Frequently Asked Questions
It is recommended to run a snapshot of CAST Highlight every quarter in order to see how your portfolio is trending over time. However, Highlight provides a scriptable command line which helps you automate the code scan integration within your CI/CD environment.
The results of CAST Highlight’s application portfolio analysis can be viewed through CAST Highlight’s online interactive portal. You can also integrate our public API or export all raw data into an XML or Excel file, making it easy for you to integrate CAST Highlight’s Software Intelligence insights and metrics into your existing reporting tools.
CAST Highlight supports over 40 technologies. Below outlines each supported technology for the various capabilities in the platform. Click here to see the technology coverage by use case (Sizing Metrics, Software Health, Cloud Readiness, Software Composition).
The Local Agent scans code quickly. It takes less than 5 minutes to analyze a normal-sized application of 150,000 lines of code (LOC) in Java. Note that our command line allows you to run multiple scans in parallel on the same machine. A large application of 1M LOC can be analyzed in less than an hour. Found something slow during the scan? Contact our product team, we love to continuously improve our analyzers.
- Microsoft Windows Operating System superior or equal to Windows 8
- Chrome (highly recommended for better experience), Microsoft Edge, FireFox ESR
- Local Agent Install/Scan: 300MB free disk space, 4GB memory
- Source code is available and stored in text files accessible from a Windows machine
The CAST Highlight portal is compatible with Microsoft Edge; Firefox ESR or higher; Safari 5.1.7 or higher; and all versions of Chrome. The portal is accessible on desktops, tablets and smartphones. The CAST Highlight Local Agent is compatible with Windows 8 or higher and can be run on desktops. The command line supports various Operating Systems including Windows, Linux, MacOS.
No, we’re a SaaS product. CAST Highlight is only deployed, managed, secured and supported by CAST. One of the great advantages of this model is that there is no infrastructure cost or upgrade effort.
Never. We make the agent available to you so that the analysis could be performed wherever your code may exist. The only information that is exchanged between our clients and us is the information you provide as part of the portfolio analysis survey and the output of the code quality analysis. CAST Highlight generates a .csv file that consists of three segments; Output File Attributes, Section Attributes and the File attributes. Please note that customer data is not sent over the internet either by e-mail or via other internet protocols. The result of the code-level analysis performed by CAST Highlight on the Client infrastructure is uploaded to the website through https and encrypted in transit using a 256-bit encryption mechanism.The Output File Attributes identifies the version of the analyzed application, the version of the analyzer and the type of analyzer by language. It also provides the file name and date the analysis was performed. The section data defines the file structure for the specific analyzer along with additional analyzer attributes. The File Attributes are a summary that is generated for each file analyzed. Scan metrics are anonymized (e.g. Id_123) and decoded by the portal once the file has been uploaded.
Not currently. We are investigating that option for the future. If you have a specific system in mind please let us know. However, CAST Highlight comes with a scriptable command line and a Docker image which can easily be integrated within your CI/CD environment. In addition, during the first scan of an application, the CAST Highlight Agent captures configurations you made (exclusion of certain technologies, folders or files) that make you save time for future scans of a same application.
Yes, you can add as many team members to participate as you wish. Simply select Add Member from the Plan page. You will need to provide their email address and CAST Highlight will send them an invitation to join. Three user roles are available: Portfolio Manager (can create, edit, delete applications, scan results and campaigns, invite users, etc.), Contributors (can upload code scan results, answer the application survey and see analytics and dashboards for their applications) and Result Viewers (can only see application portfolio analytics and dashboards).
For security purpose, 3 successive failed login attempt will lock your user account. To unlock it, use the “Forgot Password” feature available from the login page. Paste your CAST Highlight user login to receive a new activation link that will unlock your account.
Each user of CAST Highlight is attributed a specific role. Some roles have limited viewing rights. Please check with your CAST Highlight Administrator at your company for the type of access rights you have. Not sure who your Administrator is? Contact us.
The CAST Highlight user interface supports the following languages: English, French, Chinese, Japanese. Learn more in this article.
Each of these software health indicators is a simple aggregation of specific patterns. Each file is given an optional score to start, and as a pattern is detected, Highlight decrements the score. Once the agent has finished analyzing a file, it calculates how many points were decremented from the ideal score and determines its score. For example, if a file loses 25% of its score, it will be classified in the green (high quality). If a file loses 50% of its points, it will be categorized in the orange (medium quality). A file that loses 75% or more of its points will be classified in the red (low quality). This method is applied by each health area to provide scoring per software health indicator.
Code Insights are symptoms of your code that possibly indicate a deeper problem. CAST Highlight automatically detects these code insight to help put together the software health indicators. Code insights are not necessarily problems themselves. For example, long methods are often a symptom of mismanaged object responsibilities that require changes to the domain model. Simply splitting up the long method into smaller methods is not always the way to go.
