Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Info | |||||||
---|---|---|---|---|---|---|---|
Contents:
Related pages:
|
Warning | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
There are several approaches to integrate SAP and Kiuwan The integration of SAP and Kiuwan basically depends on:
Depending on your needs, Kiuwan provides several tools and mechanisms (as the below table shows)
Please visit SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote) |
How Kiuwan and SAP can be integrated
Extraction of ABAP source code and metadata
To execute any Kiuwan analysis, you must first indicate where the source code is located.
This first step seems trivial when you are working with a file system or with any source code repository, but it’s not when you are working with SAP.
Info | ||
---|---|---|
| ||
The ABAP code is located within the SAP Server, so you should first extract the ABAP code and let Kiuwan know the location of the extracted file. After extracting the ABAP code, Kiuwan will be ready to analyze it. |
Local or Remote Execution of Kiuwan analyses
Info | ||
---|---|---|
| ||
You should also decide the location where the ABAP code will be analyzed |
Kiuwan lets you implement two different types of approaches.
You can execute the Kiuwan analyses at two different locationsin the following ways:
- within the SAP server (local), (Local use - Baseline Analysis) or
- from within an external server (remote) (Remote use - Analysis outside the SAP Server)
- in a combination of both (hybrid) (SAPEX Hybrid approach)
Additionally, you can analyze either manually, or or automatically.
This way, Kiuwan will scan the code and deliver to you the analysis results.
Analysis of Packages (baselines) and Transport Orders (deliveries)
Info | ||
---|---|---|
| ||
Depending on your development life cyle you may have different needs. Sometimes you will need to analyze a complete package, while other times you will only need to analyze a transport order. |
- baselineBaseline analyses: a specific version of an application that is relevant enough to be considered as a reference to track further changes on it.
- deliveries Deliveries analyses: a new distribution of the application that contains changes to the baseline, due to corrective or evolutive maintenance.
- based Based on scope - partial vs complete, and
- based Based on completion status - resolved vs in progress
Please visit Kiuwan Life Cycle Doc for complete information.
How it works
When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the users may perform the following operations:
- Extract source code
- Either by running a program within the SAP server (
ZKW_SAPEX_CODE
) or remotely (using thesapexCode.xml
script), extracted code can be analyzed with Kiuwan Local Analyzer. - The code elements to extract could be based on transport requests/tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)
- Either by running a program within the SAP server (
- Extract system information (
- metadata
- )
- Metadata
- is used by the Kiuwan rules to search for defects and vulnerabilities.
- For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) are used by many security checks in Kiuwan.
- Metadata extraction could be performed either by running a program within SAP Server (
ZKW_SAPEX_METADATA
) , or remotely (using thesapexMetadata.xml
script).
Perform analysis on extracted source code
Within a SAP system with Kiuwan Local Analyzer deployed, by running the
ZKW_ANALYSIS
program. It offers the possibility for extracting source code before the analysis.
Add automated audits before releasing changes
SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI.
Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.