Page tree
Skip to end of metadata
Go to start of metadata


Related pages:



Integration between SAP and the Kiuwan Solutions



There are several approaches to integrate SAP and the Kiuwan Solutions

The integration basically depends on:

  • The scope of the analysis:
    • Baselines for packages
    • Deliveries for transport orders


Depending on your needs, the Kiuwan Solutions provide several tools and mechanisms (as the below table shows)


Please visit SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote)


How the Kiuwan Solutions and SAP can be integrated

Extraction of ABAP source code and metadata


To execute any Kiuwan analysis, you must first indicate where the source code is located.

This first step seems trivial when you are working with a file system or with any source code repository, but it’s not when you are working with SAP.

ABAP source code extraction


The ABAP code is located within the SAP Server, so you should first extract the ABAP code and let the Kiuwan Solution know the location of the extracted file.

After extracting the ABAP code, Kiuwan will be ready to analyze it.

Local or Remote Execution of Kiuwan analyses


Where will the analyses be run ?


You should also decide the location where the ABAP code will be analyzed

The Kiuwan Solutions let you implement two different types of approaches.

You can execute the Kiuwan analyses in the following ways:

Additionally, you can analyze either manually or automatically. 

The Kiuwan Solution will scan the code and deliver to you the analysis results.


Analysis of Packages (baselines) and Transport Orders (deliveries)

When should the analysis be executed?


Depending on your development life cyle you may have different needs.

Sometimes you will need to analyze a complete package, while other times you will only need to analyze a transport order.

Kiuwan allows you to fully integrate the analyses within your custom development life cycle by providing different types of analyses:
  • Baseline analyses: a specific version of an application that is relevant enough to be considered as a reference to track further changes on it.
  • Deliveries analyses: a new distribution of the application that contains changes to the baseline, due to corrective or evolutive maintenance.
    • Based on scope - partial vs complete
    • Based on completion status  - resolved vs in progress 

Please visit Kiuwan Life Cycle Doc for complete information.

How it works

When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the users may perform the following operations:

  1. Extract source code 
    • Either by running a program within the SAP server (ZKW_SAPEX_CODE) or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer
    • The code elements to extract could be based on transport requests/tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)
  2. Extract system information (metadata)
    • Metadata is used by the Kiuwan rules to search for defects and vulnerabilities.
    • For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) are used by many security checks in the Kiuwan Solutions. 
    • Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).
  3. Perform analysis on extracted source code

    • Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before the analysis.

  4. Add automated audits before releasing changes

    • SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI. 

    • Source code extraction, analysis, and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.