Summary: This page provides a high level overview of the Application Source Code Analysis process with CAST AIP

Application Source Code Analysis 

The analysis process follows the analysis preparation detailed in 1. Application qualification and version delivery and consists of two phases, namely: the Analysis set-up and the Analysis execution. An optional, although strongly recommended Analysis Automation step, may follow.

 

This set-up phase precedes the analysis execution and consists of two steps:

This step follows the pre-qualification of the application performed during the fulfilment of the 1. Application qualification and version delivery. It starts with the Application Team's delivery of the source code to the AI Center using the CAST Delivery Manager Tool (DMT) and includes the validation and acceptance of the application source code to be analyzed. 

Starts with the review of the source code delivered by the CAST Admin for analysis. In this step, the analysis scope and application boundary are reviewed and translated into an initial analysis configuration. 

The AI Admin executes the source code analysis to build the object and link representation in the Analysis Service. Generally, no snapshot should be generated at this stage.

The AI Admin assesses the completeness and accuracy of the generated meta-representation of the application source code and determines if and what corrective actions are required. This step includes the validation of "Dynamic Links" and configuration tune-ups required to improve the automated discovery of the Application's physical transactions. When configuration changes are required the analysis execution will need to be repeated. 

The final part of the of the analysis validation and fine tuning involves the configuration of any required analysis options - e.g security data flow, XXL Table Quality Rules, UDM configuration, etc. Although these items are identified during the source code delivery and acceptance performed during the Set-up the Analysis phase, and can be configured from the initial analysis it is often more efficient - as their assessment increases the time-required for each analysis cycle - to postpone their configuration until the core analysis parameters have been confirmed. The optimal approach will depend on the size and the complexity of the application to be analyzed.

Following the analysis validation and tune up, the final snapshot is generated and validated. Additionally, if required, the Function Point Calibration is performed to more closely align automated and manual counts. 

Automated Function point counts are calibrated to manual count or automated count generated with prior versions of CAST AIP.

This last optional step deals specifically with analysis automation. It should be noted that the CAST Delivery Manager Tool enables a discrete level of automation of source code and database schema extraction as part of the initial delivery. This step goes beyond the source code extraction and delivery and includes the automatic execution and snapshot generation as it relates to an application source code re-analysis.