Contents

• Prerequisite
• How to start
• Best practices to construct REST URLs
• Portfolio of Applications
  • Notion of domain
  • Retrieve all analyzed applications
  • List all snapshots of an application
• Configuration
  • How to get all configurations
  • How to get all quality-indicators
  • How to get all sizing measures
  • How to get all background facts
• Analysis Results
  • Selectors
  • Structure of an Analysis Result
  • How to fetch the total quality index
  • How to fetch some sizing measures
  • How to fetch a pair of results
  • How to fetch evolution of a metric
• Violations and critical violations
  • How to get number of complex objects with violations
  • How to get statistics on critical violations
  • How to get top ten critical quality rules in violation
  • How to get violations statistics by quality indicators
  • How to get critical quality rules grades impacting a business criterion
  • How to get quality rules grades impacting a technical criterion
  • How to get technical criteria improvement opportunities

Prerequisite

This tutorial is dedicated to application developers, and requires some basic technical knowledge about:

• HTTP 1.1 Protocol,
• JSON (JavaScript Object Notation),
• REST Principles.

How to start

We recommend two tools to test REST API.

• The first one is cURL. This tool allow you to test all calls of this tutorial. If you are using the default basic authentication, you just have to set a username:password as cast:cast, to perform a GET request:

  C:> curl –u cast:cast http://demo-eu.castsoftware.com/Health/rest/AAD

• The second one is the Simple REST Client provided with the REST API. This Web Page provides a simple view of JSON response, that allows you to navigate across REST resources.

  You can access this page from a web browser with the following URL:

  http://demo-eu.castsoftware.com/Health/static/default.html

  

  The steps to use this client are:

  1. Enter credentials in the 'Basic authentication' section, with cast for username and cast for password.
  2. Click on Login button, you will get a message 'Session created'
  3. Click on Submit button, and on hyperlinks displayed in the Pre-view panel. The effective JSON responses are displayed in the JSON panel, and effective sent requests are displayed in the REST Request panel.

  Warning: If you are using another REST client, you must ensure, that this Web Client sends the following HTTP headers:

  Accept: application/json
  Authorization: Basic Y2FzdDpjYXN0

  Warning: Ensure that your web client is able to take into account caching on server side. For some URLs, if you attempt to get the same resource twice, you may receive a response with status HTTP 304 Not Modified with an empty body.

Best practices to construct REST URLs

1. We recommend to construct REST URLS with URI returned by REST resources. We discourage the construction of REST URLs with hard-coded identifiers.
   Indeed, after a database upgrade, some identifiers may be changed, and the hard coded URLs may be no longer valid.

2. An analyzed applications can be identified with a URI or with a name. We recommend to use URI, as the name of an application may be not unique.

3. Some URLs contain query string, you should encode this part of the URL, especially for special characters in names ('C++' for example).

Portfolio of Applications

Notion of domain

Domain

A domain is a logical name of a database containing assessment results.

Most of the time, you will get a single domain. To get available domain names, use the following REST URL:

GET http://demo-eu.castsoftware.com/Health/rest

From the Domain you will get all URIs to retrieve analyzed applications.

Warning: Do not confuse the REST domain with the web server domain. The Web Server domain identifies the deployed REST services, the REST domain identifies a database.

Retrieve all analyzed applications

To retrieve all applications that have been analyzed, fetch a domain as a resource (here AAD):

GET http://demo-eu.castsoftware.com/Health/rest/AAD 

List all snapshots of an application

Snapshot

A snapshot stores assessment results for a given date, and the associated configuration of metrics. It is a measurement point of an application.

To retrieve the collection of all snapshots of an application, select a URI of an application, and then the URIs of all snapshots, you will build then the following URL:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/applications/55/snapshots 

Configuration

Configuration

A configuration defines all metrics, quality rule patterns, and calculation rules to compute high level indicators.

Quality Indicator

A metric indicating a quality score, that is a grade between 1.00 and 4.00, with 4.00 as the best possible score.

A quality indicator identifies a risk level:

Grade Value	Risk Level
From 1.0 to 2.0	Very High Risk
From 2.0 to 3.0	High Risk
From 3.0 to 4.0	Moderate Risk
4.0	Low Risk

Sizing Measure

A metric indicating a quantitative property about an application source code: number of lines, technical debt, etc.

Background fact

Additional data imported from an external system as a metric.

