Any inventor knows it: a great design really isn’t all that great until it stands the test of real-time use. (Proof: All those crazy old movies of flying machines crashing before they even got off the runway.) The same is true with software development. Only through system-level analysis can you learn how components interact with one another across multiple layers (UI, logic and data) and across multiple technologies. Much like those crazy old flying machines, the exact same piece of code can be safe and of excellent quality or highly dangerous, depending on its interaction with other components.
When you conduct system-level analysis in conjunction with application discovery and blueprinting, you’re setting yourself up for success. Three months ago, I shared my insights on getting started with Software Intelligence for the technical lead. Here I'd like to continue with that thread by looking at the process of building Software Intelligence with CAST Architecture Checker.
By using this module of the CAST Application Intelligence Platform (AIP), you can build a view of an application’s structural quality that helps in reducing security vulnerabilities and overall risk. Architecture Checker aids the Technical Lead or subject-matter-expert by:
- Providing information about application structure
- Allowing the definition of custom rules
- Tracking and control of these rules in subsequent application development.
Architecture rules are custom to each application. However CAST’s Extend repository includes a starter library of rules. You can build on these rules and save them for use with future analyses
Constructing Your View
- Start by building layers and sets–logical containers of elements – within Architecture Checker, using types and properties (attributes of the object). The logic for creating layers can be any combination of technology, identification (e.g. type, name, module, code path, etc.), or category (CAST Quality Rules and Measures)
- The Layers and Sets display provides a detailed description of contents for each of Architecture Checker’s layer and sets contents.
- Types and Properties displays the contents in the CAST Meta-Model – an exhaustive list of object types and categories.
Once you’ve built the layers representing the objects of a system, you can now build either Authorized Dependencies (acceptable flow through the application) or Forbidden Dependencies (unacceptable flow through the application). Do this by dragging-and-dropping an arrow from one layer to another.
Going Live with Architecture Checker
After repeating this process to build a system “map,” you can now conduct a live violations check, using data from the most recent CAST analysis knowledge base.
- Orange connection arrow(s) indicate a violation to the intended model. You’ll also see a count of the number of links violating the model, and you can access a detailed view.
- When you’re connected to a specific application using Architect Checker, you can conduct Live Check for Architecture Model in the application’s current state. (Green connection arrow(s) indicated an intended connection.)
- Analyzing and enforcing structural quality and adherence to architecture is difficult. By defining and saving an architecture model using Architecture Checker, the CAST analysis can alert you when violations occur based on the model, then help you to investigate them. You can also leverage Architecture Model to create architectural and custom rules, then save them to the CAST assessment model for later evaluation during application analysis.
I look forward to your comments and questions about Architect Checker’s role in system-level analysis and building upon overall Software Intelligence. In Part 3, I’ll discuss how you can use CAST Enlighten to blueprint software as you continue to gather, refine, and leverage Software Intelligence – all in your effort to ensure software quality and make certain that your “crazy flying machines” will soar off the runway as planned.