Summary: This glossary defines terminology used within CAST AIP. Note that it does not include terms which are associated with external concepts, or terms generally used globally. Such information should be obtained from related external documentation help system.

A

AEP (Automated Enhancement Points)

AEP is used by default in CAST AIP 8.2.x and above to estimate the size of an application revision. See also CAST OMG-compliant Automated Function Points.

AEFP (Automated Enhancement Function Points)

Automated Enhancement Functional Points (AEFP) assess the changes made to the functional part of the application. AEFP reflects the changes made to both Transactional Functions and Data Functions. Therefore, AEFP is calculated by adding the AEFP value of all Transactional Functions and Data Functions in the application. The AEFP of each individual Transactional Function / Data Function is calculated by multiplying its FP value by its Complexity Factor (AEFP = FP x CF). The Complexity Factor of a certain Transactional Function / Data Function is an adjustment factor (defined by an OMG-specification) which is calculated based on its status (added / modified / deleted) and the complexity of the objects inside the Transactional Function / Data Function. The value reported for AEFP includes only added, modified and deleted Functions. All unchanged Functions are automatically excluded from this value (their Complexity Factor is considered as 0, and thus their AEFP value will also be 0). See also CAST OMG-compliant Automated Function Points and CAST Automated Enhancement Points Estimation - AEP.

AETP data is not available when the EFP measure has been used to calculate the snapshot.

AETP (Automated Enhancement Transaction Points)

As defined in the OMG AEP specification, Automated Enhancement Technical Points (AETP) assess the changes made to the technical part of the application. Therefore, AETP is the count of added / modified / deleted technical points, which are calculated based on the added / modified / deleted technical objects (i.e. objects which are not part of any transaction). In other words, AETP summarizes the evolution performed in the application, but outside the functional scope (these objects are not taken into account in the functional points, so the AEP measure introduces the concept of "technical points" to assess the enhancement done in these types of objects). See also CAST OMG-compliant Automated Function Points and CAST Automated Enhancement Points Estimation - AEP.

AETP data is not available when the EFP measure has been used to calculate the snapshot.

AFP (Automated Function Points)

Automated Function Points (AFP) is an automatic function points counting solution based on the rules defined by the International Function Point User Group (IFPUG) and the Consortium for IT Software Quality (CISQ). CAST automates the manual counting process by using the structural information retrieved by source code analysis, database structure and transactions. See also CAST OMG-compliant Automated Function Points.

(CAST) AIP

AIP (Application Intelligence Platform) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

(CAST) AIP Console

AIP Console is a web application for managing multiple CAST AIP instances from one location.

Analysis Unit

A set of source code files to analyze. For Java, this can be an Eclipse Project, or a directory containing Web Server resources (JSP files).

Analysis Service schema

An Analysis Service schema stores all analysis results: components, diagnosis findings and violations. Assessment results for all Technical Modules are also stored in an Analysis Service:

Alternative legacy/deprecated names: Local, Local Site, Knowledge Base

Application

A union of Analysis Units that defines the scope of source code for analysis.

APR (Action Plan Recommendation)

The Action Plan Recommendation is a feature designed to automatically build an Action Plan to improve the grade/score of a chosen Health Factor (Business Criteria).

(CAST) Architecture Checker

CAST Architecture Checker is a client/server application installed as part of CAST AIP. Its primary usage is to:

Once the Architecture Model is defined, it can then be used in the CAST Management Studio. When the application or set of applications is then analyzed in the CAST Management Studio and a Snapshot is subsequently generated, the Architecture Model will be taken into account.

Artifact

An artifact is a component and is used in the context of CAST AIP metrics to indicate the low-level programming elements used to measure application size and complexity.

Assessment Model

A specification of metrics, quality rules, calculation rules and quality criteria to assess source code quality and risks.

Back to top

B

Backfired Function Point

Back-Fired Function Points (BFP) estimate the number of function points of an application. This code-derived metric is based on the lines of code, weighted by an abacus for a given technology.

Background Fact

A Background Fact is external data that will enrich the content of the CAST Application Analytics Dashboard and also the legacy CAST Engineering Dashboard. Background Facts can therefore provide additional information in a single interface that is not based on source code analysis but that can be advantageously cross-referenced with quality and quantity information. These metrics are numerical values and they are attached to Modules only. To determine the Background Fact value of an Application, the dashboards will display the sum total of all contained Modules.

Bookmark

A Diagnosis Finding that locates text in a component.

