Page History

How it works

When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the user may perform the following operations:

• Extract source code 
  • Either by running a program within SAP server (ZKW_SAPEX_CODE) , or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer. 
  • The code elements to extract could be based on transport requests / tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)

• Extract system information ("metadata")
  • Metadata are used by Kiuwan rules to search for defects and vulnerabilities
  • For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) is used by many security checks in Kiuwan. 
  • Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).

• Perform analysis on extracted source code

  • Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before analysis.

• Add automated audits before releasing changes

  • SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI. 

  • Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.