Products

edit

CAST provides 2 sets of products of different technologies, pricing, implementation models, and usage: CAST Highlight and CAST Imaging.

CAST Highlight

edit

CAST Highlight is an SaaS product for performing rapid application portfolio analysis. It analyzes source code of applications to measure their cloud readiness, to analyze their composition, resiliency, and technical debt. Software insights collected from the source code analysis are correlated with built-in qualitative surveys for adding business context insights on top of technical information.

CAST Imaging

edit

CAST Imaging is an on-prem product that can run for reverse-engineers all database structures, code components, and interdependencies in custom-built applications. It provides interactive and accurate architecture blueprints, data-call graphs, and end-to-end transaction flows in a web UI with the ability to export details externally. CAST Imaging also provides dashboards with add-on modules:

  • CAST Management Dashboard: a web dashboard providing information and metrics about the health of software components of an application. Health metrics are computed based on Robustness, Efficiency, Security, Changeability, and, Transferability of the source code. These metrics are based on the CISQ quality model. Additionally, metrics such as Technical Size, Functional Size based on Automated Function point computation, Technical Debt based on SQuaRE [1] approach, TQI (Technical Quality Index) are provided on this dashboard.
  • CAST Engeeginnering Dashboard: a web dashboard providing technical information about software components of an application. Information provided concern the size of the application (files, components, lines of code), risks, and violations based on critical rules violations. Information is aggregated in a dashboard and can be accessed down to the source code.
  • CAST Security Dashboard: a web dashboard dedicated to security of an application. Critial violations are based on industry standards (CWE, OWASP, STIG)[2] and are accessible down to the source code.


CAST MRI for Software

edit
CAST MRI for Software
Developer(s)CAST Software
Initial release2006-2007 Cite error: There are <ref> tags on this page without content in them (see the help page).
Stable release
8.3 / July 10, 2019; 4 years ago (2019-07-10)
Written inJava, C++, C, Python
Operating systemCross-platform
TypeStatic program analysis
Websitewww.castsoftware.com/products/application-intelligence-platform

CAST MRI for Software is composed of multiple static code analysis engines analyzing all the source code, database scripts, configuration files and dependencies composing a software. It extracts all the the artifacts and identifies the type of interactions between all to provide a system-level analysis [3]. That information is then used for structural quality analysis or architectural analysis, or available through API:

  • Architectural and dependencies representation of the applications analyzing: CAST Imaging
  • Quality and security information: Management, Engineering, and Security dashboards


CAST Imaging

edit

CAST Imaging: a web-based application to visualize and navigate through all components of an application depending on their layers and language type.

Management Dashboard

edit

CAST Management Dashboard: a web dashboard providing information and metrics about the health of software components of an application. Health metrics are computed based on Robustness, Efficiency, Security, Changeability, and, Transferability of the source code. These metrics are based on the CISQ quality model. Additionally, metrics such as Technical Size, Functional Size based on Automated Function point computation, Technical Debt [4] based on SQuaRE [5] approach[6], TQI (Technical Quality Index) are provided on this dashboard.


Applications

edit

Results of static program analysis tools are used differently depending on users and concerns. Main usages of CAST AIP are:

  • Application Development Management: Measuring and monitoring the quality of software developments is part of the continuous improvement cycle[7] of application development.
  • Software Modernization: before modernizing a legacy system, it is mandatory to get the knowledge and understanding of its applications[8]. The intangibility of an existing legacy system represented by its source code is a significant comprehension challenge for software engineers[9]. The practice of knowledge acquisition through analysis of internal structures and source code of an application for its modernization is referred as white-box modernization[10].
  • Software Quality and Security[11]: results of analyses are used to enforce the quality [12] and security of applications [13] [14].

Awards

edit

CAST named in 2019 Gartner Magic Quadrant for Application Security Testing [15]

CAST Imaging

edit

CAST Imaging is a commercial software providing visual blueprints of the architecture and components of custom-based applications. Custom-based applications are analyzed by proprietary static analyzers and visualization of software artifacts is made using a web browser. Its application is to accelerate the understanding and learning of complex apps as well as enabling the analysis of architecture structure for maintaining, refactoring, and rearchitecting existing applications.