Business Criteria

Business Criteria are strategic quality indicators, either business oriented, or development oriented. They rely on the measurement of compliance with a set of Technical Criteria that assess the impact on the application development business – as Health Factors – or the compliance to development practices – as Rule Compliance. Their grade is based upon the weights of contributing Technical Criteria grades.

Back to top

C

Central or Central Site

See Dashboard Service database.

Compliance Ratio

For a Quality Rule, this is a ratio of Successful Checks (= Total Checks minus Failed Checks) and Total Checks. A Compliance Ratio is transformed into a Grade/Score with 4 thresholds (each pair of thresholds define a linear function).

Component

A code fragment or a schema fragment. Fragments are specific to a programming language or a schema language, and specific to analyzers.

Alternative name: Object

Critical Violation

See Violation.

Back to top

D

Dashboard Service schema

The role of the Dashboard Service schema is to store:

Alternative legacy/deprecated names: Central or Central Site

Defective Component

A defective component is a Component in violation with a Quality Rule.

(CAST) Delivery Manager Tool

The CAST Delivery Manager Tool is . The CAST Delivery Manager Tool is a standalone application aimed at the person or people responsible for providing source code for analysis (i.e. the Delivery Managers) that entirely manages the discovery, selection, extraction and delivery of source code ready for analysis in the CAST Management Studio.

Alternative names: DMT

Delivery Unit

An organization, such as a contractor or a department, in charge of the delivery of applications. A delivery unit defines the scope of applications for analysis.

Diagnosis Finding

Diagnosis Findings pinpoint statements or properties of the defective component violating a Quality Rule pattern. A Diagnosis Findings can be a Bookmark or a counter. Do not confuse with a Violation.

Diagnosis Procedure

An SQL procedure producing Diagnosis Findings.

Diagnosis Value

A diagnosis value is a specific Diagnosis Finding reported as a value: a counter or a name to reference a source code;

Alternative name: Associated Value

(CAST) Discovery Portal

The CAST Engineering Dashboard is a web application provided as part of CAST AIP (bundled in the same .WAR file as the CAST Engineering Dashboard (legacy)). Its primary usage is to provide a variety of technical "DNA type" information about a company's applications.

  • Alternative names: CED
  • Note that the CAST Discovery Portal is now considered a "legacy" feature. It has been superseded by the CAST Engineering Dashboard.

Back to top

E

Effort Complexity (EC) and Effort Complexity Level

The Effort Complexity (EC) is the Effort Rate of the Artifact based on its Cost Complexity and its technology. The Artifact EC estimates the complexity of implementing an Artifact or changes to it, based on a composite score of five software metrics that assess the complexity of the software environment in which the Artifact is embedded:

Each Artifact EC category gets an EC value, which can be overridden for specific technologies. Defaults are as follows:

See also CAST Automated Enhancement Points Estimation - AEP.

(CAST) Engineering Dashboard

The CAST  Engineering Dashboard is a web application. Its primary usage is for low level, detailed investigation of data stored in the CAST Dashboard Service generated during the analysis/snapshot generation process.

Alternative/depcrecated names: AED, Application Engineering Dashboard

(CAST) Engineering Dashboard (legacy)

The CAST Engineering Dashboard is a web application provided as part of CAST AIP (bundled in the same .WAR file as the CAST Discovery Portal). Its primary usage is for low level, detailed investigation of data stored in the CAST Dashboard Service generated during the analysis/snapshot generation process.

  • Alternative names: CED
  • Note that the CAST Engineering Dashboard (legacy) is now considered a "legacy" feature. It has been superseded by the CAST Engineering Dashboard.

EFP (Enhancement Function Points)

EFP is used by default in CAST AIP 8.1.x and all previous releases to estimate the size of an application revision.

(CAST) Enlighten

CAST Enlighten is a client/server application installed as part of CAST AIP. Its primary usage is to display (graphically) the objects that have been identified during a source code analysis and to display the links that these objects have to other objects in the Application.

Equivalence Ratio

Implementation Points form part of the AEP measure. The second step to compute AETP allows to align Implementation Points (IP) with Function Points in order to provide consistent values for AETP. An Equivalence Ratio (ER) is then calculated to weight the Implementation Points for Artifacts belonging to the technical part of the application:

See also CAST Automated Enhancement Points Estimation - AEP.

