As we’ve written before, Software Intelligence is becoming increasingly useful, helping bridge the gap between a true understanding of software health and the demands placed on IT and software systems by the business to deliver a seamless customer experience on digital platforms. But, of course, gaining Software Intelligence is done through an analysis of the complex inner structure of business-critical software systems.
What follows is a step-by-step guide to help technical leads discover and share the Software Intelligence produced by CAST.
After setting up your CAST Application Intelligence Platform (AIP) analysis cadence to match your app dev team’s Agile/sprint timing (e.g. every two weeks), the resulting Software Intelligence from the CAST analysis needs to be evaluated and prioritized so it can be put to work increasing your software quality.
Though this data review and prioritization can be automated, it is best to have someone begin by looking at the entire set of results. Typically, this should be someone, usually the Technical Lead or subject matter expert, with application-specific knowledge. This will help you better understand the data generated by the analysis and will ultimately serve as a starting point for automating the results.
The best place to start your review is with the results presented via the CAST Engineering Dashboard. With the Engineering Dashboard, you will be able to prioritize the most useful and impactful violations and flag them to be sent back to the development teams for remediation.
Technical and Quality Rule Weight
Both Technical Criteria and their associated Quality Rules are weighted to help prioritize the most impactful violations to select for remediation.
Propagated Risk Index (PRI)
This is a measurement of the riskiest objects of the application along with the Health Factors of Robustness, Performance, Security, Changeability and Transferability.
As these violations are identified, you will also be showed snippets of source code with the violation areas highlighted. From that snippet, you will also be presented with a Show More button to display additional code surrounding the violation, or you can use the View File option to view the entire source code file. This will allow you to better understand where the violations exist and decide which elements should be added to the Action Plan for remediation. Repeating this quality investigation on the application will build up a succinct list of violations flagged for remediation which are sorted by priority.
Establish action plans to remediate violations based on priority. The action plan data can be viewed in the dashboard, exported to Excel or automatically synced with a tracking software like Jira.
Unlocking the real power of CAST-generated Software Intelligence is applying this data in a reoccurring way. Whether that is performing a scan based on a calendar schedule or implementing a CAST analysis step in your CI/CD pipeline triggered by an event in your SDLC/DevOps flow, analyzing changes will help enable an ongoing feedback loop to both developers and IT leaders.
Next up, for Part 2, we will discuss how to enhance your Software Intelligence using CAST Architecture Checker.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.