Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


CQM is a model for assessing the internal security and quality of a software product.

It is designed by Kiuwan and provided 'out-of-the-box' in Kiuwan, so users can begin analyzing the security and quality of their code immediately and, once they acquire the knowledge of the methodology behind the code certification, they will be able to "calibrate" these models, develop new models from it or from scratch, etc.

Kiuwan Standard Compliance Analyzer

Please visit Kiuwan supported languages to view the list of languages supported by Kiuwan so far.


  • Checking that the code complies with the configured quality model set or rules.
  • Checking if the implemented code and the architectures are aligned: application of best practices required in the use of an application framework, if insulation between layers is observed...
  • Determining if there are potential defects —poorly expressed logical conditions, synchronization failures between threads or race conditions, resource/potential memory leaks...— to be reviewed.

Kiuwan Metrics, Rules and Indicators

Kiuwan Indicators

Kiuwan indicators are metrics calculated from evidences —we call them 'defects'— which Kiuwan extracted from source code with its analyzers.
They provide us an indication of:

  • Some software quality characteristic, such as: Efficiency, Maintainability, Reliability, Security or Portability.
  • The Overall Quality Index —obtained based on a weighted formula using the software quality characteristics mentioned before—.
  • The Risk associated with the structural quality of the software.
  • The Effort to target or the amount of hours needed to achieve the quality set as the target of the application being analyzed.

Risk index

Risk index represents the potential problems that you are assuming for not paying attention to the quality of your source code. In other words: how far you are to get an acceptable quality level.
It is a number that concentrates all the evidence found in the source code of your application.
It has used your quality indicator and the effort that you need to spend to reach the quality level set as goal for you.
So, if you have poor quality, but if the effort needed to get better is low, you are not assuming a high risk in this application because you are going to repair your problems easily. But if your effort needed to get better is very high, your risk index will be high too.
Pay attention to risk index evolution in time.

Kiuwan Rules

Kiuwan provides a library with hundreds of rules that verify the standard compliance for the technologies supported, with great configuration capabilities —see User's Guide chapter for details—.
From this library, users can use the Kiuwan Standard Quality Model, called CQM, or build from this or from scratch new and specific quality models.

Kiuwan Code metrics

Metrics understanding is usually difficult to obtain. Kiuwan produce code metrics reports for determining if some specified goals are attained by the design and implementation, by linking Issues to action plans that could be answered by the metrics distilled from the implementation artifacts.
Kiuwan provides, through its metric sets, the information about Volumetric, Documentation, Complexity, Quality, Efforts or Governance, needed to this monitoring activity.

Kiuwan Duplicate Code Rules

A special type of rules are the one that allows Kiuwan to provide the capacity to effectively identify redundant code.


Children Display