Contents:
Related pages:
Integration between SAP and the Kiuwan Solutions
There are several approaches to integrate SAP and the Kiuwan Solutions
The integration basically depends on:
- The location (computer) where the Kiuwan analyses will be executed:
- Local (within the SAP server) (Local use - Baseline Analysis)
- Remote (within any other server of your installation) (Remote use - Analysis outside the SAP Server)
- Hybrid (a combination of local and remote) (SAPEX Hybrid approach)
- The scope of the analysis:
- Baselines for packages
- Deliveries for transport orders
Depending on your needs, the Kiuwan Solutions provide several tools and mechanisms (as the below table shows)
Please visit SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote)
How the Kiuwan Solutions and SAP can be integrated
Extraction of ABAP source code and metadata
To execute any Kiuwan analysis, you must first indicate where the source code is located.
This first step seems trivial when you are working with a file system or with any source code repository, but it’s not when you are working with SAP.
ABAP source code extraction
The ABAP code is located within the SAP Server, so you should first extract the ABAP code and let the Kiuwan Solution know the location of the extracted file.
After extracting the ABAP code, Kiuwan will be ready to analyze it.
Local or Remote Execution of Kiuwan analyses
Where will the analyses be run ?
You should also decide the location where the ABAP code will be analyzed
The Kiuwan Solutions let you implement two different types of approaches.
You can execute the Kiuwan analyses in the following ways:
- within the SAP server (local), (Local use - Baseline Analysis) or
- from within an external server (remote) (Remote use - Analysis outside the SAP Server)
- in a combination of both (hybrid) (SAPEX Hybrid approach)
Additionally, you can analyze either manually or automatically.
The Kiuwan Solution will scan the code and deliver to you the analysis results.
Analysis of Packages (baselines) and Transport Orders (deliveries)
When should the analysis be executed?
Depending on your development life cyle you may have different needs.
Sometimes you will need to analyze a complete package, while other times you will only need to analyze a transport order.
- Baseline analyses: a specific version of an application that is relevant enough to be considered as a reference to track further changes on it.
- Deliveries analyses: a new distribution of the application that contains changes to the baseline, due to corrective or evolutive maintenance.
- Based on scope - partial vs complete
- Based on completion status - resolved vs in progress
Please visit Kiuwan Life Cycle Doc for complete information.
How it works
When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the users may perform the following operations:
- Extract source code
- Either by running a program within the SAP server (
ZKW_SAPEX_CODE) or remotely (using thesapexCode.xmlscript), extracted code can be analyzed with Kiuwan Local Analyzer. - The code elements to extract could be based on transport requests/tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)
- Either by running a program within the SAP server (
- Extract system information (metadata)
- Metadata is used by the Kiuwan rules to search for defects and vulnerabilities.
- For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) are used by many security checks in the Kiuwan Solutions.
- Metadata extraction could be performed either by running a program within SAP Server (
ZKW_SAPEX_METADATA) , or remotely (using thesapexMetadata.xmlscript).
Perform analysis on extracted source code
Within a SAP system with Kiuwan Local Analyzer deployed, by running the
ZKW_ANALYSISprogram. It offers the possibility for extracting source code before the analysis.
Add automated audits before releasing changes
SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI.
Source code extraction, analysis, and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.