1. Kiuwan Basics ...... 3 1.1. Where can I find useful Kiuwan resources? ...... 3 1.2. What is a Kiuwan application? ...... 3 1.3. What does Kiuwan consider a defect? ...... 3 1.4. What metrics are measured by Kiuwan? ...... 3 1.5. What programming languages are supported by Kiuwan?...... 4 1.6. What Quality and Security Standards are supported by kiuwan? ...... 5 1.7. What is the Kiuwan support for SQL? ...... 5 1.8. Does Kiuwan support mobile technologies? ...... 5 1.9. Does Kiuwan support Sharepoint? ...... 5 1.10. Does Kiuwan support PHP Symfony ? ...... 5 1.11. How to analyze ABAP code? ...... 5 1.12. How to analyze OracleForms code? ...... 6 1.13. What is a Quality Model? Should I start from scratch? ...... 6 1.14. Which are the main Indicators provided by Kiuwan? ...... 6 1.15. What’s the meaning of Risk Index and how is calculated? ...... 7 1.16. How could I obtain indicators and metrics for groups of applications? ...... 8 1.17. How does kiuwan help me to make decisions on how to fix my application? ...... 8 1.18. How does Kiuwan help me to make decisions about the whole application portfolio? ...... 9 1.19. How could I remove rules from my quality model? ...... 10 1.20. How could I remove a language from my quality model? ...... 10 1.21. Does Kiuwan allow the development of custom quality rules? ...... 11 1.22. Does Kiuwan integrate results from 3rd party static analyzers? ...... 12 1.23. How to use Kiuwan in Agile, devOps? ...... 12 1.24. How to use Kiuwan in a Continuous Integration scenario? ...... 12 1.25. Does Kiuwan integrate with JIRA?...... 13 1.26. How could I integrate Kiuwan results in my own Dashboard? ...... 13 1.27. How can I mute defects? ...... 14 1.28. Web browsers supported by Kuwan ...... 14

1

Frequently Asked Questions

2. Kiuwan Security ...... 15 2.1. Where Kiuwan servers are hosted? ...... 15 2.2. Kiuwan Architecture and Security ...... 15 2.3. Can I use Kiuwan without uploading my code? ...... 15 2.4. When using local analyzer, what data are sent to kiuwan and how? ...... 16 2.5. Does Kiuwan support PCI DSS? ...... 16 2.6. Are my payment data secured? ...... 16 3. Kiuwan Editions and Accounts ...... 17 3.1. What Editions of Kiuwan are available? ...... 17 3.2. How many times can I analyze? ...... 18 3.3. I don’t receive the account activation email ...... 18 3.4. The email address used as user id already exists on Kiuwan ...... 18 3.5. I can’t login my Kiuwan account...... 18 3.6. Can I add users to my Kiuwan account ? ...... 18 3.7. How many users can be added to the same Kiuwan account ...... 19 3.8. Can I change the owner of the account? ...... 19 4. Kiuwan Local Analyzer ...... 19 4.1. Why sometimes are there differences between an analysis in the cloud and a local analysis? ...... 19 4.2. Local Analyzer does not execute ...... 19 4.3. Local Analyzer cannot connect to Kiuwan ...... 20 4.4. How to configure memory and timeout of a local analysis? ...... 20 4.5. How can I configure Kiuwan Local Analyzer for C and C++ analyses? ...... 20 5. Most common error codes when running an analysis ...... 21 5.1. How can I know the analysis error code? ...... 21 5.2. Could not parse any analyzable file ...... 21 5.3. Analysis timeout has been produced ...... 21 5.4. Analyzable number of lines are exceeded for the whole account ...... 22 6. Miscellaneous ...... 22 6.1. How can I know the full list of files processed during an analysis? ...... 22 6.2. What value corresponds to the total lines of code in Global view? ...... 22

2

Frequently Asked Questions

 Kiuwan Web site o https://www.kiuwan.com/  Kiuwan Product Documentation: o https://www.kiuwan.com/docs/display/K5/Documentation  Kiuwan Tutorials: o https://www.kiuwan.com/resources/tutorials  Kiuwan Blog: o https://www.kiuwan.com/blog

A kiuwan application is the piece of code you want to analyze and track. It can be all the code of your company’s new web app, a single module of your application you want to track specifically, that open source project you are working on, etc.

