Detecting Architectural Gaps with Automation - Existing Solutions

dimanikulin

Dima Nikulin

Posted on April 5, 2024

Detecting Architectural Gaps with Automation - Existing Solutions

Introduction

In the rapidly evolving landscape of software development, maintaining the integrity and coherence of application architectures is paramount.
With the proliferation of complex systems and frequent updates, ensuring that software architectures remain resilient against drifts, erosions, and compliance lapses has become a daunting challenge.
However, innovative solutions like Bionic.ai, Castsoftware, NDepend, and Axivion Suite are revolutionizing the way organizations approach architecture governance and code quality management.
As organizations navigate the complexities of modern software development, these innovative solutions provide indispensable tools for ensuring architectural coherence, compliance adherence, and code quality excellence.
Through their diverse feature sets and integrative approaches, they herald a new era of architecture governance and software development efficiency.

Bionic.ai

Bionic is a platform designed to analyze the architecture of applications and their dependencies in real-time.
Initially, it creates a baseline of the architecture during the initial scan.
Subsequently, whenever a change occurs, the next scan is triggered to detect any drift or erosion.
The platform supports regular scans by seamlessly integrating Bionic.ai into the CI/CD pipeline.
Upon detecting a change, Bionic.ai suggests the context and thoroughly analyzes the potential impact of the changes.
As a result, it generates comprehensive software architecture diagrams, encompassing deployment, logical, and flow views.

Main features

  • Facilitates checking if architecture rules and standards are applied
  • Aids in identifying any structural or behavioral changes
  • Conducts code and document scans during the initial or scheduled stages
  • Determines new APIs in the application
  • Capable of finding new data flows
  • Detects new connections
  • Provides a prioritized list of risks once changes occur

Image description

Castsoftware Highlight

Cast Highlight is an application designed to automatically analyze the source code.

Main features:

  • Analyzes the code to identify processes/applications suitable for refactoring, retirement, or rebuilding.
  • Provides a readiness percentage for migrating to the cloud based on the analysis.

Castsoftware Cast Imaging

Cast Imaging is an application that creates visualizations of architecture, offering several levels of detailed views ranging from services level up to code/classes level.
It defines data flows from the high-level application perspective down to the database level.
When changes occur, it provides the impact analysis, such as a list of components affected by the breaking of component communication.
Additionally, it creates inventories of databases, libraries/frameworks, and languages.

Main features

  • Performs reverse engineering of code, databases, and application dependencies.
  • Generates holistic architecture views and blueprints.
  • Interactive mode for exploring architecture views.
  • Tagging feature to group components based on criteria, enabling easy component search and filtering after tagging is completed.

NDepend

NDepend is an application designed to analyze C# code, checking it against best practices and rules created by developers and architects.
The tool enables users to manage dependencies through the creation of graphs and matrices.

Main features

  • Utilize built-in rules and customize them according to specific needs.
  • Investigate application structure and library linkages.
  • Seamless integration into the CI/CD process, enabling real-time identification of code and architecture issues.
  • Provides insights into the cost and priority of fixing identified issues.

Image description

Axivion Suite

Axivion Suite is a powerful static code analysis tool that empowers users to thoroughly examine software architecture, ensuring prevention of drifts and erosions.
The platform offers customizable reporting with a reporting API, providing flexibility in generating reports.
Axivion also includes an editor that allows users to create or customize rules for comprehensive code checking.

Supported Compliance Standards/Rules:

  • MISRA
  • AUTOSAR C++14 code
  • CERT
  • CWE
  • ISO/IEC TS 17961

Supported Metrics:

  • HIS (High Integrity Software)
  • McCabe
  • Tracking memory leaks

With Axivion Suite, users can proactively maintain the integrity and quality of their software architecture by adhering to industry-leading compliance standards and monitoring key metrics.

Main Features

  • Code checks for clones, identifying duplicated code segments to ensure code efficiency.
  • Detection of unreachable code and cycles, improving code reliability and performance.
  • Supported on three major operating systems - MacOS, Windows, and Linux, for seamless usage across platforms.
  • Identification of technical debt, allowing developers to address code areas that require improvement or refactoring.
  • Integration with CI (Continuous Integration) tools such as Jenkins and Bamboo, enabling smooth integration into development pipelines.
  • Support for popular build systems like make, CMake, Msbuild, and Gradle, facilitating easy setup and usage.
  • Analysis of delta changes against the baseline, enabling continuous tracking of code modifications and their impact on the architecture.
  • IDE (Integrated Development Environment) plugins support, allowing developers to seamlessly integrate Axivion Suite into their preferred development environment for streamlined code analysis and optimization

Comparison of existing solutions

Function Bionic Cast Imaging and Highlight Axivion NDepend
The initial scan to create a baseline of the holistic application architecture diagram involves capturing the comprehensive overview of all services, data flows, dependencies, APIs, technology stack, and application layers + + + +
Creating inventories of all the languages, frameworks, libraries, and databases used in the application - + + -
The scan after a change to detect drift or erosion (integration into CI/CD pipelines) + - + +
Tagging the components - + - -
Reporting the changes (behavioral or structural change) + + + +
Detection Security level issues + + + +
Detection Architecture level issues(new data flow, new API, new connection) + + - +
Detection Compliance level issues + - + -
Detection DevOps level issues - - - -
Detection Data level issues - - - -
Scanning code and configuration + + + +
Scanning documentation (UML) to get input - - + -
Scanning DB - + - +
Saving the results to UML documentation tools - - - -
Impact analysis + + - +
Simple to set up + + + +
Check for cloud Readiness - + - -

As we can see from the table above, the existing solutions do not provide coverage for levels important for architecture governance, such as DevOps, Data, and Compliance.
Additionally, not all inputs are supported by the overviewed solutions.
For example, scanning DB is not supported by Bionic.ai, and scanning UML documentation is not supported at all.

💖 💪 🙅 🚩
dimanikulin
Dima Nikulin

Posted on April 5, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Autosar OS Part-3
architecture Autosar OS Part-3

November 16, 2023