From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
CAST Appplication Intelligence Platform
Developer(s)CAST Software
Initial release2006-2007 Cite error: There are <ref> tags on this page without content in them (see the help page).
Stable release
8.3 / July 10, 2019; 4 months ago (2019-07-10)
Written inJava, C++, C, Python
Operating systemCross-platform
TypeStatic program analysis

CAST Application Intelligence Plateform (CAST AIP) is a platform dedicated to Software intelligence published by CAST Software. It is composed of multiple static code analysis engines analyzing the source code and dependencies of all components of applications up to the data layer. It discovers the interactions of the components of an application and it provides system-level analysis[1]. Results are then available through differents dashboards or visual interfaces. Data and metrics provided are organized according to CISQ and OMG standards.


CAST AIP is a platform composed of different products:

  • CAST Imaging: a web-based application to visualize and navigate through all components of an application depending on their layers and language type.
  • CAST Health Dashboard: a web dashboard providing information and metrics about the health of software components of an application. Health metrics are computed based on Robustness, Efficiency, Security, Changeability, and, Transferability of the source code. These metrics are based on the CISQ quality model. Additionally, metrics such as Technical Size, Functional Size based on Automated Function point computation, Technical Debt [2] based on SQuaRE [3] approach[4], TQI (Technical Quality Index) are provided on this dashboard.
  • CAST Engeeginnering Dashboard: a web dashboard providing technical information about software components of an application. Information provided concern the size of the application: files, components, lines of code; risks and violations based on critical rules violations. Information are aggregated in a dashboard and can be accessed down to the source code.
  • CAST Security Dashboard: a web dashboard dedicated to security of an application. Critial violations are based on industry standards (CWE, OWASP, STIG)[5] and are accessible down to the source code.
  • CAST AIP Console: a dedicated application for analyzing the source code and dependencies of the components of an application.


Results of static program analysis tools are used differently depending on users and concerns. Main usages of CAST AIP are:

  • Application Development Management: Measuring and monitoring the quality of software developments is part of the continuous improvement cycle[6] of application development.
  • Software Modernization: before modernizing a legacy system, it is mandatory to get the knowledge and understanding of its applications[7]. The intangibility of an existing legacy system represented by its source code is a significant comprehension challenge for software engineers[8]. The practice of knowledge acquisition through analysis of internal structures and source code of an application for its modernization is referred as white-box modernization[9].
  • Software Quality and Security[10]: results of analyses are used to enforce the quality [11] and security of applications [12] [13].


CAST named in 2019 Gartner Magic Quadrant for Application Security Testing [14]


  1. ^ Ernst, Neil; Bellomo, Stephany; Ozkaya, Ipek; Nord, Robert (May 2017). "What to Fix? Distinguishing between design and non-design rules in automated tools". Carnegie Mellon University Software Engineering Institute: 165–168. arXiv:1705.11087. doi:10.1109/ICSA.2017.25. ISBN 978-1-5090-5729-0.
  2. ^ Griffith, Isaac; Reimanis, Derek; Izurieta, Clemente; Codabux, Zadia; Deo, Ajay; Williams, Byron (2014). "The Correspondence Between Software Quality Models and Technical Debt Estimation Approaches". 2014 Sixth International Workshop on Managing Technical Debt: 19–26. doi:10.1109/MTD.2014.13. ISBN 978-1-4799-6791-9.
  3. ^ "ISO/IEC 25010:2011". ISO. Archived from the original on 14 March 2016. Retrieved 14 March 2016.
  4. ^ Plösch, Reinhold; Bräuer, Johannes; Saft, Matthias; Körner, Christian (2018). "Design debt prioritization: a design best practice-based approach". IEEE/ACM International Conference on Technical Debt (TechDebt). doi:10.1145/3194164.3194172.
  5. ^ AlBreiki, Q. H.; Hasan AlBreiki, H. H. (2014). "Evaluation of static analysis tools for software security". 2014 10th International Conference on Innovations in Information Technology (IIT): 93–98. doi:10.1109/INNOVATIONS.2014.6987569. ISBN 978-1-4799-7212-8.
  6. ^ Plösch, Reinhold; Gruber, Harald; Körner, Christian (2010). "A method for continuous code quality management using static analysis". IEEE/2010 Seventh International Conference on the Quality of Information and Communications Technology: 370–375. doi:10.1109/QUATIC.2010.68. ISBN 978-1-4244-8539-0.
  7. ^ Khadka, Ravi; Batlajery, Belfrit V.; Saeidi, Amir M.; Jansen, Slinger; Hage, Jurriaan (2014). "How Do Professionals Perceive Legacy Systems and Software Modernization?". Proceedings of the 36th International Conference on Software Engineering: 36–47. doi:10.1145/2568225.2568318. ISBN 9781450327565.
  8. ^ Grambow, Gregor; Oberhauser, R.; Reichert, Manfred (January 2017). "Providing automated holistic process and knowledge assistance during software modernization". Computer Systems and Software Engineering: Concepts, Methodologies, Tools, and Applications: 351–395. doi:10.4018/978-1-5225-3923-0.ch015. ISBN 9781522539230.
  9. ^ Comella-Dorda, S.; Seacord, R.C.; Wallnau, K.; Robert, J. (October 2000). "A survey of black-box modernization approaches for information systems" (PDF). Proc. Of the International Conference on Software Maintenance, San Jose, California: 173–183.
  10. ^ "Source Code Analysis Tools".
  11. ^ Neto, T.; Arrais, R.; Sousa, A.; Veiga, G. (November 2019). "Applying Software Static Analysis to ROS: The Case Study of the FASTEN European Project". In Iberian Robotics Conference. Advances in Intelligent Systems and Computing. 1092: 632–644. doi:10.1007/978-3-030-35990-4_51. ISBN 978-3-030-35989-8.
  12. ^ Nunes, Paulo; Medeiros, Ibéria; Fonseca, José C. (May 2018). "Benchmarking Static Analysis Tools for Web Security". IEEE Transactions on Reliability. 67 (3): 1159–1175. doi:10.1109/TR.2018.2839339.
  13. ^ Chess, B.; McGraw, G. (Nov 2004). "Static analysis for security". IEEE Security & Privacy. 2 (6): 76–79. doi:10.1109/MSP.2004.111.
  14. ^ Tirosh, Ayal; Zumerle, Dionisio; Horvath, Mark (18 April 2019). "Magic Quadrant for Application Security Testing".

Category:Static program analysis tools Category:Software testing tools Category:Software companies of France Category:Companies based in New York