Sonar ABAP – The use cases

Let’s continue the previous post about the questions to prepare for the implementation of a process of analysis of ABAP code, which we have seen that it was largely based on use cases.

So I invited again Walter, Quality Director of Drago Solutions, who accompanied us since the beginning of this series of articles, to answer a few questions about this subject.

Walter, what are the use cases that you encounter most often?

They are numerous: Quality Gate, continuous improvement, audit of a portfolio of aplications, benchmark of providers, KPIs for the management to give them visibility about the evolution of quality of their systems, specific assessments (for instance, before a migration or to solve a performance problem, etc.).

The most common in my experience are: first, assessment of a project, then the implementation of continuous integration in the software lifecycle; third, an analysis before and after a ongoing project of maintenance and fourth, an audit of ABAP code performance.

But do not forget the variants or by-products of these use cases, namely the implementation of best practices, the monitoring of service level agreements (SLA), the generation of technical documentations when they are obsolescent or absent, the assessment of CMMI or ISO requirements, or finally the respects of standards and rules specific to high-risk environments (defense, aviation, nuclear, pharmaceutical, etc.).
And recently, we opened a new field of investigation: the assessment and risk reduction of business process failures, caused by the information systems that support these processes, through the code analysis of these systems.

Are there use cases that seem to present more value and that you recommend to a customer or to users / stakeholders?

The continuous integration of code analysis in the lifecycle of projects shows a great value for the organizations in which we have implemented these processes.

I also recommend the realization of assessments in terms of risks to critical business processes of an organization, and particularly business process.

Are these benefits depending on the size of the SAP portfolio, or the number of suppliers, or any other element?

In the example of risk analysis for business processes, the more important the SAP application portfolio, the more we can identify and measure these risks through code analysis.

Regarding the number of suppliers, the more important they are, the more it will be profitable to implement use cases such as internal benchmarking and monitoring of SLA or best practices by providers.

What do you call “internal” or “external” benchmarking?

I’m talking of “internal” benchmarking when it is necessary to assess code quality and programming practices on a comparative level for different teams, usually of different providers.

In contrast, an “external” benchmarking compares the results of code analysis of different companies in the same sector and on the same technology, for example, SAP implementations of the IS-U module in the energy sector, or customizing a CRM system in the telco sector.

What about prior defaults, which come from another provider?

As you said in your last article, providers or project teams are not responsible for the existing deficiencies in the code. However, when these defects are revealed by the analysis, we should not ignore them, depending on their severity and impact or frequency. We can select critical points and recommend a action plan. The effort of resolution will always be less than its impact on users. I always compare such defects to a time bomb: people immediately understand what I mean.

With or without existing quality standards from the customer, what are the benefits of code analysis?

Whether or not there are standards, code analysis provides a first level of knowledge of applications and then verifies the level of compliance by the project team with these standards, internal or external. In the second place, it becomes possible to define objectives and check if the developers achieve them in the interests of users and stakeholders.

An objective may be: “The performance of databases must be optimal” and thus disseminate, implement and monitor compliance with the best practices related with performance, on the basis of objective and measurable data: Do not use nested Selects , Avoid SELECT … ENDSELECT statement, etc.

Thank you Walter, for sharing your experience in the implementation of these SAP use cases. The next posts will be more technical, focusing on the analysis of ABAP code with Sonar.

See you soon.

Leave a Reply

Your email address will not be published. Required fields are marked *