A set of source code files to analyze. For Java, this can be an Eclipse Project, or a directory containing Web Server resources (JSP files).
Analysis Service database
An Analysis Service database stores all analysis results: components, diagnosis findings and violations. Assessment results for all Technical Modules are also stored in an Analysis Service:
- for historical reasons, all assessment results are calculated including Business Criteria
- however the majority of Sizing Results are only calculated in the Dashboard Service database (Technical Debt for example)
Alternative legacy/deprecated names: Local, Local Site, Knowledge Base
A union of Analysis Units that defines the scope of source code for analysis.
An artifact is a component and is used in the context of CAST AIP metrics to indicate the low-level programming elements used to measure application size and complexity.
A specification of metrics, quality rules, calculation rules and quality criteria to assess source code quality and risks.
A Background Fact is external data that will enrich the content of the CAST Application Analytics Dashboard and also the legacy CAST Engineering Dashboard. Background Facts can therefore provide additional information in a single interface that is not based on source code analysis but that can be advantageously cross-referenced with quality and quantity information. These metrics are numerical values and they are attached to Modules only. To determine the Background Fact value of an Application, the dashboards will display the sum total of all contained Modules.
A Diagnosis Finding that locates text in a component.
Business Criteria are strategic quality indicators, either business oriented, or development oriented. They rely on the measurement of compliance with a set of Technical Criteria that assess the impact on the application development business – as Health Factors – or the compliance to development practices – as Rule Compliance. Their grade is based upon the weights of contributing Technical Criteria grades.
Business Health Factor
Business Health Factors are business-oriented strategic quality indicators. They rely on the measure of compliance with a set of Technical Criteria that assess the impact on the application development business.
Central or Central Site
For a Quality Rule, this is a ratio of Successful Checks (= Total Checks minus Failed Checks) and Total Checks. A Compliance Ratio is transformed into a Grade/Score with 4 thresholds (each pair of thresholds define a linear function).
A code fragment or a schema fragment. Fragments are specific to a programming language or a schema language, and specific to analyzers.
Dashboard Service database
The role of the Dashboard Service database is to store:
- Analysis results (components, violations, diagnosis findings) for each Snapshot
- Assessment results for each Snapshot
- Assessment Model for each Snapshot
- Assessment results at the level of Functional Module and Application
- The majority of Sizing Results
A defective component is a Component in violation with a Quality Rule.
An organization, such as a contractor or a department, in charge of the delivery of applications. A delivery unit defines the scope of applications for analysis.
An SQL procedure producing Diagnosis Findings.
A diagnosis value is a specific Diagnosis Finding reported as a value: a counter or a name to reference a source code;
CAST Enlighten is a client/server application installed as part of CAST AIP. Its primary usage is to display (graphically) the objects that have been identified during a source code analysis and to display the links that these objects have to other objects in the Application.
Number of defective components for a Quality Rule.
- For an Application, this number is the sum of Failed Checks of all Functional Modules defined in the Application, regardless of whether a component belongs to multiple Functional Modules. In the case of overlapping of Functional Modules, this number is therefore an approximation.
- For a Functional Module, and non-overlapping Analysis Units, this value is the number of defective components
Functional Modules are used in CAST AIP to define a logical break down of Application source code into smaller units. Examples are a user defined module or an automatic module such as a "full content module" or a module generated for an Analysis Unit.
LISA (Large Intermediate Storage Area)
A location (i.e. a folder) on your local hard drive that is designated for use by the CAST Management Studio to store miscellaneous files generated during the analysis process.
- These files will still exist once the analysis is complete.
- This location is used more particularly in the J2EE and .NET technologies to store data generated when the User Input Data Flow Security Analysis feature is activated.
- The location must be capable of receiving a large amount of data (several hundred MB).
- This folder is similar in nature to the Internet Explorer cache.
LTSA (Large Temporary Storage Area)
A location (i.e. a folder) on your local hard drive that is designated for use by the CAST Management Studio to store temporary files generated during the analysis process.
- These files will be removed once the analysis is complete.
- This folder is similar in nature to the Windows %TEMP% folder.
Local or Local Site
Determines the cost and difficulty/ease to maintain an application in the future. Increased maintainability index makes applications cheaper to maintain with more predictable results.
Management Service database
A Management Service database stores configuration options for the CAST Management Studio are related resources.
Alternative legacy/deprecated names: Management, MNGT
Measurement Service database
A Measurement Service database stores consolidated results from one or multiple Dashboard Service databases for use with the CAST Application Analytics Dashboard.
