📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - in Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account. Otherwise, see the FAQ.

CAST Application Intelligence Platform

From EverybodyWiki Bios & Wiki



CAST Application Intelligence Platform
Developer(s)CAST Software
Initial release2004
Stable release
8.3 / July 10, 2019; 4 years ago (2019-07-10)
Written inJava, C++, C, Python
Engine
    Operating systemCross-platform
    TypeStatic program analysis
    Websitewww.castsoftware.com/products/application-intelligence-platform

    Search CAST Application Intelligence Platform on Amazon.

    CAST Application Intelligence Platform (CAST AIP) is a commercial software published by CAST Software. It is composed of different static code analysis engines analyzing the source code, dependencies of components, configuration files, and database scripts of applications. It then identifies the interactions between the code components to provide system-level analysis.[1]. Results are then available through different dashboards. Data and metrics provided are organized according to the CISQ and the OMG standards: Resiliency, Efficiency, Security, Easiness of maintaining systems.

    CAST AIP is also active on Technical Debt measurements and used by researchers for the purpose of evaluating automated calculation of Technical Debt [2] [3] [4].

    Components[edit]

    CAST AIP is a platform composed of different components:

    • CAST Architecture Checker: a dedicated application enabling architects to design and to validate enterprise design and architecture checks for an application.
    • CAST AIP Console: a dedicated application for analyzing the source code and dependencies of the components of an application.
    • CAST Engeeginnering Dashboard: a web dashboard providing technical information about software components of an application. Information provided concerns the size of the application: files, components, lines of code; risks, and violations based on critical rules violations. Information is aggregated in a dashboard and can be accessed down to the source code.
    • CAST Health Dashboard: a web dashboard providing information and metrics about the health of software components of an application. Health metrics are computed based on Robustness, Efficiency, Security, Changeability, and, Transferability of the source code. These metrics are based on the CISQ quality model. Additionally, metrics such as Technical Size, Functional Size based on Automated Function point computation, Technical Debt [5] based on SQuaRE[6] approach[7], TQI (Technical Quality Index) are provided on this dashboard.
    • CAST Security Dashboard: a web dashboard dedicated to security of an application. Critical violations are based on industry standards (CWE, OWASP, STIG)[8] and are accessible down to the source code.

    Applications[edit]

    Results of static program analysis tools are used differently depending on users and concerns. Main usages of CAST AIP are:

    • Application Development Management: Measuring and monitoring the quality of software developments is part of the continuous improvement cycle[9] of application development.
    • Software Modernization: before modernizing a legacy system, it is mandatory to get the knowledge and understanding of its applications[10]. The intangibility of an existing legacy system represented by its source code is a significant comprehension challenge for software engineers. The practice of knowledge acquisition through analysis of internal structures and source code of an application for its modernization is referred to as white-box modernization[11].
    • Software Quality and Security[12]: results of analyses are used to enforce the quality [13] and security of applications [14][15]. CAST AIP findings are contributing to the CWE community[16]

    Awards[edit]

    CAST AIP named in top 10 vendor for [[Static Application Security Testing|Static Application Security Testing] by Forrester in Dec 2019 [17]

    CAST AIP named in 2019 Gartner Magic Quadrant for Application Security Testing [18]

    References[edit]