A Kiuwan application can contain as many languages as you wish. Kiuwan will analyze them all and wiill give you relevant info for each language and for whole application, as well.

For Kiuwan, a defect is a violation to a rule defined in the quality model for a specific language and a software characteristic. Kiuwan provides a full list of all detected defects found in the source code of an application.

Kiuwan measures several intrinsic code metrics in each analysis. We organize them in different categories depending on their nature:

 Size. That includes physical size and functional size metrics.

 Complexity related metrics. Including CCN and fan-out.

 Documentation. Measuring how good or bad documented is your code.

3

Frequently Asked Questions

 Quality. Compliance to rules and best practices defined in the quality model metrics. Number of defects, rules violations.

 Governance. In terms of the exposure to risk of your development efforts.

This is the list of languages supported by Kiuwan so far:

 Abap IV

 C (C90 and C99)

 C++ (2003 technical corrigendum, ISO/IEC 14882:2003)

 Cobol (Cobol85, OS/VS Cobol II, Enterprise Cobol for z/OS v3.4, ILE Cobol 5 and MicroFocus Cobol)

 C# 4.0

 Java 8

 Javascript 1.8

 JCL (OS/390 V2R10.0 MVS, z/OS V1R10.0 MVS, with JES2 and JES3 extensions)

 JSP 2.1

 Objective-C 2.0

 Oracle PL-SQL 11g

 OracleForms 10g

 PHP 5

 RPG-III and RPG-IV

 SQL (SQL-92)

 Transact-SQL (2005 and 2008)

 VB6

 VB.net (VB 9.0 and VB 10.0)

 ASP.NET

4

Frequently Asked Questions

Kiuwan allows you to accomplish your applications quality and security with industry standards, such as OWASP, CWE, WASC, PCI, MISRA or CERTC, ISO/IEC 25000 or ISO/IEC 9126.

Kiuwan performs SQL analysis by providing specific support for PL-SQL and Transact-SQL.

Kiuwan also provides support to analyze SQL code embedded into Java and Cobol source code.

Android is supported (there are specific Java rules for Android, besides Java general rules), as well as Objective-C (iPhone and iPad).

Source code of SharePoint WebParts can be analyzed with VB.net and C# Kiuwan analyzers. Specific rules for Sharepoint framework are not available on Kiuwan yet.

Just in case you are using some analyzer that supports Sharepoint framework, you are able to import its results to Kiuwan by transforming the report to Kiuwan input format and attach those results to local analyzer execution. You can find examples of transformers for HP Fortify and MS-FxCop on https://github.com/kiuwan/thirdparty-report-importer.

For PHP files analyses, Kiuwan has available a model (different from CQM) only for PHP Symfony with PHP, Javascript and Symphony rules. There are also Symfony rules in the rules library in case you need to add them to your own model.

To analyze Abap code, you need to extract the code in the SAP server to text files in the local file system. After extracting the code, zip it an upload it to the cloud or analyze it locally.

5

Frequently Asked Questions

You can find further information on how to do it on Kiuwan blog: https://www.kiuwan.com/blog/static-analysis-for-abap/

To analyze OracleForms code, the Forms binary files (*.fmb) must be converted to XML format (you can use Oracle conversion tool). After extracting the code, zip it an upload it to the cloud or analyze it locally.

You can find further information on how to do it on Kiuwan documentation: https://www.kiuwan.com/docs/display/K5/Analyzing+Oracle+Forms

To analyze an application source code, it is necessary to configure a Quality Model. It requires a great knowledge on the repository of hundreds of rules that help you to validate the code, how to select and parameterize them... The same task is needed for the set of metrics that Kiuwan supports. And still remain some other configuration details for other Kiuwan indicators.