Metrics are divided into 3 metrics types, each of them divided into groups:

Metrics Types	Metrics Groups	Metrics
quality-indicators	business-criteria	TQI, Robustness, Efficiency, Security, Changeability, Transferability, SEI Maintainability. The grade calculation is based on the average of a list of Technical Criteria linked to a list of specific Quality Rules
	technical-criteria	Level 2 of CAST Assessment Model. The grade calculation is based on the average of specific Quality Rules
	quality-rules	About 900 through CAST Assessment Model. The grade calculation is based on a ratio between failed checks and total checks of objects
	quality-distributions	A grade computed from a distribution of objects into 4 categories: Very Large/Very High/li> Large/High/li> Medium Small/Low
	quality-measures	Sizing values that outline code quality: Percentage of commented-out code lines, Percentage of copy pasted code, SEI Maintainability index, etc.
sizing-measures	technical-size-measures	Lines of code, Critical violations, Technical Debt, Files, Artifacts, Lines of Comment
	run-time-statistics	CPU time, Database time
	technical-debt-statistics	Technical Debt, Technical Debt Density
	critical-violations-statistics	Violations of Quality Rules tagged as critical for a business criterion
	functional-weight-measures	OMG Automated Function Points, Enhancement Function Point (Added, Modified, Removed), Number of Decision Point (cyclomatic complexity), Backfired Function Point
background-facts	n/a	Additional data imported from an external system as a metric.

How to get all configurations

A configuration is defined for each snapshot. To get all available configurations:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/configurations 

How to get all quality-indicators

When a configuration has been selected, a collection of all quality indicators is fetched as follow:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/configuration/snapshots/1/quality-indicators

How to get all sizing measures

When a configuration has been selected, a collection of all sizing measures is fetched as follow:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/configuration/snapshots/1/sizing-measures

How to get all background facts

When a configuration has been selected, a collection of all background facts is fetched as follow:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/configuration/snapshots/1/background-facts

---

Analysis Results

Analysis Result

An assessment result is a computed value of a metric qualifying a code quality or measuring a size.

Each assessment result refers either to the whole source code of an application, or to a subset of source code.

There are two types of source code subset:

• module: a specific scope of the application, defined for the assessment configuration.
• technology: a subset of source code belonging to a technology (i.e. JEE code , .NET code, ABAP code, etc.)

Each assessment result belongs also to a snapshot.

Selectors

Analysis Results can be accessed with a combination of selectors:

• metrics selectors

  • quality-indicators=metrics to fetch assessment results about code quality
  • sizing-measures=metrics to fetch assessment results about sizing measures
  • background-facts=metrics to fetch results that have been injected as complementary data

  metrics can be

  • a list of metric identifiers, each identifier is a number. See the configuration section to get these keys
  • a metric group such as 'business-criteria&quot
  • the 'cc:' or 'nc:' prefix in front of a quality-indicator to get all critical/non critical contributors of a business criterion, 'c:' to get direct contributors of a business criterion or a technical criterion

• application selectors
  • applications=names to report results for a set of applications
  • systems=names to report results for a set of applications belonging to systems

• selectors to split up assessment results
  • modules=names to split up assessment results by modules`
  • technologies=names to split up assessment results by technologies

• snapshots selector, which can be
  • snapshots=a range number to fetch results for a specified range of snapshots: a negative number matches snapshots from the end (-2 means last and previous), a positive number matches snapshots from the beginning (1 means the first none), default value is -1 (last snapshot).
  • snapshots=a date, to fetch results of a snapshot at this date, otherwise most older snapshot after this date, otherwise most recent snapshot before this date

• 'select' selector, is used to get details on a result
  • select=violationRatio to get statistics on checked items as a result detail for a quality rule
  • select=evolutionSummary to get statistics on critical violations evolution as a result detail for a business criterion

Structure of an Analysis Result

There is a single structure for assessment results. Assessment results are reported as a collection. Each item of this collection identifies an application snapshot:

{ "number": 3, "date": { "time": 1384729200000 }, "application": { "href": "AAD/applications/106", "name": "Arizona" }, "applicationSnapshot": { "href": "AAD/applications/106/snapshots/11", "name": "Arizona" }, "applicationResults": [ { "type": "business-criteria", "reference": { "href": "AAD/quality-indicators/60017/snapshots/11", "name": "Total Quality Index", "shortName": "TQI", "key": "60017", }, "result": { "grade": 3.1746451790243237, ... }, "technologyResults": [], "moduleResults": [] } ] }

