CAST Flashcards
What is software intelligence?
Analyses database structures, code components, interdependencies etc
What are the 3 cast softwares?
Cast highlight - rapid portfolio analysis (overview of many applications)
Cast AIP- deep application analysis (for specific applications)
cast imaging - architecture visualizing and blueprinting
What are the core capabilities of CAST Highlight?
A SaaS solution with:
Software health - resiliency and agility
Cloud Readiness - blockers/boosters
Software Composition - Open source vulnerabilities and IP risks
Private Data detection - detects sensitive data manipulation
What are the use cases for CAST highlight?
Application Rationalization: Application rationalization is a process of going over the application inventory to determine which applications should be retired, retained, reposted, replatformed, refactored or reimagined.
Cloud Migration: detects code blockers/boosters, lays out migration roadmap, prioritizes apps based on cloud readiness and business impact. Recommends services to use from cloud providers and identifies whether solution should be IaaS, PaaS or SaaS
Open Source Risk Management: Risk from third party components (legal/licensing, abandonware/component requiring updates and security risks)
Technology Due Diligence: compliance with sensitive data usage, inventory of technology stack, advice on reducing technical debt
What are the primary inputs for CAST?
Code scans + qualitative surveys
What are the 3 components of the software health dashboard?
Resiliency - likelihood of errors in production based on coding industry standards
Agility - ease of upgrading/maintaining
Elegance - measure of complexity
What are the 3 components of the open source dashboard?
Security/Vulnerability risks
IP licensing risks
age/obscelence risks
What are the 4 portfolio level views under software composition analysis?
Open source safety: graph where the vertical axis has business impact from qualitative surveys and horizontal axis is open source safety (from vunerability, license and obscelence)
Components; third party components, at an individual level can identify transitive dependency threats, also includes info such as component repositories, last used release distribution and number of component versions
Vulnerabilities: Vunerabilities across the entire portfolio based on critical, high, medium and low severity
Licenses: Heat map and information on open source licenses used by different components in applications in the portfolio
What are the export formats under software composition?
Excel and Powerpoint
What are the 4 portfolio level views under Cloud Readiness?
Decision Matrix: visual representation for applications where y axis is business criticality and x axis is how clead ready an application is.
Health Factors: Cloud readiness is y axis and software resiliency is on the x axis, but all health factors (resiliency, agility, elegance are shown on an app when hovered over)
Cloud Requirements: Aggregate summary of boosters and blockers
Application links dashboard: Visualization of app to app dependencies (via http connection, API connection, FTP connection, SOAP connection etc)
How can blockers be exported?
Powerpoint, Excel, JIRA
What cloud platforms are their recommendations for?
Azure,AWS
What are the 4 smart segments in the CloudReady dashboard?
Quick wins: Low BI and high cloud readiness
Core Cloud: High business impact and high cloud readiness, associated with refactoring effort
Long Term Bets: High business impact, lower cloud readiness. Good candidates for IaaS and then moving to PaaS later
Pursue later: Low BI low cloud readiness, candidates for consolidation/retiring.
What is a domain?
Conceptual grouping of applications based on user defined charactersitics (i.e. department, geography)
Can add sub domains under main domains
How to configure domains?
go to manage portfolio -> users and apps -> add under total domains
same steps for adding sub domains
How to add apps to a domain?
go to manage portfolio -> users and apps -> add under total applications
name application and then select the icon next to the domain(s) you want it apart of
can change who can edit it as well
How do you create users?
go to manage portfolio -> users and apps -> invite under total users
Select the user’s email, role and domain that they belong to
What are the 4 user roles?
Portfolio Manager - Full access rights and configuration (app creation, portfolio organization and launching snapshot analysis)
Result Viewer - read only access
Domain Contributor - Like application contributor but for all apps in a specific domain
Application Contributor - access CAST Highlight to scan their source code and fill in app survey for specific applications
How do you add an existing survey to your portfolio?
manage portfolio -> Manage Surveys -> Survey Catalog and click the plus button for the corresponding existing survey
How do you create a survey?
manage portfolio -> Manage Surveys -> Active Surveys and click the create survey button
Enter survey name and description and then the survey will automatically be added to the portfolio
How do you create a question?
manage portfolio -> Manage Surveys -> Questions and click the create Question button
Enter the question name, type of values etc and then click the checkmark beside it and then the orange button on the corresponding active survey to add it
How do you configure a new campaign?
manage portfolio -> Manage Campaign -> create campaign
Then fill out the campaign name + due date
Configuration: Choose between whether or not to use source scan and survey answers to generate analytics
Application Scope: Select from Domains or specific applications to include in the campaign
Notifications: Send a customizeable message when you start the campaign
How is cloud readiness determined?
Combination of code scan + survey
How is the recommended effort determined?
Using COCOMO 2 standards
What does the application links survey do?
Determine relationship/dependencies between apps
How is business impact calculated?
Through survey answers