To help this process, Kiuwan provides Checking Quality Model for Software (CQM). CQM is a model for assessing the internal quality of a software product, designed by Optimyth and available 'out-of-the-box' in Kiuwan, so that users can begin to analyze the quality of their code immediately and, once known the methodology behind code quality certification, they will be able to "calibrate" the model, develop new models from it or from scratch, etc.

Kiuwan provides QMM (Quality Model Manager) as a tool to fully manage and administering you quality models.

References:

 https://www.kiuwan.com/docs/display/K5/Quality+Models+Manager+User+Guide

Kiuwan provides indicators for:

 Software characteristics defined in CQM

6

Frequently Asked Questions

o Efficiency, maintainability, reliability, security and portability

 Quality indicator

o It is calculated as weighted average of the above software characteristics through a complex algorithm that has into account the severity of the defects, the weight of the category in which the defect is, the analyzed code volume and the criticality of the language for Kiuwan user. Kiuwan allows to “customize” this algorithm by modifying its level of demand, the weights of the category and the priority of the rules.

 Effort to target

o The amount of work needed to reach the quality goal. Objectives are defined at the beginning of the application analyses. By default, they have to reach 70 points out of 100 in each category that it is being measured. These objectives are configurable. CQM has a repair effort assigned for each one of the more than 2,000 rules it incorporates. The sum of the repair efforts of each defect indicates the time needed to meet the targets.

 Risk index

o It is associated to the structural quality of the software. This indicator concentrates all evidence found in the application source code. To calculate it, the Quality Indicator is used, but also the necessary effort to solve all the problems to reach the quality goal set for this application, as well as the application size.

Risk index represents the potential problems that you are assuming by not paying attention to the quality of your source code. In other words: how far you are to get an acceptable quality level.

It is a number that concentrates all the evidence found in the source code of your application, i.e. quality indicator and the effort that you need to spend to reach the quality level set as goal for you.

So, if you have poor quality, but the effort needed to get better is low, you are not assuming a high risk in this application because you are going to repair your problems easily. But if your effort needed to get better is very high, your risk index will be high, too. Pay attention to risk index evolution over time.

7

Frequently Asked Questions

Kiuwan provides quality information at one simple application (Application), group of applications (Portfolio) or the whole set of applications (Global) levels.

At Application Level, you obviously will get information about the selected application.

At Global Level, you will get aggregated information for all the applications.

At Portfolio Level, you wiil get metrics based on any grouping criteria set you can define. To group applications by some defined criteria, first you have to decide the criteria by which you want to group your applications. For example, the software development team or the factory that has developed the application, the application business value –by default already available on Kiuwan-; or any other criteria relevant for you or your organization.

Once you have decided this, you are able to create a portfolios group with the possible values of the specific criteria it can take (portfolio). For example, for business value, the possible values could be: critical, high, medium, low and very low.

So, you can assign any application to an existing portfolio, establishing the value it will have for that application. My on-line banking application, for instance, might belong to business-critical applications portfolio.

By grouping the applications into portfolios, you can manage the health of your applications at this level, which means that we calculate all Kiuwan indicators for the portfolios and the portfolios groups, based on the applications data. Kiuwan provides a portfolio view (perspective), where you can track the indicators for the portfolios groups and individual portfolios.

References:

 https://www.kiuwan.com/docs/display/K5/Application+View

 https://www.kiuwan.com/docs/display/K5/Portfolio+View

 https://www.kiuwan.com/docs/display/K5/Global+View

Once you have obtained quality metrics and defects of your application, the most probably questions you will have will be some of the following:

 Where should I start to improve?

8

Frequently Asked Questions

 How much time does it take me to repair each one of them?

 Which are the optimal path and action plan to reach my quality goals?

 I only have 20 hours to fix errors before the next delivery. What should I fix to aim the best possible quality?

Kiuwan’s What-If simulation tool allows you to know the effort needed to reach a target quality level and even to know what would be the reached quality level if I only have a certain amount of development time.

With What-If simulator you can run simulation scenarios by concentrating on effort (with this available amount of effort, how can I obtain the best quality gain?) or in quality to reach (how much effort do I need to reach a certain quality level?

