The Software Health/Risk Measurement service measures the quality of and risks in one or more applications at a system level and against all common international standards and best practices, such as ISO 25010, OWASP, CISQ, NIST, OMG, etc. We use the global leading technology CAST Application Intelligence Platform.
The service differs from standard developer tools in several areas. Not only many more technologies are supported and more rules, standards and best practices are being measured, also the measurement takes place at the system level instead of the code level. This means that, in addition to the analysis at a code level, the architecture is also measured: all calls and interfaces between layers, components and third party or open source components are included in the analysis. In practice, 8% of the critical errors are in these connections, but it takes 80% of the maintenance time to find and fix these errors.
The service provides two dashboards: a Health Dashboard and a Engineering Dashboard.
The Health dashboard is a management dashboard on which the quality of the application and the architecture at a system level is expressed in a score from 1 (bad) to 4 (good). The health factors are:
- Robustness: How stable is the application?
- Efficiency: How is the performance of the application affected by the code?
- Security: What is the risk of a security breach?
- Changeability: How difficult and expensive is it to change the application?
- Transferability: How difficult it is to onboard a new team member or invest management with another team?
The overall quality is expressed in the Total Quality Index, also on a scale from 1 (poor) to 4 (good).
In addition to these health factors, additional standardized metrics, such as technical debt, the number of ‘critical violations’ and technical size (lines of code) metrics are shown.
The trends can be seen in the health dashboard if multiple measurements have been taken. For each Health factor, it can be checked which errors were found and how these led to the score in question.
The critical violations are marked with a red dot. Compliance is calculated by dividing the number of successful checks (code complies with standard or best practice) by the total number of checks. Per rule and per health factor there are thresholds with regard to compliance and the influence on the score. In the health dashboard you cannot drill down further, but by clicking on the microscope icon you go to the Engineering Dashboard.
The Software Risk/Health Assessment leads directly to actionable results through the Engineering Dashboard. No scores are shown in this dashboard, but all general violations and critical violations found. For each health factor, developers and maintenance staff can investigate specifically which errors were found, where they are in the code, why these are errors and how they can be solved. Certified Metri consultants prepare an Action Plan in the Engineering Dashboard, with which the greatest possible improvement of the scores can be realized. The Action Plan Optimizer also simulates the scores when the Action Plan is completed. Practice shows that developers learn a lot from the Engineering Dashboard and the explanation of the errors found so that these errors are no longer made in new versions. The strength of the CAST tooling, compared to other developer tools, is that it not only measures against significantly more standards and best practices, but also that all calls and connections between layers, components and modules are included in the analysis. Here are the hard-to-find errors, which usually take the most time to detect. Other developer tools would not find these errors, CAST AIP will.