CQM is a model for assessing the internal security and quality of a software product.
It is designed by Kiuwan and provided 'out-of-the-box' in Kiuwan, so users can begin analyzing the security and quality of their code immediately and, once they acquire the knowledge of the methodology behind the code certification, they will be able to "calibrate" these models, develop new models from it or from scratch, etc.
Please visit Kiuwan supported languages to view the list of languages supported by Kiuwan so far.
This analyzer applies for:
Kiuwan indicators are metrics calculated from evidences —we call them 'defects'— which Kiuwan extracted from source code with its analyzers.
They provide us an indication of:
Risk index represents the potential problems that you are assuming for not paying attention to the security and quality of your source code. In other words: how far you are to get an acceptable level.
It is a number that concentrates all the evidence found in the source code of your application.
It has used your quality indicator and the effort that you need to spend to reach the level set as goal for you.
So, if you have poor quality, but if the effort needed to get better is low, you are not assuming a high risk in this application because you are going to repair your problems easily. But if your effort needed to get better is very high, your risk index will be high too.
Pay attention to risk index evolution in time.
Kiuwan provides a library with hundreds of rules that verify the standard compliance for the technologies supported, with great configuration capabilities —see User's Guide chapter for details—.
From this library, users can use the Kiuwan Standard Model, called CQM, or build from this or from scratch new and specific quality models.
Metrics understanding is usually difficult to obtain. Kiuwan produce code metrics reports for determining if some specified goals are attained by the design and implementation, by linking Issues to action plans that could be answered by the metrics distilled from the implementation artifacts.
Kiuwan provides, through its metric sets, the information about Volumetric, Documentation, Complexity, Quality, Efforts or Governance, needed to this monitoring activity.
A special type of rules are the one that allows Kiuwan to provide the capacity to effectively identify redundant code.
Please visit Kiuwan Screens and Panels for further help.