Furthermore, once you decide the right simulation scenario, Kiuwan generates an Action Plan for you to implement the simulation. After generation of that action plan, you will be able to monitor the Remediation Progress (i.e. the consecution of that action plan).

References:

 https://www.kiuwan.com/docs/display/K5/What-If

Kiuwan is the only cloud solution that allows you to take decisions about your application portfolio, compare them, see the evolution, explore the best repair scenario to fit your needs and resources and help to decide if an application has to be conserved, optimized or replaced.

Kiuwan provides Decision Quadrants both at Portfolio and Global Levels.

At Portfolio Level, Kiuwan positions portfolios or applications in a graph with 4 quadrants: Replace, Remediate, Observe and Conserve; based on their exposure to development risk and quality. This way you can decide how to improve the health of your portfolios or applications.

At Global Level, Kiuwan provides four decision quadrants:

 Business Value Decision Quadrant

o Aimed to identify those applications in your portfolio that require immediate action based on their criticality for the business and their exposure to any of risks you are facing: Global Risk (Risk index), Failure Probability (Production Risk), Maintenance (Development Risk) and Security Risk.

9

Frequently Asked Questions

 Production Decision Quadrant

o Aimed to identify those applications in your portfolio that could cause problems in production, and if they will be able to recover from these errors easily.

 Development Decision Quadrant

o Aimed to identify those applications in your portfolio exposed in the midterm given the difficulty and associated cost to maintain them.

 Security Decision Quadrant

o Aimed to identify those applications in your portfolio that are exposed to potential internal or external attacks, that can compromise the integrity of your organization, and if these potential vulnerabilities can be easily corrected.

QMM (Quality Model Manager) allows removing any rule (or set of rules) from your quality model. Those rules will not be then run when you execute an analysis.

To do it, you must select your quality model in QMM, find the rule(s) you want to remove (using the search filters that QMM provides) and, once found and selected, click on Remove button to remove it from you quality model.

References:

 https://www.kiuwan.com/docs/display/K5/Quality+Models+Manager+User+Guide

QMM (Quality Model Manager) allows not only removing any rule (or set of rules) from your quality model, but also to completely remove a language.

To remove a language, you must remove all the rules for that language. To do it, you must select your quality model in QMM, find all the rules of the language you want to remove (using the search filters that QMM provides) and, once found and selected, click on Remove button to remove all of them from you quality model.

10

Frequently Asked Questions

As a hint to find and select all the rules of a certain language, we encourage you first to change how the rules tree is displayed by removing the default Characteristic and Priority criteria and only leaving Language criteria. Doing it in this way, the tree will show the full listing of rules grouped only by language, allowing you to easily select all the rules of the language to remove. By clicking on the Remove button, the system will inform you that you will remove all the rules for that language and that the language will be removed from your quality model, asking for confirmation. Clicking on OK, the language will be removed from your model.

References:

 https://www.kiuwan.com/docs/display/K5/Quality+Models+Manager+User+Guide

Yes. Kiuwan provides fully support for the definition, creation and analysis of custom quality rules.

With Kiuwan Local analyzer, we will have access to Kiuwan Rule Developer, a GUI tool that will help you to create, run and edit rules that can be executed in a Kiuwan analysis. After creating, running and debugging our custom rules with Rule Developer, Kiuwan allows you to install and use them in a Quality Model, fully integrating your custom rules with the rules provided by Kiuwan library.

You can add your own rules as follows:

1. Clicking on Import Rulesets button, on the top side of the CQM administration view (Quality Models). 2. Select the xml file with the rules to upload (the ruleset). 3. Select CQM category where you want to add the imported rule. 4. Select the quality model you want to add the rule to (if you don’t select any model, the rule will be imported to the library). 5. Publish the model and then you will be able to use it in any analysis you run.

References:

 https://www.kiuwan.com/docs/display/K5/Rule+development

 https://www.kiuwan.com/blog/rules-development-kiuwan-start/

11

Frequently Asked Questions

Yes. Kiuwan static analyzer can execute quality rules from PMD, CheckStyle and FindBugs.

