The Application Analysis Report provides a comprehensive, data-driven evaluation of your application’s source code. This report helps stakeholders make decisions to improve software health and minimize risk.
This guide explains how to generate a report, retrieve it via API, and understand the metrics included in the analysis.
Generate the application analysis report
There are two ways to generate this report: through the Kiuwan portal or via REST API.
Via Kiuwan portal
Under Code analysis, click the Summary menu and select PDF to download the report to your computer.
Via Kiuwan REST API
Kiuwan provides a REST API to retrieve the Application Analysis Report automatically. For more information, visit the API documentation Generate Report Summary.
Understanding the Application Analysis Report
The Application Analysis Report provides detailed information about your application’s quality and risk profile. Below, find a description of each section included in this report and the key metrics.
Introduction: Methodology
Describes Kiuwan’s checKing Quality Model (CQM) for Software, which is based on ISO 25000 standards, simplifying internal quality assessment. This report evaluates five key software characteristics:
- Security
- Reliability
- Efficiency
- Maintainability
- Portability
These characteristics are scored between 0 and 100, with the following thresholds:
- 0-30 (Red): Critical issues require immediate action.
- 30-70 (Yellow): Acceptable, but improvements are recommended.
- 70-100 (Green): Good quality, no critical defects found.
Application & analysis information
Provides context about the analyzed app and the analysis configuration:
- Application name and business value
- Analysis date and label
- Languages analyzed
- