violation has related objects, then the average EC of all objects is taken in to account. The complexity is computed for the main object violating a rule:

Complexity = AVG ( Effort Complexity all objects of the violation )/ Low Complexity for the related technology

Concentration

Concentration is qualification information that measures the number of Occurrences within any Code Element in the software:

1/nb of time the object violates any rule

Exposure

The Exposure of an Occurrence is qualification information that measures the level of contentedness of the Occurrence with the rest of the software, both directly and indirectly through call paths:

1+log(nb paths)

Technical diversity

The Technological Diversity of an Occurrence measures the number of distinct technologies in which the code elements included in a single occurrence of a source code pattern are written. This is set to 1. 

Gap size

In the context of patterns which rely on roles that model values and threshold values that are not to be exceeded, the gap between these values must be closed to re-mediate this weakness. This is set to 1. 

Adjustment Factor

The adjustment factor is computed based on qualification information, as follows:

AVG(Complexity) X AVG(Exposure) X Count(Technological diversity) X AVG(Concentration) X Sum(Gap size)

Technical debt

Finally the technical debt is computed by:

Nb Of Occurrences X Adjustment Factor X Un-adjusted Remediation Effort

Result storage

Default result storage method - high level data only

By default only data aggregated at the following level is available and is stored in the Dashboard schema table DSS_METRIC_RESULTS:

  • Application
  • Module
  • Technical Criteria
  • Business Criteria

Detailed information at Object and Rule level can be generated and made available to the dashboard on demand by executing the following query against the Dashboard schema:

select OMG_ATDM_COMPUTE_DETAILS (SNAPSHOT_ID, OBJECT_ID, RULE_ID) 

Where:

ItemDescription
SNAPSHOT_IDIs the ID of the snapshot you want to generate detailed object and rule level information for.
RULE_ID

The ID of the rule you want to generate detailed information for. Note that if RULE_ID = -1, detailed information will be generated for all rules.

OBJECT_IDThe ID of the object you want to generate detailed information for. Note that if OBJECT_ID = -1, detailed information will be generated for all objects.

When the next snapshot is generated, detailed object/rule level information will be saved in the table OMGTD_RESULTS.

Alternative result storage method - all data

This method is not recommended for very large Applications, since the impact on performance of generating all data for every snapshot will be significant.

It is possible to change the behaviour and choose to always save all results (including Object and Rule level information) for every snapshot that is generated. To do so, execute the following query against the Dashboard schema:

select OMG_ATDM_DETAILSALL();

This option will be taken in account when a new snapshot is generated and as a result all information is saved as follows:

  • Application, Module, Technical Criteria, Business Criteria - aggregated in the table DSS_METRIC_RESULTS
  • Details for Object and Rule levels stored in the table OMGTD_RESULTS 

To disable the storage of all details, execute the following query against the Dashboard schema:

select OMG_ATDM_DETAILSONDEMAND();

What results can you expect?

Health Dashboard

When the ISO-5055 view is selected, two tiles are available out of the box in the Overview and Trends sections respectively, at Multi-Application level (the tiles will display no value if the OMG Technical Debt extension is not installed and no snapshot has been generated):

At single Application level, one tile is available out of the box in the Overview section when the ISO-5055 view is selected:

Switch between the AIP and ISO-5055 views using the drop down in the home page:

Clicking the tiles will provide more detailed information:

Multi Application level

Single Application level

In addition, at single Application level drill down, for each of the Source Code Pattern Names, it is possible to navigate to the details of the violations in the Engineering Dashboard (where this has been setup):

By default, these tiles are configured to display ISO-5055 index data (using the OMG_TECHNICAL_DEBT_ISO ID). If you want to display either TQI (CAST Imaging Core) or CISQ Index values (if the extension is installed), you will need to manually edit the configuration in the cmp-ISO.json or app-ISO.json file and change the ID used in the tile (i.e. for SizingMeasureEvolution and/or SizingMeasureResult / SizingMeasureResults) - see Health Dashboard tile management for more information:

  • OMG_TECHNICAL_DEBT_ISO - based on ISO-5055 index data, installed by default in CAST Imaging Console
  • OMG_TECHNICAL_DEBT_CISQ - based on CISQ Index data, requires that the com.castsoftware.cisq-index is installed
  • OMG_TECHNICAL_DEBT - based on TQI from CAST Imaging Core.

For example:

Tile drill down is tailored to the data chosen in the tile, for example:

Tile configuration examples:

SizingMeasureResult (app-ISO.json) / SizingMeasureResults (cmp-ISO.json):

        {
          "id": 208,
          "plugin": "SizingMeasureResult",
          "color": "yellow",
          "parameters": {
            "title": "Technical Debt (OMG) by ISO-5055",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT_ISO", "format": "0,0", "description": "Days"}
          }
        },
        {
          "id": 998,
          "plugin": "SizingMeasureResult",
          "color": "yellow",
          "parameters": {
            "title": "Technical Debt (OMG) by CISQ",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT_CISQ", "format": "0,0", "description": "Days"}
          }
        },
        {
          "id": 999,
          "plugin": "SizingMeasureResult",
          "color": "yellow",
          "parameters": {
            "title": "Technical Debt (OMG) by TQI",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT", "format": "0,0", "description": "Days"}
          }
        },  

SizingMeasureEvolution (app-ISO.json and cmp-ISO.json):

        {
          "id": 2103,
          "plugin": "SizingMeasureEvolution",
          "color": "yellow",
          "parameters": {
            "widget":"line",
            "title": "Technical Debt (OMG) by ISO-5055",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT_ISO", "format": "0,0"}
          }
        },
        {
          "id": 9998,
          "plugin": "SizingMeasureEvolution",
          "color": "yellow",
          "parameters": {
            "widget":"line",
            "title": "Technical Debt (OMG) by CISQ",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT_CISQ", "format": "0,0"}
          }
        },
        {
          "id": 9999,
          "plugin": "SizingMeasureEvolution",
          "color": "yellow",
          "parameters": {
            "widget":"line",
            "title": "Technical Debt (OMG) by TQI",
            "sizingMeasure": {"id": "OMG_TECHNICAL_DEBT", "format": "0,0"}
          }
        },

Engineering Dashboard

A tile is available out of the box displaying the Total Technical Debt (OMG) in days for the current Application, as well as Added and Removed OMG Technical Debt in days for the current snapshot:

You can change the specific Technical Criteria used to display the values in the tile, using the drop down option:

By default, this tile is configured to display ISO-5055 index data (using the 1061000 metric ID). If you want to display either TQI (CAST Imaging Core) or CISQ Index values (if the extension is installed), you will need to manually edit the configuration in the ed.json file and change the ID used - see Engineering Dashboard tile management for more information:

  • 1061000 - based on ISO-5055 index data, installed by default in CAST Imaging Console
  • 1062100 - based on CISQ Index data, requires that the com.castsoftware.cisq-index is installed
  • 60017 (based on TQI from CAST Imaging Core)

Clicking this tile will drill down to the Risk investigation view with Technical Debt (OMG) with the ISO-5055 Assessment Model selected. If the tile has been manually edited and re-configured to show either TQI (CAST Imaging Core) or CISQ Index data, the drill down will also change as shown below:

Data

Example

ISO-5055 data (default)

TQI data (AIP Core)

CISQ Index data

You can also switch to showing Violations instead of Technical Debt (OMG) values from the drop-down list:

 

In the rule details section, there is a dedicated section called "Technical Debt (OMG)", which will show the details (Total, Added, Removed, and No. of occurrences):

In the source code view, a Technical Debt (OMG) section is displayed, showing object level details on the Adjustment Factor, Unadjusted Effort (in mins) and Adjusted Efforts (in mins):

Using the RestAPI to obtain results

Total Technical Debt by Application, Module

Results can be obtained using a RestAPI query. For example, to obtain technical debt as a remediation effort use the metric #1062020 (you can replace this ID with other supported Sizing Measure IDs):

AAD/results?metrics=1062020&modules=$all&technologies=$all

Example showing the technical debt for all applications, with a breakdown by technology and by module for an example Application called "shopizer8321":

C:>curl -H "Accept: text/csv" -u admin:cast "http://localhost:9190/CAST-RESTAPI/rest/AAD/results?metrics=1062020&modules=$all&technologies=$all"

Results:

Application Name;Module Name;Technology;Metric Name;Metric Id;Metric Type;Critical;Snapshot Date #1;Result #1
shopizer8321;null;null;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;387350.0
shopizer8321;null;HTML5;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;770.0
shopizer8321;null;JEE;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;386580.0
shopizer8321;shopizer8321 full content;null;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;387350.0
shopizer8321;shopizer8321 full content;HTML5;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;770.0
shopizer8321;shopizer8321 full content;JEE;OMG-ATDM: Remediation Effort;1062020;technical-debt-statistics;N/A;2020-03-27;386580.0

In other words, the "shopizer8321" application has a technical debt of 387350 minutes, which is equivalent to 387350 ÷ 60 ÷ 8 = 806 workload days. The remediation effort is dispatched between HTML5 code and Java Code as follows:

TechnologyRemediation effort
HTML770 minutes
JEE386,580 minutes

Total Technical Debt by Business Criterion, Technical Criterion, Rule

With a CISQ Business Criterion ID, you can obtain the technical debt for this Quality Indicator and all related indicators (ie CISQ Measure Elements):

CISQ Business Criterion IDName
1062100CISQ-Index
1062101CISQ-Maintainability
1062102CISQ-Performance-Efficiency
1062103CISQ-Reliability
1062104CISQ-Security

Example:

C:>curl -H "Accept: text/csv" -u admin:cast "http://localhost:9190/CAST-RESTAPI/rest/SHOPIZER/applications/3/results?metrics=c:1062100&select=omgTechnicalDebt"

Application Name;Technical Criterion;Metric Id;Metric Type;Critical;Snapshot Date #1;Result #1;OMG Technical Debt (Result #1);OMG Occurrences (Result #1);OMG Added Technical Debt (Result #1);OMG Removed Technical Debt (Result #1)
shopizer8321;ASCMM-MNT-1 - Control Flow Transfer Control Element outside Switch Block;1062110;technical-criteria;false;2020-05-15;4.0;0;2;0;0
shopizer8321;ASCMM-MNT-11 - Callable and Method Control Element Excessive Cyclomatic Complexity Value;1062112;technical-criteria;false;2020-05-15;3.58017346587814;null;null;null;null
shopizer8321;ASCMM-MNT-12 - Named Callable and Method Control Element with Layer-skipping Call;1062113;technical-criteria;false;2020-05-15;4.0;null;null;null;null
shopizer8321;ASCMM-MNT-13 - Callable and Method Control Element Excessive Number of Parameters;1062114;technical-criteria;false;2020-05-15;4.0;null;null;null;null
shopizer8321;ASCMM-MNT-15 - Public Member Element;1062116;technical-criteria;false;2020-05-15;4.0;40;1;0;0
...

You can get also the technical debt for a single rule, as long as this rule is identified as a CISQ rule by the CISQ Index:

C:>curl -H "Accept: application/json" -u admin:cast "http://localhost:9190/CAST-RESTAPI/rest/SHOPIZER/applications/3/results?metrics=8216&select=omgTechnicalDebt,violationRatio"


...
				"result": {
					"grade": 4,
					"omgTechnicalDebt": {
						"total": 11040,
						"numberOccurrences": 176,
						"added": 0,
						"removed": 0
					},
					"violationRatio": {
						"totalChecks": 7411,
						"failedChecks": 33,
						"successfulChecks": 7378,
						"ratio": 0.9955471596275807
					}
				},

Detailed Technical Debt for a violation

As we refer to findings from a snapshot ID, and object ID and a rule ID with URI such as:

TINY/components/568/snapshots/8/findings/8216

We can refer technical debt details in a similar Web Service:

TINY/components/568/snapshots/8/omg-technical-debt/8216

E.g.:

C:>curl -H "Accept: application/json" -u admin:cast "http://localhost:9190/CAST-RESTAPI/rest/TINY/components/568/snapshots/8/omg-technical-debt/8216"
{
	"total": 180,
	"numberOccurrences": 3,
	"complexity": 1,
	"exposure": 1,
	"concentration": 0,
	"technologicalDiversity": 1,
	"gapSize": 1,
	"unadjustedEffort": 60,
	"added": 0,
	"removed": 0,
	"adjustmentFactor": 3
}

Querying the Dashboard schema for results

The Dashboard schema contains views and tables that provide information about the results generated by this extension:

View/TableDescription Type
OMG_ATDM_RESULTS_OBJ_APPRemediation effort and adjusted Factor aggregated at Application, Module, PATTERN level.
 
VIEW
OMG_ATDM_RESULTS_OBJ_RULE_APPRemediation effort and adjusted Factor for Object Rule, aggregated at Application, Module, PATTERN level.VIEW
OMG_ATDM_DETAILS_OBJ_RULEDetails all metrics computed for all violations.VIEW
ATDM_SCOPE_OCCURENCESLast scope taken in to account.TABLE

Obtaining results at Application level for a snapshot

SET search_path=xxx_central;
SELECT * 
FROM   omg_atdm_results_obj_app 
WHERE  snapshot_id = <snapshot_id>

Obtaining results per CAST Rule / CISQ Pattern at the application level for a snapshot

Possible STANDARD values are 'CISQ' , 'ISO-5055', 'AIP'. CISQ Total:

