Versions Compared

Old Version 38

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 39

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

 

Warning
titleIntegration between SAP and Kiuwan

 

There are several approaches to integrate SAP and Kiuwan

Integration of SAP and Kiuwan basically depends on:

  • the scope of the analysis
    • Baselines for packages
    • Deliveries for transport orders

 

Depending on your needs, Kiuwan provides several tools and mechanisms (as below table shows)

 BaselineDeliveries
ResolvedIn Progress
Remote

From an external machine:

  • Extract source code (sapexCode.xml, sapexMetadata.xml)
  • Execute the analysis (using Kiuwan Local Analyzer)

Visit Remote use - Analysis outside the SAP Server

N/AN/A
Local

Within SAP System:

  • Extract source code (ZKW_SAPEX_CODE, ZKW_SAPEX_METADATA)
  • Execute the analysis (ZKW_ANALYSIS)

Visit Local use - Baselines

Automatic process:

  • Executed previously to Release a Transport Request or Task

Visit Local use - Resolved Deliveries

Within SAP System:

  • Execute the analysis (ZKW_ANALYSIS_TO)

Visit Local use - In-Progress Deliveries

 

Please, visit SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote)

 

IMPORTANT: This documentation on SAP Analysis with Kiuwan substitutes any other previous documentation about this subject (for example, Kiuwan's Blog posts on SAP)

 

 

Welcome to SAP Extractor for Kiuwan (SAPEX)

How Kiuwan and SAP can be integrated

 

InfoTo analyze ABAP code in Kiuwan, 

Extraction of ABAP source code and

information from SAP system need to be exported previously to be analyzed by Kiuwan.

SAP Extractor (SAPEX) for Kiuwan performs these tasks.

NOTE: SAPEX is expected to run in any SAP NetWeaver 7.4+ platform.

Contact Kiuwan Technical Support Kiuwan Support for previous platform versions.

How Kiuwan and SAP can be integrated

metadata

 

In order to execute any Kiuwan analysis, you must first indicate where the source code is located.

...

After extracting the ABAP code, Kiuwan will be ready to analyze it.

 

Local or Remote Execution of Kiuwan analyses

 

Info
titleWhere will the analyses be run ?

You should also decide the location where the ABAP code will be analyzed

...

This way, Kiuwan will scan the code and deliver to you the analysis results.

 

Analysis of Packages (deliveries) and Transport Orders (deliveries)

 

Info
titleWhen the analysis should be executed?

Depending on your development life cyle you may have different needs.

Sometimes you will need to analyze a complete package, while other times you will only need to analyze a transport order.

...

Kiuwan allows you to fully integrate the analyses within your custom development life cycle by providing different types of analyses:

Within SAP System:

  • Execute the analysis (ZKW_ANALYSIS_TO)

...

  • baseline analyses: a specific version of an application that is relevant enough to be considered as a reference to track further changes on it
  • deliveries analyses: a new distribution of the application that contains changes to the baseline, due to corrective or evolutive maintenance
    • based on scope - partial vs completeand
    • based on completion status  - resolved vs in progress 
 

Please visit Kiuwan Life Cycle Doc for complete information.

 

...

Therefore,  the approach to integrate SAP and Kiuwan consists on

  • Run the ABAP code extraction mechanisms and execute the  Kiuwan analyses
    • Baselines for packages
    • Deliveries for transport orders

 

Operational Models

...

From an external machine:

  • Extract source code (sapexCode.xml, sapexMetadata.xml)
  • Execute the analysis (using Kiuwan Local Analyzer)

Visit Remote use - Analysis outside the SAP Server

...

Within SAP System:

  • Extract source code (ZKW_SAPEX_CODE, ZKW_SAPEX_METADATA)
  • Execute the analysis (ZKW_ANALYSIS)

Visit Local use - Baselines

...

Automatic process:

  • Executed previously to Release a Transport Request or Task

Visit Local use - Resolved Deliveries

 



How it works

 

When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the user may perform the following operations:

 
  • Extract source code 
    • Either by running a program within SAP server (ZKW_SAPEX_CODE) , or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer
    • The code elements to extract could be based on transport requests / tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)
 
  • Extract system information ("metadata")
    • Metadata are used by Kiuwan rules to search for defects and vulnerabilities
    • For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) is used by many security checks in Kiuwan. 
    • Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).
 

  • Perform analysis on extracted source code

    • Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before analysis.

 

  • Add automated audits before releasing changes

    • SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI

    • Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.

 

...