Extension

It is possible to "extend" CAST AIP with an extension to provide additional analysis and measurement capabilities both for technologies that are not supported "out-of-the-box" and for technologies supported in CAST AIP. Additionally, extensions can simply be any add-on (for example a custom Assessment Model) that has been built by a third-party.

External objects

An external object is created by the CAST analyzer during an analysis (as is the case for standard "objects" resulting from an analysis), however, they are associated to the analyzed project source code in an external way. For example, an external object could be an object that is part of a library and which is called by the analyzed source code, but is not analyzed itself. Often, external objects do not have source code stored in the CAST schemas, the objects are instead simply recorded as existing. An external object often appears as greyed out in the CAST Enlighten Object Browser.

Back to top

F

Failed Checks

Number of defective components for a Quality Rule.

≤ CAST AIP 8.1.x

 CAST AIP 8.2.x

Functional Module

Functional Modules are used in CAST AIP to define a logical break down of Application source code into smaller units. Examples are a user defined module or an automatic module such as a "full content module" or a module generated for an Analysis Unit.

Back to top

G

Generated code

Many technologies supported by CAST AIP for analysis include the ability to produce "auto generated code" from templates or other sources. When this auto generated source code is analyzed by CAST AIP, the following is true:

The method used by CAST AIP to determine whether source code is "auto generated" is specific to each technology.

Back to top

H

(CAST) Health Dashboard

The CAST Health Dashboard is a web application. Its primary usage is for high level investigation of aggregated data stored in the CAST Measurement Service generated during the analysis/snapshot generation process.

Alternative/deprecated names: AAD, Application Analytics Dashboard

Health Factor

Health Factors are business-oriented strategic quality indicators. They rely on the measure of compliance with a set of Technical Criteria that assess the impact on the application development business.

Back to top

I

Imaging System

CAST Imaging System is a software visualization solution for the IT teams to visualize and navigate through the application architecture layer by layer; something similar to Google Earth. It is a single page application that can be accessed by any developer, architect, business executive to get insight into architecture, technologies, frameworks and other functional layers of the applications.

Implementation Points

Implementation Points form part of the AEP measure. The first step to compute AETP is to estimate the Implementation Points (IP) for Artifacts in both the technical and functional parts of the application. Implementation Points are counted as follows:

See also CAST Automated Enhancement Points Estimation - AEP.

Back to top

K

Knowledge Base

See Analysis Service database.

Back to top

L

LISA (Large Intermediate Storage Area)

A location (i.e. a folder) on your local hard drive that is designated for use by the CAST Management Studio to store miscellaneous files generated during the analysis process.

LTSA (Large Temporary Storage Area)

A location (i.e. a folder) on your local hard drive that is designated for use by the CAST Management Studio to store temporary files generated during the analysis process.

Local or Local Site

See Analysis Service database.

Back to top

M

Maintainability Index

Determines the cost and difficulty/ease to maintain an application in the future. Increased maintainability index makes applications cheaper to maintain with more predictable results.

Management Service database

A Management Service database stores configuration options for the CAST Management Studio are related resources.

Alternative legacy/deprecated names: Management, MNGT

Measurement Service database

A Measurement Service database stores consolidated results from one or multiple Dashboard Service databases for use with the CAST Application Analytics Dashboard.

Alternative legacy/deprecated names: Measurement base

(CAST) Management Studio

The CAST Management Studio is a client/server application installed as part of CAST AIP. It is used to manage the entire Application analysis and snapshot generation process.

Module

Modules are executable software components or tightly coupled sets of executable software components (one or more), developed and deployed together, that deliver some of the steps needed by an Application to operate. The modules that together make up application code units. CAST scores can be seen as a result of the second unit of analysis within the application.  

Back to top

P

Propagated Risk Index (PRI)

Propagated Risk Index (PRI) is a measurement of the riskiest artifacts or objects of the application along the Health Factors of Robustness, Performance and Security. PRI takes into account the intrinsic risk of the component coupled with the level of use of the given object in the transaction. It systematically helps aggregate risk of the application in a relative manner allowing for identification, prioritization, and ultimately re-mediation of the riskiest objects.*

Back to top

Q

Quality Distribution

A Quality Distribution is an operational quality indicator, designed to assess a component based on the balance of the distribution of an attribute value among objects of the component. It relies on the distribution of tested objects according to one of their properties (e.g.: object size) into four categories, for an Application or a Functional Module.

Quality Measure

A Quality Measure is an operational quality indicator, designed to assess a component based on a single measure value (such as % of copy/pasted code) in order to determine a grade between 1.0 (poor) and 4.0 (good) for an Application or a Functional Module.

