|
|
Schematically, there are two categories of products that compete with the Cockpit:
- Technical tools for developers. Some of these tools may be free, but their setup cost must be considered: acquiring the tool, selecting and setting up rules, setting up the project, training the developers, etc. Our feedback shows that, besides the hidden cost, it is difficult to set up a pragmatic process that developers actually follow.
- Sales solutions with broader functional coverage, aimed at both managers and developers. There are two recurring pitfalls for this type of solution: its cost, tailoring it more to the most weighty projects, and its complexity. This complexity is seen during installation, which is carried out at the client site, generally with the help of a consultant, during configuration, and during use.
The Cockpit was designed from the start with objectives that made it unique.
- It offers a pragmatic approach. Rather than to bother those involved with the project with a flood of numbers or to impose theoretical quality rules or even rules that have been blown out of proportion in terms of their needs, the technical requirements are defined so that they can actually be followed.
- They are aimed at both managers and developers. Managers will find dashboards that provide them with an overview, and developers can access details of anomalies, right up to the affected lines of code.
- No installation is needed at the client site, and there is no required integration, thanks to its SaaS (Software as a Service) model. The initial analysis takes less than 2 hours, and subsequent analyses can be automated.
- The Cockpit is offered as a monthly subscription with highly competitive prices. There are no hidden installation or cancellation costs. The customer may end or suspend their subscription at any time.
The Cockpit currently supports the two most modern development technologies, in their various versions:
Other languages will be supported in the future, but our expertise in these two major technologies guarantees our clients useful rules.
We analyze the source code and the compiled code.
The source code is used for rules that must be applied before any compiler optimizations. It is also used to help locate alerts within your code.
Some rules are based more on the compiled code because they see into the status of the program as it is executed. We therefore analyze both the compiled code and the source code.
Finally, we also rely on third-party libraries used by the program to be more precise with rules that need additional information, such as inheritance or call trees between the different classes.
In partnership with the LIESP laboratory belonging to INSA in Lyon and the CETIC research center, we have selected what we believe to be the most relevant rules from among the hundreds of measurements we collected.
These include the following categories:
- Bad practices: Writing code that causes bugs, that does not comply with the standard, that is difficult to maintain, etc.
- Metrics: Quantitative measures such as the number of lines of code, the cyclomatic complexity, coupling/dependency measurements, the amount of comments, etc.
- Duplication: Copy/paste within the code, whether strictly identical or with minor variations.
The Cockpit also includes rules built from other unit rules in order to combine results and to thus offer more refined and consolidated results.
Developing the rules required a great deal of research, implementation, configuration, and testing. Several factors went into this process:
-
We benefited from theoretical and research-related support from the LIESP laboratory belonging to INSA of Lyon and the CETIC research center.
- We relied on existing standards for the various technologies (such as MSDN for C#/.Net).
-
We have used the best practices from experts in technology communities.
- Finally, we have called upon our own development experience from many projects, and we continue to build up the rules repository with our expertise. We also are the top users of Cockpit. :-)
Depending on the size of the project, the complexity of its configuration, and other analyses currently in process, an analysis may take anywhere from ten minutes to several hours.
We are committed to providing results within 24 hours, although these results are generally available well before that time.
Kalistick has already made some settings at the start of the project. The project manager fills out a questionnaire that is used to target the quality profile. The detection rules are then automatically selected and configured according to the results of this questionnaire.
Later, the project manager can refine these settings in Cockpit at any time, using a simple GUI. For example, the project manager can disable the rules that are not worth fixing. These disabled rules can affect all of the project code or only some sections of it, such as generated code.
Code quality control should also begin with the earliest development work. The more it is integrated into the project later, the more complex the necessary corrective actions are:
- There are generally many anomalies. It is difficult to fix everything, and progress seems slow to developers and managers.
- Corrections are often risky in terms of regression. It is difficult to change the code in a working application without affecting all possible repercussions. The testing effort then becomes very heavy.
However, the Cockpit offers an innovative feature to facilitate the gradual implementation of a quality approach: reset mode. The principle involves "forgetting" existing anomalies and only checking for new anomalies. The regression-related risks are avoided, and the quality of new development remains strong.
The reset mode settings are managed directly by the customer in the Cockpit GUI, based on the results of an analysis of existing code. As changes are made to the project, the customer can modify these settings in order to gradually correct the existing code in successive batches.
We chose not to require the customer to install anything. Because of this, analyses are fully performed on our servers using the project's source code, which is therefore stored on our secure servers.
Maximum security of our customers' source code is one of our top concerns. There are several security mechanisms in place to address this problem, some of which are listed on the Security page.
Generally, the source files are encrypted and stored on our secure servers from a security mechanism based on certificate/private key pair. In addition, the customer may decide at any time (or automatically) to delete source code from our servers.
The Cockpit has advanced access management. Users are obviously limited to their own project(s), and within a project, each user has his or her own rights. For example, a user must have specific rights in order to start a new analysis, set up masks to disable rules, delete source files on the server, etc.
We therefore recommend that our customers use a separate access account for each user in order to better secure the actions performed.
Analyses available in the Cockpit are even more useful when they are integrated into the customer's continuous integration process because they provide indicators to help judge the quality of the deliverable.
The Cockpit has been designed to integrate as easily as possible into continuous integration solutions. This integration can be done through plugins that are available for the most common servers: Visual Studio Team System, CruiseControl, Hudson, etc.).
In addition, extensions to building tools like MSBuild, Ant, and Maven are also available.
The Cockpit provides Atom/RSS feeds that can be integrated into an internal or public (iGoogle, Netvibes, etc.) portal or into any other RSS aggregator (including most current web browsers).
Users can subscribe to feeds to retrieve a selection of indicators or monitor analyses.
The Cockpit was designed to accept new rules very easily. These rules are defined in a format that is specific to us, but our architecture also accepts rules from third-party tools like Gendarme, FindBugs, PMD, etc.
Additionally, we can also integrate rules that are specific to your project as part of an added service.
Kalistick is a young company that already has recognized potential and offers warranties.
Kalistick has won two national competitions from the French Ministry for Research, supporting the creation of companies with innovative technology, and has received financial support that has strengthened its future development. It has also been named a Young Innovative Company (Jeune Entreprise Innovante, or JEI).
Kalistick has received support from Créalys, OSEO, and Novacité.
In addition, Kalistick is a member of the Réseau Entreprendre network and is part of Microsoft's IDEAS program.
Finally, among the companies that have chosen to use us are major names such as Société Générale, SNCF, Schneider Electric, and Bayer Crop Science.
Our main objective is to concentrate our efforts around the Cockpit to continually enrich its features and the rules repository. To date, we have no plans to develop an IT services company outside of this objective.
However, we are committed to helping our customers understand analysis results and develop an improvement plan. Our experts can offer you advice and assist your development teams.
|
|
|
|
|
|
|
|
|
|
|
