Integrate Code Analysis with Change Control to Reduce Risk – Part II
Recently, RSC development completed an integration of Rev-Trac with Virtual Forge’s CodeProfiler, which automates code inspection and reports coding errors or security problems.
As code profilling technologies become more advanced, you can use them to help ensure your team maintains an acceptable standard of development. Integration makes it possible to embed such QC tools as mandatory components of your software quality assurance approach. That way, you can be confident that your quality standards are maintained without resorting solely to manual human interventions and code reviews.
Not only do code inspection tools allow you to analyze current work in progress before it’s imported into productive SAP systems, but you can also review historical code written for core critical functionality long before automated review software was available. This allows you to anticipate potentially serious problems. For example, it will reveal programs now in use that can be misused to compromise system integrity. Or you can test whether confidential, sensitive information can be accessed by unauthorized users.
When applying certain types of sensitive change, code inspection should become an enforced part of your QC. One way you can make sure it occurs is to make it part of an automated, enforceable change control process. You might not want to do that for all of your code, but certainly for the most important code or code that impacts business-critical processes.
Of course, when coding problems are revealed, the next step is to determine what systems or software components might be affected. System intelligence tools like RSC’s Salt, which can drill down as deeply as needed into existing ABAP code, custom software and SAP landscapes, can be a huge help in that regard. I should mention that Salt is now closely integrated with RSC’s Rev-Trac change control technology, making such investigations much simpler to carry out with confidence.
At a time when respected analysts like IDC are urging organizations to treat entire systems as unified processes rather than as a chained series of separate, discrete components, the ability to see almost organically how everything fits together is crucial. The need for this level of system intelligence and visibility is what led us to develop Salt and then integrate it with Rev-Trac and then extend our integration vision to other third party ALM tools such as CodeProfiler.
If you don’t have a fully automated change control solution like Rev-Trac in place yet, Salt is a good place to start to understand how your SAP components and custom ABAP code all fit together. Simply taking that closer look will reveal the importance, in a unified series of processes, of top-flight ALM tools such as Virtual Forge’s CodeProfiler.