Kiuwan also allows you to import results from any other static analyzer. You only need to transform those reports to Kiuwan input format and attach those results to local analyzer execution. You can find examples of transformers for HP Fortify and MS-FxCop on: https://github.com/kiuwan/thirdparty-report-importer

References:

 https://www.kiuwan.com/docs/display/K5/Importing+data+from+PMD%2C+Checkstyl e%2C+Findbugs+and+checKingQA

 https://www.kiuwan.com/docs/display/K5/Rule+development

 https://www.kiuwan.com/blog/rules-development-kiuwan-start/

Kiuwan (and code analysis practice) is “neutral” from a methodological point of view, but its architecture and integration facilities enable it to fit “down pat” with agile methodologies and devOps.

Developers and integrators can connect to Kiuwan by different means:

 Jenkins plugin.

o This plugin allows you to run Kiuwan static analyses on your code as part of your continuous integration process with Jenkins.

 IBM UrbanCode Deploy plugin

o With the Kiuwan plugin for IBM UrbanCode Deploy you can add automatic code quality analyses in your deployment process. This plugin allows you to include a step in the design of the component deployment process that will automatically launch a Kiuwan code analysis. The Kiuwan plugin never uploads your source code to Kiuwan servers. Instead, the analysis is run locally and just the quality results are uploaded to Kiuwan.

12

Frequently Asked Questions

 Cloudbees

o You can include the analysis of your code in your CloudBees CI process and take the appropriate action if the quality results don’t meet the specified thresholds.

 REST API.

o With REST API you can retrieve data from Kiuwan and it is intended for developers who want to write applications that can interact with the Kiuwan API. Typical scenarios might be to create your own dashboard or to integrate it in a continuous integration service to block a promotion between environments based on quality results.

 Local analyzer —command line—.

o Local Analizer is specially suited if you want to order an analysis automatically or schedule your quality procedure.

References:

 https://www.kiuwan.com/docs/display/K5/Developers+-+Integrations

The issues in the Kiuwan generated Action Plan can generate automatically incidences in JIRA, accelerating the step between the certification of an application and the remediation of the founded issues.

Kiuwan provides a REST API in case you need to extract quality results from Kiuwan. It is useful to integrate Kiuwan information in your own dashboard or if you want to block a promotion between environments based on the quality results.

References:

 https://www.kiuwan.com/docs/display/K5/REST+API

13

Frequently Asked Questions

Defects found on generated code can be ignored (muted) through Kiuwan Defect Mute functionality. For each muted defect, you can specify a reason why it is muted, as well as a comment. For example, if it is a false positive in a file, a line of code that must not be taken into account, a file that has too many defects of the same type or a line of code that has been generated and does not have to be taken into account, or any other basis that is reasonable for the user.

Through this functionality you can mute defects for the whole application, a specific file or simply for a specific line of code in a file by dragging and dropping the rule that triggers the defects, the file or the line of code. You can perform this action in muted defects tab on Defects screen.

References:

 https://www.kiuwan.com/features/defects-mute

 https://www.kiuwan.com/docs/display/K5/Defects+Mute

Safari, Chrome, FireFox and IE9+ are supported by Kiuwan.

14

Frequently Asked Questions

Kiuwan servers are securely hosted in a state-of-the-art facility that is managed by Amazon and located in Virginia (USA), a premier provider of managed hosting and advanced connectivity solutions. Kiuwan has chosen Amazon because of their reputation for quality service and support, as well as their unparalleled reputation for reliably, posting many of the internet's most trafficked web Systems.

References:

 https://www.kiuwan.com/security-policy

Kiuwan is not an on-premise code review tool hosted in a Cloud provider. It has been designed from the beginning as a SaaS application and, therefore, it is “multitenant”, which prevents that anyone but the owner of an application and its data could access to data that are not theirs (malicious users, hacker, back doors, system errors, information in logs, etc.).

There is no need to upload your code if you do not want to do it for security reasons.

You can analyze your code locally downloading the Local Analyzer, running it in your infrastructure and uploading (encrypted) the results of your analysis, process them securely and seeing the results in Kiuwan cloud as if you had uploaded the code.

