Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 40 Next »



Related pages:



Integration between SAP and Kiuwan



There are several approaches to integrate SAP and Kiuwan

Integration of SAP and Kiuwan basically depends on:

  • the scope of the analysis
    • Baselines for packages
    • Deliveries for transport orders


Depending on your needs, Kiuwan provides several tools and mechanisms (as below table shows)

ResolvedIn Progress

From an external machine:

  • Extract source code (sapexCode.xml, sapexMetadata.xml)
  • Execute the analysis (using Kiuwan Local Analyzer)

Visit Remote use - Analysis outside the SAP Server


Within SAP System:

  • Extract source code (ZKW_SAPEX_CODE, ZKW_SAPEX_METADATA)
  • Execute the analysis (ZKW_ANALYSIS)

Visit Local use - Baselines

Automatic process:

  • Executed previously to Release a Transport Request or Task

Visit Local use - Resolved Deliveries

Within SAP System:

  • Execute the analysis (ZKW_ANALYSIS_TO)

Visit Local use - In-Progress Deliveries


Please, visit SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote)


IMPORTANT: This documentation on SAP Analysis with Kiuwan substitutes any other previous documentation about this subject (for example, Kiuwan's Blog posts on SAP)



How Kiuwan and SAP can be integrated


Extraction of ABAP source code and metadata


In order to execute any Kiuwan analysis, you must first indicate where the source code is located.

This first step seems trivial when you are working with a file system or with any source code repository, but it’s not so when you are working with SAP.

ABAP source code extraction


ABAP code is located within SAP Server, so you should first extract ABAP code and let Kiuwan know the location of the extracted info.

After extracting the ABAP code, Kiuwan will be ready to analyze it.


Local or Remote Execution of Kiuwan analyses


Where will the analyses be run ?


You should also decide the location where the ABAP code will be analyzed

Kiuwan lets you implement two different approaches.

You can execute the Kiuwan analyses at two different locations:

Additionally, you can analyze either manually, or automatically

This way, Kiuwan will scan the code and deliver to you the analysis results.


Analysis of Packages (baselines) and Transport Orders (deliveries)


When the analysis should be executed?


Depending on your development life cyle you may have different needs.

Sometimes you will need to analyze a complete package, while other times you will only need to analyze a transport order.

Kiuwan allows you to fully integrate the analyses within your custom development life cycle by providing different types of analyses:
  • baseline analyses: a specific version of an application that is relevant enough to be considered as a reference to track further changes on it
  • deliveries analyses: a new distribution of the application that contains changes to the baseline, due to corrective or evolutive maintenance
    • based on scope - partial vs completeand
    • based on completion status  - resolved vs in progress 

Please visit Kiuwan Life Cycle Doc for complete information.


How it works


When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the user may perform the following operations:

  • Extract source code 
    • Either by running a program within SAP server (ZKW_SAPEX_CODE) , or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer
    • The code elements to extract could be based on transport requests / tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)
  • Extract system information ("metadata")
    • Metadata are used by Kiuwan rules to search for defects and vulnerabilities
    • For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) is used by many security checks in Kiuwan. 
    • Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).
  • Perform analysis on extracted source code

    • Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before analysis.

  • Add automated audits before releasing changes

    • SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI

    • Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.


  • No labels