Page History

...

within the SAP server (local), (SAPEX Local use - Baselines) or
from within an external server (remote) (SAPEX Remote use - Analysis outside the SAP Server)
a combination of both (hybrid) (SAPEX Hybrid approach)

...

Info

Therefore, the approach to integrate SAP and Kiuwan consists on

To decide where should be run the Kiuwan analyses:
- local (within the SAP server) (SAPEX Local use - Baselines)
- remote (within any other server of your installation) (SAPEX Remote use - Analysis outside the SAP Server)
- hybrid (a combination of local and remote) (SAPEX Hybrid approach)

Proceed to SAPEX installation (SAPEX Installation from Transport Request) according to the possible scenarios (local or remote)

Run the ABAP code extraction mechanismsExecute and execute the Kiuwan analyses
- Baselines for packages
- Deliveries for transport orders

Operational Models

Baseline

Deliveries

Resolved

In Progress

Remote

From an external machine:

Extract source code (sapexCode.xml, sapexMetadata.xml)
Execute the analysis (using Kiuwan Local Analyzer)

Visit SAPEX Remote use - Analysis outside the SAP Server

N/A

Local

Within SAP System:

Extract source code (ZKW_SAPEX_CODE, ZKW_SAPEX_METADATA)
Execute the analysis (ZKW_ANALYSIS)

Visit SAPEX Local use - Baselines

Automatic process:

Executed previously to Release a Transport Request or Task

Visit Local use - Automated audit before Release of a Transport OrderResolved Deliveries

Within SAP System:

Execute the analysis (ZKW_ANALYSIS_TO)

Visit Local use - On demand analysis for Change Requests in progress- In-Progress Deliveries

How it works

When SAPEX components (programs, function modules, support classes, OS commands) are installed on the target SAP system, the user may perform the following operations:

Extract source code
- Either by running a program within SAP server (ZKW_SAPEX_CODE) , or remotely (using the sapexCode.xml script), extracted code can be analyzed with Kiuwan Local Analyzer.
- The code elements to extract could be based on transport requests / tasks, packages, and the type and name of the element (programs, function modules, classes, web dynpro components, etc.)

Extract system information ("metadata")
- Metadata are used by Kiuwan rules to search for defects and vulnerabilities
- For example, to ensure that authorization is performed properly, information about authorization objects and authorization groups (extracted from TOBJ and TDDAT tables) is used by many security checks in Kiuwan.
- Metadata extraction could be performed either by running a program within SAP Server (ZKW_SAPEX_METADATA) , or remotely (using the sapexMetadata.xml script).

Perform analysis on extracted source code
- Within a SAP system with Kiuwan Local Analyzer deployed, by running the ZKW_ANALYSIS program. It offers the possibility for extracting source code before analysis.

Add automated audits before releasing changes
- SAP's Change and Transport System (CTS) may register an implementation for the CTS_REQUEST_CHECK 'classic' BAdI.
- Source code extraction, analysis and evaluation of audit checkpoints may be performed before accepting (or rejecting) the release of a change request / task, according to organizational quality and security standards.

...

Page tree

Versions Compared

Old Version 35

New Version 36

Key

Operational Models

How it works