Applications

edit
CAST Imaging
Developer(s)CAST Software
Initial release2019 Cite error: There are <ref> tags on this page without content in them (see the help page).
Stable release
2.1 / November 14, 2020; 3 years ago (2020-11-14)
Written incypher, go, react, JavaScript
Operating systemCross-platform
TypeStatic program analysis
Websitewww.castsoftware.com/products/imaging



References

edit
  1. ^ "ISO/IEC 25010:2011". ISO. Archived from the original on 14 March 2016. Retrieved 14 March 2016.
  2. ^ AlBreiki, Q. H.; Hasan AlBreiki, H. H. (2014). "Evaluation of static analysis tools for software security". 2014 10th International Conference on Innovations in Information Technology (IIT): 93–98. doi:10.1109/INNOVATIONS.2014.6987569. ISBN 978-1-4799-7212-8.
  3. ^ Ernst, Neil; Bellomo, Stephany; Ozkaya, Ipek; Nord, Robert (May 2017). "What to Fix? Distinguishing between design and non-design rules in automated tools". Carnegie Mellon University Software Engineering Institute: 165–168. arXiv:1705.11087. doi:10.1109/ICSA.2017.25. ISBN 978-1-5090-5729-0.
  4. ^ Griffith, Isaac; Reimanis, Derek; Izurieta, Clemente; Codabux, Zadia; Deo, Ajay; Williams, Byron (2014). "The Correspondence Between Software Quality Models and Technical Debt Estimation Approaches". 2014 Sixth International Workshop on Managing Technical Debt: 19–26. doi:10.1109/MTD.2014.13. ISBN 978-1-4799-6791-9.
  5. ^ "ISO/IEC 25010:2011". ISO. Archived from the original on 14 March 2016. Retrieved 14 March 2016.
  6. ^ Plösch, Reinhold; Bräuer, Johannes; Saft, Matthias; Körner, Christian (2018). "Design debt prioritization: a design best practice-based approach". IEEE/ACM International Conference on Technical Debt (TechDebt). doi:10.1145/3194164.3194172.
  7. ^ Plösch, Reinhold; Gruber, Harald; Körner, Christian (2010). "A method for continuous code quality management using static analysis". IEEE/2010 Seventh International Conference on the Quality of Information and Communications Technology: 370–375. doi:10.1109/QUATIC.2010.68. ISBN 978-1-4244-8539-0.
  8. ^ Khadka, Ravi; Batlajery, Belfrit V.; Saeidi, Amir M.; Jansen, Slinger; Hage, Jurriaan (2014). "How Do Professionals Perceive Legacy Systems and Software Modernization?". Proceedings of the 36th International Conference on Software Engineering: 36–47. doi:10.1145/2568225.2568318. ISBN 9781450327565.
  9. ^ Grambow, Gregor; Oberhauser, R.; Reichert, Manfred (January 2017). "Providing automated holistic process and knowledge assistance during software modernization". Computer Systems and Software Engineering: Concepts, Methodologies, Tools, and Applications: 351–395. doi:10.4018/978-1-5225-3923-0.ch015. ISBN 9781522539230.
  10. ^ Comella-Dorda, S.; Seacord, R.C.; Wallnau, K.; Robert, J. (October 2000). "A survey of black-box modernization approaches for information systems" (PDF). Proc. Of the International Conference on Software Maintenance, San Jose, California: 173–183.
  11. ^ "Source Code Analysis Tools".
  12. ^ Neto, T.; Arrais, R.; Sousa, A.; Veiga, G. (November 2019). "Applying Software Static Analysis to ROS: The Case Study of the FASTEN European Project". In Iberian Robotics Conference. Advances in Intelligent Systems and Computing. 1092: 632–644. doi:10.1007/978-3-030-35990-4_51. ISBN 978-3-030-35989-8.
  13. ^ Nunes, Paulo; Medeiros, Ibéria; Fonseca, José C. (May 2018). "Benchmarking Static Analysis Tools for Web Security". IEEE Transactions on Reliability. 67 (3): 1159–1175. doi:10.1109/TR.2018.2839339.
  14. ^ Chess, B.; McGraw, G. (Nov 2004). "Static analysis for security". IEEE Security & Privacy. 2 (6): 76–79. doi:10.1109/MSP.2004.111.
  15. ^ Tirosh, Ayal; Zumerle, Dionisio; Horvath, Mark (18 April 2019). "Magic Quadrant for Application Security Testing".

Category:Static program analysis tools Category:Software testing tools Category:Software companies of France Category:Companies based in New York