Flying High with Software Intelligence: A Guide for Technical Leads (Part 2)

Any inventor knows it: a great design really isn’t all that great until it stands the test of real-time use. (Proof: All those crazy old movies of flying machines crashing before they even got off the runway.) The same is true with software development. Only through system-level analysis can you learn how components interact with one another across multiple layers (UI, logic and data) and across multiple technologies. Much like those crazy old flying machines, the exact same piece of code can be safe and of excellent quality or highly dangerous, depending on its interaction with other components.

Old Fashioned Airplane

When you conduct system-level analysis in conjunction with application discovery and blueprinting, you’re setting yourself up for success. Three months ago, I shared my insights on getting started with Software Intelligence for the technical lead. Here I'd like to continue with that thread by looking at the process of building Software Intelligence with CAST Architecture Checker.

By using this module of the CAST Application Intelligence Platform (AIP), you can build a view of an application’s structural quality that helps in reducing security vulnerabilities and overall risk. Architecture Checker aids the Technical Lead or subject-matter-expert by:

Providing information about application structure
Allowing the definition of custom rules
Tracking and control of these rules in subsequent application development.

Architecture rules are custom to each application. However CAST’s Extend repository includes a starter library of rules. You can build on these rules and save them for use with future analyses

Constructing Your View

Start by building layers and sets–logical containers of elements – within Architecture Checker, using types and properties (attributes of the object). The logic for creating layers can be any combination of technology, identification (e.g. type, name, module, code path, etc.), or category (CAST Quality Rules and Measures)
The Layers and Sets display provides a detailed description of contents for each of Architecture Checker’s layer and sets contents.

Layers and Sets_Photo 1

Types and Properties displays the contents in the CAST Meta-Model – an exhaustive list of object types and categories.

Once you’ve built the layers representing the objects of a system, you can now build either Authorized Dependencies (acceptable flow through the application) or Forbidden Dependencies (unacceptable flow through the application). Do this by dragging-and-dropping an arrow from one layer to another.

Going Live with Architecture Checker

After repeating this process to build a system “map,” you can now conduct a live violations check, using data from the most recent CAST analysis knowledge base.

Violations_Photo 2

Orange connection arrow(s) indicate a violation to the intended model. You’ll also see a count of the number of links violating the model, and you can access a detailed view.
When you’re connected to a specific application using Architect Checker, you can conduct Live Check for Architecture Model in the application’s current state. (Green connection arrow(s) indicated an intended connection.)
Analyzing and enforcing structural quality and adherence to architecture is difficult. By defining and saving an architecture model using Architecture Checker, the CAST analysis can alert you when violations occur based on the model, then help you to investigate them. You can also leverage Architecture Model to create architectural and custom rules, then save them to the CAST assessment model for later evaluation during application analysis.

Architecture Model_Photo 3

I look forward to your comments and questions about Architect Checker’s role in system-level analysis and building upon overall Software Intelligence. In Part 3, I’ll discuss how you can use CAST Enlighten to blueprint software as you continue to gather, refine, and leverage Software Intelligence – all in your effort to ensure software quality and make certain that your “crazy flying machines” will soar off the runway as planned.

Filed in: Application Quality Application Security Modern Architecture Software Intelligence

Â This report describes the effects of different industrial factors on structural quality. Structural quality differed across technologies with COBOL applications generally having the lowest densities of critical weaknesses, while JAVA-EE had the highest densities. While structural quality differed slightly across industry segments, there was almost no effect from whether the application was in- or outsourced, or whether it was produced on- or off-shore. Large variations in the densities in critical weaknesses across applications suggested the major factors in structural quality are more related to conditions specific to each application. CRASH Report 2020: CAST Research on the Structural Condition of Critical Applications Report

Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers

Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report

Kyle Christiansen Technical Solutions Architect

Kyle Christiansen is a Technical Solutions Architect at CAST and has more than a decade of experience as a software engineer and team manager. He has designed systems and product architectures to deliver personalized, secure and highly available apps.