Quality Rule

A Quality Rule is an operational quality indicator, designed to assess a component based on the compliance to a coding or architecture practice. A Quality Rule is defined for a single technology or a set of technologies (unified which is the default) and produces a grade between 1.0 (very high risk) and 4.0 (low risk) for an Application or a Functional Module.

Back to top

R

Result

An assessment result of an Application or a Functional Module.

Result Detail

Additional values, indicators, related to a Result:

Back to top

S

Security Health Factor

Determines the risk of security breaches for an application. Increased security ratings decrease the risk of security threats against the application.

(CAST) Server Manager

CAST Server Manager is a traditional client/server application installed as part of CAST AIP. It is used to install CAST AIP schemas and CAST AIP extensions.

Sizing Measure

A quantitative measure.

Snapshot

A CAST Snapshot is a capture at one moment in time of the status of a set of executable software components (one or more). The scope of a Snapshot depends on the nature of the information that is captured.

Source Code Delivery Folder

Location for storing successive and compressed versions of applications' source code as packaged by the Delivery Manager(s).

Source Code Deployment Folder

Location of the most recent version of the applications' source code for analysis in uncompressed format.

(CAST) Storage Service

The CAST Storage Service is a RDBMS provided as part of CAST AIP and can be used to host the CAST AIP schemas. The CAST Storage Service is a repackaged PostgreSQL RDBMS.

Alternative names: CSS

Back to top

T

Technical Criteria

Technical Criteria are operational quality indicators, designed to assess a technical area. They rely on the measurement of compliance with a set of Quality Rules, Distributions, and Measures that assess a technical domain or area. Their grade is based upon contributing Quality Rules, Quality Distributions and Quality Measures grades.

Technical Debt

Also known as Design Debt is the accumulated amount/cost of rework that will be necessary to correct and/or recover from the deviation between the current design of the system, versus that which is minimally complex yet sufficiently complete to ensure correctness & consistency for timely delivery. This effort grows more than linearly over time as a system becomes bigger and more complex.

Total Checks

Number of components that have been checked for a specific Quality Rule.

Total Quality Index (TQI)

TQI is a Business Criteria Health Factor that aggregates measures from multiple Technical Criteria.

(CAST) Transaction Configuration Center

The CAST Transaction Configuration Center is a client/server application installed as part of CAST AIP. Its primary usage is for calibrating the initial Function Point count made by CAST AIP during an analysis. Calibration includes removing technical and temporary objects from the list of Function Points counted, aggregating and splitting several function points into one and changing the type of the Data or Transactional Functions.

Alternative names: TCC

Transaction Risk Index (TRI) 

TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual  objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.

Back to top

U

Unadjusted Data Functions

Unadjusted Data Functions = sum of (Function Points of all Data Entities). See also CAST OMG-compliant Automated Function Points.

Unadjusted Function Points

Unadjusted Transactional Functions = Sum of (Function Points of all User Forms). See also CAST OMG-compliant Automated Function Points.

Unify

Quality Rule unifying a set of alternative Quality Rules; each alternative Quality Rule is defined for a single technology. For example "7166 - Avoid Artifacts with High Cyclomatic Complexity" gathers all violations of quality rules (666,1118,1652,2296,2646,3138,3654,4148,4780,5134,5580,6186,6618,7112). Note that these rules (flagged with unify=false) are always disabled.

Back to top

V

Violation

A violation identifies a defective component breaking a Quality Rule pattern.

IMPORTANT: For a given component and a given Quality Rule pattern there is 0 or 1 violations. If a component breaks a rule N times, then each occurrence is detailed into the Diagnosis Findings structure with a value counter equal to N, and/or with N values, and/or with N code bookmarks.

Critical Violations, i.e., violations to critical Quality Rules, identify each single occurrence of situations that can jeopardize the application regarding their Robustness, Performance, Security, Transferability, or Changeability. The consequences are so dire that:

CAST AIP delivers pre-configured sets of critical violations, but these can be adapted to each organization’s context.

Violation Index

Violation Index (VI) assesses the overall quality of an object regarding a health concern (Robustness, Security,…), by a weighted aggregation on the violation it carries.

Violation Pattern

The Violation Pattern is the pattern that is searched for in the Analysis Service content (source code, cartography, etc.) to pinpoint Violations. The Violation Pattern should be described in the description field of the Quality Rule.

Back to top