Rules development for Kiuwan (V): Query API

Once again, we continue our posts series on rules development for KIUWAN. In the last post, we saw the basic functionalities to navigate through the abstract sintax tree (AST): BaseNode, TreeNode, NodeVisitor and NodePredicate; and we also wrote about the two available AST versions:High-Level AST and Low-Level AST. Today, we’ll see the use of another available API for implementing rules: Query API. The com.optimyth.qaking.highlevelapi.dsl.Query class represents… Read more →


Bilog: from Satisfied Customer to Strategic Partner

Bilog initially used KIUWAN to integrate their development teams and offer to their customers more secure and optimized code. Thanks to Kiuwan’s ease of use and performance, Bilog has decided to offer their code auditing services to their customers with its specialized Quality Assurance team.   Bilog, French company specialized in software development and quality control, selected Kiuwan for internal developments made… Read more →


ABAP: continuous analysis with Kiuwan

In our last article on ABAP Series we saw the particularities of the SAP environment. The main difference between ABAP and other programming languages is that we need to extract the source code from SAP to text files. In that post we explained in detail a manual process to extract the code. Now we are going to use the Kiuwan ABAP extractor utility for this… Read more →

Deuda técnica

CIOs vs technical debt: a burden for innovation

Technical debt is a euphemism referring to the risk in production and potential rework assumed in software development. Due to the rush and other factors, a lack of quality in deployed software developments is allowed. It is normal that resources or quality are limited in every product, but in the business world and in any professional field, the debt must… Read more →

Software quality

Why they call it Quality when they actually mean Risk?

I have spent years offering testing and quality solutions to CIOs and Production, Development and Architecture Managers of large companies. During that time, no one answered the same when they were asked “what is quality for you?” or “what software quality and security initiatives have been implemented to date?”. Some of them speak about processes, requirements or IT governance; others identify… Read more →

The art of outsourcing your software development

Take a look at this practical guide to avoid headaches when outsourcing your software development. Don’t get lost and don’t be fooled! This paper presents and assesses the different techniques for the software evaluation that a “receptor” (recipient organization) of externally developed software can apply to determine the intrinsic aspects  (performance, security, efficiency, etc)  of the delivered software. Let’s take a look at paper’s… Read more →


OWASP Top 10: how to discover vulnerabilities in your CSharp applications

In this article, you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically. This post is the second part of another post about discovering vulnerabilities in a Java application. How can I… Read more →

Capers Jones new paper: Twenty Five Software Industry Goals for the Years 2015 through 2019

Capers Jones, well-known author and international public speaker, makes pubic his Twenty Five Software Industry Goals for the Years 2015 through 2019. Download the White Paper now He writes in the introduction that “progress in the software industry has resembled a drunkard’s walk, with both improvement and regressions occurring at the same time. For example agile is an improvement for small projects,… Read more →

Rules development

Rules development (IV): Basic API – navigating through the AST

Let’s continue with our series of posts on rules development for KIUWAN. In a previous post, we explained that the implementation of our rules consisted of a java class that meet certain characteristics, including a visit method where the rule main functionality is made, that is visiting the nodes of the AST object (Abstract Syntax Tree) to retrieve information confirming the existence of a violation… Read more →

Análisis local

Running local analysis: Kiuwan Local Analyzer

Kiuwan’s great advantage is its possibility to analyze your code in your own infrastructure without having to upload your code to the cloud. For this, we can download Kiuwan Local Analyzer, which will allow you to run a local analyses (or as many as you want) from any machine and view the results on KIUWAN with all the functionality it provides.… Read more →