Alternative legacy/deprecated names: Measurement base
(CAST) Management Studio
The CAST Management Studio is a client/server application installed as part of CAST AIP. It is used to manage the entire Application analysis and snapshot generation process.
Metric (or Diagnostic), analyzed the code name given to the criteria. Metrics will be defined as the basic rules of the code in the analysis of the CAST.
Modules are executable software components or tightly coupled sets of executable software components (one or more), developed and deployed together, that deliver some of the steps needed by an Application to operate. The modules that together make up application code units. CAST scores can be seen as a result of the second unit of analysis within the application.
Propagated Risk Index (PRI)
Propagated Risk Index (PRI) is a measurement of the riskiest artifacts or objects of the application along the Health Factors of Robustness, Performance and Security. PRI takes into account the intrinsic risk of the component coupled with the level of use of the given object in the transaction. It systematically helps aggregate risk of the application in a relative manner allowing for identification, prioritization, and ultimately re-mediation of the riskiest objects.*
A Quality Distribution is an operational quality indicator, designed to assess a component based on the balance of the distribution of an attribute value among objects of the component. They rely on the distribution of tested objects according to one of their properties (e.g.: size) into four categories.
A Quality Measure is an operational quality indicators, designed to assess a component based on a single measure value.
A Quality Rules is an operational quality indicator, designed to assess a component based on the compliance to a coding or architecture practice. A Quality Rule is defined for a single (not unified) technology or a set of technologies (unified) and produces a grade between 1.0 (very high risk) and 4.0 (low risk) for an Application or a Functional Module.
Additional values, indicators, related to a Result:
- intermediate calculation results
- breakdown of a measure
- related quantitative values
Security Health Factor
Determines the risk of security breaches for an application. Increased security ratings decrease the risk of security threats against the application.
(CAST) Server Manager
CAST Server Manager is a traditional client/server application installed as part of CAST AIP. It is used to install CAST AIP schemas and CAST AIP extensions.
A quantitative measure.
A CAST Snapshot is a capture at one moment in time of the status of a set of executable software components (one or more). The scope of a Snapshot depends on the nature of the information that is captured.
Source Code Delivery Folder
Location for storing successive and compressed versions of applications' source code as packaged by the Delivery Manager(s).
Source Code Deployment Folder
Location of the most recent version of the applications' source code for analysis in uncompressed format.
Technical Criteria are operational quality indicators, designed to assess a technical area. They rely on the measurement of compliance with a set of Quality Rules, Distributions, and Measures that assess a technical domain or area. Their grade is based upon contributing Quality Rules, Quality Distributions and Quality Measures grades.
Also known as Design Debt is the accumulated amount/cost of rework that will be necessary to correct and/or recover from the deviation between the current design of the system, versus that which is minimally complex yet sufficiently complete to ensure correctness & consistency for timely delivery. This effort grows more than linearly over time as a system becomes bigger and more complex.
Technical Quality Index (TQI)
(CAST) Transacation Configuration Center
The CAST Transaction Configuration Center is a client/server application installed as part of CAST AIP. Its primary usage is for calibrating the initial Function Point count made by CAST AIP during an analysis. Calibration includes removing technical and temporary objects from the list of Function Points counted, aggregating and splitting several function points into one and changing the type of the Data or Transactional Functions.
Alternative names: TCC
Transaction Risk Index (TRI)
TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.
A Quality Rule unifying a set of alternative Quality Rules; each alternative Quality Rule is defined for a single technology. For example "7166 - Avoid Artifacts with High Cyclomatic Complexity" gathers all violations of quality rules (666,1118,1652,2296,2646,3138,3654,4148,4780,5134,5580,6186,6618,7112). Note that these rules (flagged with unify=false) are always disabled.
A violation identifies a defective component breaking a Quality Rule pattern.
IMPORTANT: For a given component and a given Quality Rule pattern there is 0 or 1 violations. If a component breaks a rule N times, then each occurrence is detailed into the Diagnosis Findings structure with a value counter equal to N, and/or with N values, and/or with N code bookmarks.
Violation Index (VI) assesses the overall quality of an object regarding a health concern (Robustness, Security,…), by a weighted aggregation on the violation it carries.
The Violation Pattern is the pattern that is searched for in the Analysis Service content (source code, cartography, etc.) to pinpoint Violations. The Violation Pattern should be described in the description field of the Quality Rule.