Date: Fri, 29 Mar 2024 14:06:32 +0100 (CET) Message-ID: <1644523605.1348.1711717592190@localhost> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1347_2018488773.1711717592190" ------=_Part_1347_2018488773.1711717592190 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
In this guide, you will learn how to use the Action Plan function in Kiu= wan.
Contents:
Once you have analyzed an application with Kiuwan, you will have a bunch= of results.
Most likely, you will not decide to fix all the defects found, but a sub= set of them.
That subset of defects to be fixed will be decided based on very differe= nt considerations, from technical to economic reasons. The most common reas= ons have to do with the technical impact of the defects and available effor= t to fix them.
Those defects, together with target dates and responsible assignee, cons= titute an Action Plan.
Kiuwan helps you during this process:
Let=E2=80=99s go through those steps and see how Kiuwan can help you.
As said above, the Action Plan can be decided on several factors, such a= s technical considerations and/or economical reasons.
To decide which defects to fix, Kiuwan lets you:
Let=E2=80=99s suppose we have an application with the following results<= /p>
As we can see, although the application shows quite acceptable indicator= s for Efficiency, Portability, and Reliability, we have poor levels for Mai= ntainability and Security.
What is most important to fix depends on your business needs.
You could be making yourself these kinds of questions:
All the above questions are quite common, so let=E2=80=99s see how Kiuwa= n will help to assess and define an appropriate action plan.
Once you select the application and analysis, you select the Action Plan= tab and clicking on the Menu you will have both options:
Kiuwan allows you to create an Action Plan by manually selecting those d= efects you are most interested in fixing.
For example, let=E2=80=99s suppose that you are very concerned about sec= urity and, taking OWASP as your main security reference, you want to make s= ure that OWASP-related High and Very High defects should be fixed. That=E2= =80=99s your plan.
To do it, once you click New action plan, you = will be presented all the defects of the application.
Just filter the defects list for the appropriate criteria select all of = them (or any subset you consider).
Once done, click Save.
You will see the number of defects contained in this action plan, the ef= fort required to fix them as well as the metrics before and after the fulfi= llment of the action plan.
What if you want to improve your code but you don=E2=80=99t know where t= o start?
Well, =E2=80=98What if=E2=80=99 feature helps you generating an automati= c action plan with a given quantity of available hours or a quality goal yo= u want to achieve.
Rather than manually selecting the specific defects, let Kiuwan find tho= se defects that should be fixed according to your needs.
What-If tool allows you to simulate as many scenarios as you want, letti= ng you build an action plan based on two different strategies:
You could decide to spend a certain amount of hours to fix tasks. <= /p>
For example, let=E2=80=99s suppose you have 1 week (40 hours) to dedicat= e, so you will need to identify those defects that will return you the high= est return.
Kiuwan will distribute the effort to maximize Global Indicator.<= /strong>
You can specify the total amount to be distributed across all the charac= teristics or the amount to dedicate only to certain characteristics.
In the example, the application has acceptable levels for Efficiency, Po= rtability, and Reliability, so you could decide to spend those 40 hours dis= tributed evenly in Security (20h) and Maintainability (20h).
As another approach to effort-driven, you could decide to impro= ve any of the characteristics to meet a certain value.
For example, using our example, you could want to have a plan to reach 5= 0 for Security and reach 30 for Maintainability.
What-If lets you specify this and any other combination= that suits your needs.
As with the effort-based approach, Kiuwan will generate the optimized li= sting of defects that should be fixed to meet the indicated values.
Whatever is the approach (effort- or simulator-driven), click
Click Save this action plan to create the Action P= lan, or continue the simulation until you find an appropriate plan that sui= ts your needs.
Select the Action Plans tab of Code Analysis to sh= ow all the available Action Plans for the selected application.
For every Action Plan, Kiuwan provides the following information:
Action Plan Progress (%) is calculated as the percentag= e of defects fixed in the last application analysis as compared to the defe= cts when the action plan was created. Click the Progress link to show a det= ailed Progress page.
Pending Effort is calculated as the effort to fix the r= emaining defects.
As the application is further analyzed, Kiuwan will update progress indi= cators for every plan.
Click the Progress link of any action plan to= show the detailed Progress page.
At this page, you will be able to see the Remediation Timeline= strong>, i.e. a temporal view of the execution progress of the plan.
By hovering the mouse over any point you will see details such as analys= is date and fixed vs total defects.
Progression information will be presented for any analysis you choose (s= electing the analysis in the selection list).
Circle graphics display information on Progress as well as Pending Defec= ts (classified by Priority and Software characteristic).
Also, you will be presented with three tabs with a breakdown of the acti= on plan=E2=80=99s defects ;
Visit the following guide: Export an Action Plan