Start of item Ordinal number of application snapshot Snapshot date Reference to the associated application Reference to the associated application snapshot Start of assessment results An assessment result Type of assessment result Reference to the associated metric Assessment result data Grade value Additional value depending on 'select' selector Split up of assessment result by technology Split up of assessment result by module

How to fetch the total quality index

Total Quality Index of application named 'MyApp' for the last snapshot:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=60017&snapshots=-1&applications=MyApp`

Evolution of the Total Quality Index between the last snapshot and the previous one:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=60017&snapshots=-2&applications=MyApp 

Total Quality Index for all applications, considering the last snapshot of each one:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=60017&snapshots=-1&applications=$all 

How to fetch some sizing measures

Number of lines of code of 'MyApp' application for the last snapshot

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?sizing-measures=10151&snapshots=-1&applications=MyApp 

Technical Debt of 'MyApp' application for the last snapshot

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?sizing-measures=68001&snapshots=-1&applications=MyApp 

How to fetch a pair of results

You can get both a quality indicator and a sizing measure, for example Total Quality Index and Line of Codes:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=60017&sizing-measures=10151&snapshots=-1&applications=MyApp  

You can get a list of quality indicators also, for example, two health factors: Efficiency, and Security:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=(60014,60016)&snapshots=-1&applications=MyApp  

How to fetch evolution of a metric

Select the two last snapshots in order to make the difference between between the 2 results. Note that the results are ordered from the most recent one to the less recent one.

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=60017&snapshots=-2&applications=MyApp   

---

Violations and critical violations

Violation

A violation identifies a component breaking a quality rule.

Critical Violation

A critical violation is a violation of a quality rule, this quality rule is identified as critical regarding a technical criterion or a business criterion.

Object

An object is a source code item such as a class, a method, etc. The effective definition depends on the programming language and the technology of the analyzed application.

Defective Object

A defective object is a source code item in violation with at least one quality rule.

Complex Object

A complex object is a source code item with a High Cost Complexity (aka CAST Complexity).

How to get number of complex objects with violations

The total number of complex objects is the sum of categories High Cost Complexity Artifacts, Very High Cost Complexity Artifacts for Quality Distribution 67001.

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=67001&select=categories&snapshots==-1&applications=MyApp

The total number of complex objects with violations of categories High Cost Complexity Violations, Very High Cost Complexity Violations for Quality Distribution 67020.

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=67020&select=categories&snapshots=-1&applications=MyApp

How to get statistics on critical violations

Some sizing-measures are dedicated to the total number of critical violations according to some criteria:

Sizing-measure	URL
Critical violations per file	GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=67012&snapshots=-1&applications=MyApp
Critical violations per KLOC	GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=67015&snapshots=-1&applications=MyApp

How to get top ten critical quality rules in violation

1. Fetch all critical contributors to Total Quality Index with 'cc:' prefix

   GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=cc:67017&snapshots=-1&applications=MyApp&select=violationRatio

2. Order the result by totalChecks

3. Get the first 10 results

How to get violations statistics by quality indicators

Add the 'select' selector, to get details on a result when quality-indicator results are fetched:

• select=violationRatio to get additional counters on checked items for a technical criterion or a quality rule
• select=evolutionSummary to get statistics on critical violations for a business criterion

'select' option	Additional Result Properties
evolutionSummary	removedCriticalViolations: critical violations removed since the previous snapshot addedCriticalViolationsNewCode: critical violations added since the previous snapshot in new code only addedCriticalViolationsModifiedNewCode: critical violations added since the previous snapshot totalCriticalViolations: total number of critical violations in this snapshot
violationRatio	totalChecks: total number of checked items failedChecks: total number of failed items ratio: result of successfulChecks / totalChecks successfulChecks: result of totalChecks - failedChecks

How to get critical quality rules grades impacting a business criterion

Add the 'cc:' prefix in front of the business criterion key:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=cc:60017&snapshots=-1&applications=MyApp

How to get quality rules grades impacting a technical criterion

Add the 'c:' prefix in front of the technical criterion key:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=c:61023&snapshots=-1&applications=MyApp

How to get technical criteria improvement opportunities

Add the 'c:' prefix in front of the Total Quality Index to get all the technical criteria:

GET http://demo-eu.castsoftware.com/Health/rest/AAD/results?quality-indicators=c:60017&select=violationRatio&snapshots=-1&applications=MyApp