Our benchmark data aggregates anonymized scores from a selection of active applications that have been analyzed in CAST Highlight. CAST Highlight has analyzed billions lines of code from 10,000+ applications. Our benchmarks are based on statistic quartiles. If for a given application the software health indicator is in the 1st quartile, then the app scored in the upper 25%, indicating a higher software health distribution compared to other applications. If the software health indicator is in the 4th quartile, then the app scored in the lower 25%, indicating a lower software health distribution compared to others. The benchmark application population is updated on a monthly basis.
Software Resiliency indicates programming best practices that make software bullet-proof, more robust and secure. This index is derived through technology-specific code analysis that searches for the presence of code patterns that may comprise the reliability of the software at short term. For more detailed information about this indicator, please visit our dedicated page in our Indicator & Methodology section.
Software Agility indicates the easiness of a development team to understand and maintain an application. This index is derived through technology-specific code analysis that searches for the presence of embedded documentation and code readability good practices.Â
For more detailed information about this indicator, please visit our dedicated page in our Indicator & Methodology section.
Software Elegance measures the ability to deliver software value with less code complexity. A low Software Elegance score indicates decreased quality in the code resulting in higher defects that become costly to fix at mid-term.
For more detailed information about this indicator, please visit our dedicated page in our Indicator & Methodology section.
In Highlight, cloud readiness of an application is measured by the Cloud Maturity index. This indicator assess the software & organization characteristics that can slow or speed a PaaS migration.
For more detailed information about this indicator, please visit our dedicated page.
Open Source Safety indicates the use of 3rd-party components that comply with security, license and age requirements. This index from 0 (low safety) to 100 (high safety) is an average of the three main scores for measuring Open Source/Third-Party component risk: Security & Vulnerabilities, License Compliance, Technology Obsolescence.
For more detailed information about this indicator, please visit our dedicated page.
The Business Impact Index measures the criticality of an application to your company’s business. The index is derived through specific online survey questions concerning application impact on the business.
For more detailed information about Highlight indicators, please visit our Indicator & Methodology section.
Yes. CAST Consolidates one of the largest databases on software components, with billions of signatures (fingerprints) computed for each version of open source and third-party components. Based on this unique database, CAST Highlight compares your application files fingerprint and aggregates component, version, license, release date information at both portfolio and application levels.
For more detailed information about CAST Highlight’s Software Composition Analysis (SCA) capabilities, please visit our Indicator & Methodology section.
Based on COCOMO II (Constructive Cost Model – Post Architecture), the Software Maintenance Effort calculated by Highlight estimates the ideal level of effort in order to maintain an application in good operational conditions, expressed in FTE (Full-Time Equivalent). This indicator is derived both from the Software Maintenance survey and the software quality analysis which are computed during the source code scan.
For more detailed information about Highlight indicators, please visit our Indicator & Methodology section.
Back-Fired Function Points (BFP) estimate the number of function points of an application. This code-derived metric is based on the lines of code, weighted by an abacus for a given technology.
For more detailed information about Highlight indicators, please visit our Indicator & Methodology section.
The term “Technical Debt”, first defined by Ward Cunningham, is having a renaissance. A wide variety of ways to define and calculate Technical Debt are emerging. Technical Debt represents the effort required to fix problems that remain in the code when an application is released. It is an emerging concept, and little reference data regarding the metaphor is available in a typical application.
For more detailed information about Highlight indicators, please visit our Indicator & Methodology section.
Technical Debt estimates exclusively rely on CAST Highlight’s code insights and their respective number of occurrences found during the code scan:
– Each code insight for each technology (where Software Health is supported) has its own effort estimate expressed in minutes, hours, or person-days. This effort is the estimated time required to fix one occurrence of the corresponding code insight.
– When an application is onboarded, CAST Highlight multiplies occurrences found for each code insight by the effort estimate.
– The total Technical Debt estimate equals the sum of all code insight effort estimates
For more detailed information about Highlight indicators, please visit our Indicator & Methodology section.
CAST Highlight does not interface with source code configuration management tools. Therefore, your source code must be extracted from your SCM system and placed into a folder that can be accessed by our agent.
If you are going to analyze ABAP client code and want to identify links to SAP tables/programs, then you need to extract information from your SAP system. Because CAST Highlight cannot connect directly to the SAP tables to determine link information, Highlight leverages third-party tools to extract the table/program data into a format that can be read by the Local Agent.
For more detailed information about the tools Highlight can leverage to help you extract source code, please visit our Tutorial & Tools section.
For technologies allowing files without extensions (typically COBOL), the Local Agent will scan the first lines of code looking for known keywords for a given technology (eg: PERFORM, MOVE, etc.), and will associate the file to the detected technology. However, in order to accurately configure your code scans, you can manually “force” a technology for a set of files or folders from the Agent. Then, the corresponding files will scanned with the analyzer you’ve selected.
For more detailed information on how to use Highlight, please visit our Tutorial & Tools section.
If you’ve discovered that some part of an application was overlooked or missed, all you need to do is to analyze that code then log back into CAST Highlight portal. You will simply add it as a component to its corresponding application and it will be aggregated into the quality and size results for that application.
For more detailed information on how to use Highlight, please visit our Tutorial & Tools section.