In order to see where in the code errors or security vulnerabilities are, you can choose:

 To upload the lines of code where they are located (Kiuwan shows them in defects report).

 Not to upload anything of your code at all (in this case, Kiuwan shows just the line numbers where errors or vulnerabilities have been found).

References:

 https://www.kiuwan.com/docs/display/K5/Kiuwan+local+analyzer

 https://www.kiuwan.com/blog/running-local-analysis-kiuwan-local-analyzer/

15

Frequently Asked Questions

Secure Socket Layer (SSL) technology protects information sent to Kiuwan using encryption and authentication server both of your computer and data between the data center, ensuring that your data in transit is safe, secure and available only to registered users in your organization.

When using Local Analyzer, analysis is performed locally in customer computer and results are sent to Kiuwan site. No source file is uploaded to Kiuwan, only the results of the analysis (defects, metrics, etc.). When uploading the defects, Local Analyzer uploads only the source code line where the defect is found.

With Kiuwan Local Analyzer, you can expand the confidentiality level of your source code, so it does not indicate fragments of code in the violations found and it just shows the line where the violation is.

References:

 https://www.kiuwan.com/security-policy

The PCI Data Security Standard (PCI-DSS v3.0 (Nov 2013)), specifies 12 requirements for compliance, organized into six logically related groups called "control objectives". Requirement #6 (Develop and maintain secure systems and applications) is directly addressable through static code analysis.

Kiuwan is specially suited and supports Req #6 coverage in payment software systems addressing specifically the conformance to 6.1 - 6.7 sub-requirements.

Kiuwan uses IECISA Conexflow payment gateway to handle all payments (PA-DSS compliant); and the service provided by IECISA is PCI-DSS compliant.

Being compliant with these standards means that all payment transactions are secure from many points of view: the way the application is developed, communications, storage of sensitive card and card holder data.

It means, as well, that the payment gateway application runs and stores its data in a PCI-DSS compliant infrastructure. IECISA own their PCI-DSS certified data center from where they provide the payment service Kiuwan uses, based on Conexflow.

16

Frequently Asked Questions

In summary, when Kiuwan asks you for your credit card details, we forward you to a Kiuwan branded page served by Conexflow. Your credit card details are not stored in Kiuwan; we just store the last four digits of the credit card, the expiration date and a token —provided by Conexflow—. That is all we need to bill and run the payment transactions with Conexflow.

There are 4 Kiuwan editions available for Kiuwan customers:

 Basic

This edition is suited for Professional Developers and QA Engineers (includes major Kiuwan functionalities, but suited for a personal use and limited to 1 quality model)

 Professional

This edition is suited for Development Teams and includes support for multiple quality models, multi-user support, defect muter and custom rules utilities.

 Enterprise

This edition is suited for Corporate Quality or Testing Offices, AM Solutions or Sys. Integrators. Includes further support for roles/permission management and portfolio and global functionalities.

 Pay per use

This edition is specially suited for Audits controls or One-shot services. This edition is purchased on monthly periods and features are like Enterprise edition.

There’s also the possibility to register for a Free (Trial) account. This trial account is limited to 15 days, 3 apps (with a maximum of 25K LOC per application) and allows 3 daily analyses. A trial account does not allow the use of Rule Editor, importing custom rules neither creating more than 1 quality model.

Get in contact with you sales representative to get specific information about Kiuwan Editions.

References:

 https://www.kiuwan.com/editions

17

Frequently Asked Questions

By default, Kiuwan allows 3 analyses per day and application. This limit is considered enough when a customer uses Kiuwan in a continuous integration scenario with a daily compilation.

To create a Kiuwan account, you must provide a user ID that must be a valid and active email address, accessible by the account creator.

After registering the Kiuwan account, the system sends an activation email for that account. If you don’t receive that activation email, please, check SPAM folder. If it is not in SPAM folder either, please, contact Kiuwan Technical Support ([email protected]) to request a new activation email.

Kiuwan uses the email address as the account user id, thus it is not possible to create an account if there is another one in the system with the same email address.

In case you want to upgrade your TRIAL to a paid subscription account and keep the same email address, please, contact Kiuwan Technical Support ([email protected]) to request the modification.