SET search_path=xxx_central;
SELECT TD.SNAPSHOT_ID,  TD.OBJECT_NAME as APPLICATION_NAME,
sum(case when TD.METRIC_ID = 1062020 then TD.METRIC_NUM_VALUE else 0 end) tech_debt,
sum(case when TD.METRIC_ID = 1062030 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_added,
sum(case when TD.METRIC_ID = 1062032 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_removed
FROM OMG_ATDM_RESULTS_OBJ_RULE_APP TD
join DSS_SNAPSHOTS S on S.SNAPSHOT_ID = TD.SNAPSHOT_ID and TD.OBJECT_ID = S.APPLICATION_ID
Where TD.METRIC_VALUE_INDEX in ( select METRIC_ID from OMG_METRIC_VIEW where STANDARD = 'CISQ')
And TD.SNAPSHOT_ID = <SNAPSHOT_ID>
And TD.METRIC_ID in ( 1062020,1062030, 1062032 ) -- Remediation Effort Total, added, deleted
Group by TD.SNAPSHOT_ID, TD.OBJECT_NAME

CISQ Technical Criteria:

SET search_path=xxx_central;
SELECT TD.SNAPSHOT_ID, TD.METRIC_VALUE_INDEX , TD.AGGREGATELEVEL , TD.OBJECT_NAME as APPLICATION_NAME, 
      sum(case when TD.METRIC_ID = 1062020 then TD.METRIC_NUM_VALUE else 0 end) tech_debt,
      sum(case when TD.METRIC_ID = 1062030 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_added,
      sum(case when TD.METRIC_ID = 1062032 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_removed 
FROM  OMG_ATDM_RESULTS_OBJ_RULE_APP TD
join DSS_SNAPSHOTS S on S.SNAPSHOT_ID = TD.SNAPSHOT_ID and TD.OBJECT_ID = S.APPLICATION_ID
Where TD.METRIC_VALUE_INDEX in ( select METRIC_ID from CTDM_REMEDIATION_EFFORTS where STANDARD = 'CISQ')
And TD.SNAPSHOT_ID = <SNAPSHOT_ID>
And TD.METRIC_ID in ( 1062020,1062030, 1062032 ) -- Remediation Effort Total, added, deleted
Group by  TD.SNAPSHOT_ID, TD.METRIC_VALUE_INDEX , TD.AGGREGATELEVEL , TD.OBJECT_NAME
Order by TD.METRIC_VALUE_INDEX 

CISQ Business Criterion:

CISQ - Business Criteria 
SELECT TD.SNAPSHOT_ID, TD.METRIC_VALUE_INDEX , TD.AGGREGATELEVEL , TD.OBJECT_NAME as APPLICATION_NAME,
      sum(case when TD.METRIC_ID = 1062020 then TD.METRIC_NUM_VALUE else 0 end) tech_debt,
      sum(case when TD.METRIC_ID = 1062030 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_added,
      sum(case when TD.METRIC_ID = 1062032 then TD.METRIC_NUM_VALUE else 0 end) tech_debt_removed
FROM  OMG_ATDM_RESULTS_OBJ_RULE_APP TD
join DSS_SNAPSHOTS S on S.SNAPSHOT_ID = TD.SNAPSHOT_ID and TD.OBJECT_ID = S.APPLICATION_ID
Where TD.METRIC_VALUE_INDEX in ( select BC_METRIC_ID from OMG_BC_METRIC_VIEW BC join  CTDM_REMEDIATION_EFFORTS TC on TC.STANDARD = 'CISQ' and TC.METRIC_ID =BC.PATTERN_METRIC_ID )
And TD.SNAPSHOT_ID = <SNAPSHOT_ID>
And TD.METRIC_ID in ( 1062020,1062030, 1062032 ) -- Remediation Effort Total, added, deleted
Group by  TD.SNAPSHOT_ID, TD.METRIC_VALUE_INDEX , TD.AGGREGATELEVEL , TD.OBJECT_NAME
Order by TD.METRIC_VALUE_INDEX

For example to get the results for all metrics of pattern 'ASCPEM-PRF-8':

SELECT * 
FROM   omg_atdm_results_obj_rule_app 
WHERE  snapshot_id = 4 
       AND ( metric_value_index IN (SELECT T.metric_id + 1 
                                    FROM   aed_metric_quality_tags T 
                                    WHERE  T.tag = 'ASCPEM-PRF-8') 
              OR aggregatelevel = 'ASCPEM-PRF-8' ) 

Note that to obtain the CISQ Pattern of a given CAST rule, you can adapt the following query. For example, to find the CISQ Pattern for the rule ID = 7201, the following query will return ASCPEM-PRF-8:

SELECT C.tag 
FROM   aed_quality_tags_doc C 
       join aed_metric_quality_tags T 
         ON T.tag = C.tag 
WHERE  C.standard = 'CISQ' 
       AND T.metric_id + 1 = 7201