    1. Ernst, Neil; Bellomo, Stephany; Ozkaya, Ipek; Nord, Robert (May 2017). "What to Fix? Distinguishing between design and non-design rules in automated tools". Carnegie Mellon University Software Engineering Institute: 165–168. arXiv:1705.11087. doi:10.1109/ICSA.2017.25. ISBN 978-1-5090-5729-0. Unknown parameter |s2cid= ignored (help)
    2. Avgeriou; Taibi, Davide; Apostolos, Ampatzoglou; Arcelli Fontana, Francesca; Terese, Besker; Alexandros, Chatzigeorgiou; Valentina, Lenarduzzi (September 2020). "An overview and comparison of technical debt measurement tools". IEEE Software. doi:10.1109/MS.2020.3024958.
    3. Shirin, Akbarinasaji; Bener, Ayse Basar; Erdem, Atakan (May 2016). "Measuring the principal of defect debt". Proceedings of the 5th International Workshop on Realizing Artificial Intelligence Synergies in Software Engineering: 1–7. doi:10.1145/2896995.2896999. ISBN 9781450341653. Unknown parameter |s2cid= ignored (help)
    4. T., Amanatidis; N., Mittas; A., Moschou; A., Chatzigeorgiou; A., Ampatzoglou; L., Angelis (September 2020). "Evaluating the agreement among technical debt measurement tools: building an empirical benchmark of technical debt liabilities". Empirical Software Engineering. 25 (5): 4161–4204. doi:10.1007/s10664-020-09869-w.
    5. Griffith, Isaac; Reimanis, Derek; Izurieta, Clemente; Codabux, Zadia; Deo, Ajay; Williams, Byron (2014). "The Correspondence Between Software Quality Models and Technical Debt Estimation Approaches". 2014 Sixth International Workshop on Managing Technical Debt: 19–26. doi:10.1109/MTD.2014.13. ISBN 978-1-4799-6791-9. Unknown parameter |s2cid= ignored (help)
    6. "ISO/IEC 25010:2011". ISO. Archived from the original on 14 March 2016. Retrieved 14 March 2016. Unknown parameter |url-status= ignored (help)
    7. Plösch, Reinhold; Bräuer, Johannes; Saft, Matthias; Körner, Christian (2018). "Design debt prioritization: a design best practice-based approach". IEEE/ACM International Conference on Technical Debt (TechDebt). doi:10.1145/3194164.3194172. Unknown parameter |s2cid= ignored (help)
    8. AlBreiki, Q. H.; Hasan AlBreiki, H. H. (2014). "Evaluation of static analysis tools for software security". 2014 10th International Conference on Innovations in Information Technology (IIT): 93–98. doi:10.1109/INNOVATIONS.2014.6987569. ISBN 978-1-4799-7212-8. Unknown parameter |s2cid= ignored (help)
    9. Plösch, Reinhold; Gruber, Harald; Körner, Christian (2010). "A method for continuous code quality management using static analysis". IEEE/2010 Seventh International Conference on the Quality of Information and Communications Technology: 370–375. doi:10.1109/QUATIC.2010.68. ISBN 978-1-4244-8539-0. Unknown parameter |s2cid= ignored (help)
    10. Khadka, Ravi; Batlajery, Belfrit V.; Saeidi, Amir M.; Jansen, Slinger; Hage, Jurriaan (2014). "How Do Professionals Perceive Legacy Systems and Software Modernization?". Proceedings of the 36th International Conference on Software Engineering: 36–47. doi:10.1145/2568225.2568318. ISBN 9781450327565. Unknown parameter |s2cid= ignored (help)
    11. Comella-Dorda, S.; Seacord, R.C.; Wallnau, K.; Robert, J. (October 2000). "A survey of black-box modernization approaches for information systems" (PDF). Proc. Of the International Conference on Software Maintenance, San Jose, California: 173–183. doi:10.1109/ICSM.2000.883039. ISBN 0-8186-6330-8. Unknown parameter |s2cid= ignored (help)
    12. "Source Code Analysis Tools".
    13. Neto, T.; Arrais, R.; Sousa, A.; Veiga, G. (November 2019). "Applying Software Static Analysis to ROS: The Case Study of the FASTEN European Project". In Iberian Robotics Conference. Advances in Intelligent Systems and Computing. 1092: 632–644. doi:10.1007/978-3-030-35990-4_51. ISBN 978-3-030-35989-8.
    14. Nunes, Paulo; Medeiros, Ibéria; Fonseca, José C. (May 2018). "Benchmarking Static Analysis Tools for Web Security". IEEE Transactions on Reliability. 67 (3): 1159–1175. doi:10.1109/TR.2018.2839339. Unknown parameter |s2cid= ignored (help)
    15. Chess, B.; McGraw, G. (Nov 2004). "Static analysis for security". IEEE Security & Privacy. 2 (6): 76–79. doi:10.1109/MSP.2004.111.
    16. "CWE-Compatible Products and Services".
    17. DeMartine, Amy; McClean, Christopher; Lyness, Trevor; Reese, Andrew (12 Dec 2017). "The Forrester Wave™: Static Application Security Testing, Q4 2017".
    18. Tirosh, Ayal; Zumerle, Dionisio; Horvath, Mark (18 April 2019). "Magic Quadrant for Application Security Testing".


    This article "CAST Application Intelligence Platform" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:CAST Application Intelligence Platform. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


    Retrieved from "https://en.everybodywiki.com/index.php?title=CAST_Application_Intelligence_Platform&oldid=2205592"
    License CC BY-SA 3.0
    Powered by MediaWiki
    Powered by Semantic MediaWiki