1. Make sure you have your username and password correctly spelled. 2. If the problem persists, you can request a new password from Login page, clicking on: “I give up…”. 3. And then, fill your username and click on “Send” and you will receive the instructions to create a new password.

Yes. In Account Mgmt section you can add users to the account, as well as take admin actions for that users and permission assignment.

18

Frequently Asked Questions

There is no limit for Professional and Enterprise accounts.

Yes. The current account admin can assign a new owner from the account users list.

When using the local analyzer, you can specify many analysis properties that further define how your code is analyzed (file extensions, macros, etc.). If you modify them any time, the analyses results in both environments would be different.

On how to configure the local analyzer properties, please check this blog post: https://www.kiuwan.com/blog/running-local-analysis-kiuwan-local-analyzer/

The most frequent reasons why the local analyzer does not execute are:

 Once downloaded the analyzer, you must unzip it to execute the boot files (do not try to run it without decompressing)

 On Linux or Mac machines, you should grant execute permissions on the analyzer boot files (*.sh)

 Java (6+) is not installed on the machine

In the Local Analyzer /temp directory, you can find the agent.log and agentGUI.log files, which should be consulted to diagnose analyzer runtime errors.

19

Frequently Asked Questions

For a detailed description on the requirements and usage, please visit our blog: https://www.kiuwan.com/blog/running-local-analysis-kiuwan-local-analyzer/

Verify that you have access to internet or, in case that the access to internet is via proxy, set the Local Analyzer proxy settings for proper execution.

On how to configure the proxy, check our blog post: https://www.kiuwan.com/blog/running- local-analysis-kiuwan-local-analyzer/

Local Analyzer is by default configured to use a maximum memory use (1024 Mb) and maximum analysis duration (timeout) (1h). When you run a local analysis with a large number of files, one of the common causes of the analysis error is that these parameters by default are not enough for the analysis to end. In these cases, we recommend you to increase those values properly.

On how to configure memory use and timeout, please visit out blog post: https://www.kiuwan.com/blog/running-local-analysis-kiuwan-local-analyzer/

C and C++ analyses require specific configuration options regarding the macros and header files resolution.

You can find a detailed guide on how to configure C/C++ analyses on https://www.kiuwan.com/blog/analyzing-c-with-kiuwan/

20

Frequently Asked Questions

To consult how an analysis has finished and get the error code if an error occurred, click on the upper right side combo next to NEW and select Log. On that screen the error code associated to the analysis is displayed.

For further information on the complete runtime error codes list, please visit: https://www.kiuwan.com/docs/display/K5/Analysis+Error+Code+Reference

Kiuwan analyzes source code of different technologies. This error code indicates that the zip file uploaded to the server does not contain any analyzable file of the supported technologies. This is usually due to different reasons:

• The zip file does not contain source code files (only binary files, image files, etc.).

• Kiuwan does not recognize the sources files extensions.

In this case, please check this guide https://www.kiuwan.com/resources/frequent-asked- questions to check the recognized extensions. In case you need to modify the default extensions, you should analyze locally and configure them (add new extensions and/or modify the existing ones).

If you analyze in the cloud, this error means that the analysis has exceeded the maximum time allowed (1h). This time is fixed in the cloud, so if you want to increase that time, you must analyze locally and increase it as much as you need. On how to configure the timeout, please check: https://www.kiuwan.com/blog/running-local-analysis-kiuwan-local-analyzer/

If the error persists, you need to upload the log to INFO:

%kiuwanlocalanalizaer%/conf/log4j.properties: log4j.rootLogger = INFO

...MaxFileSize = 500000KB

21

Frequently Asked Questions

Then, run the analysis again and send the execution log (located in %kiuwanlocalanalizaer%/temp/agent.log) to Kiuwan Technical Support ([email protected])

The account LOC limits have been exceeded. In this case, you can either remove huge size applications or analyses or upgrade the account to increase the limits.

From Metrics screen on Size / Code / Lines of code / export to CSV (CSV option on the top left of the screen).

Global view shows the sum of the lines of code of all the applications of one account.

22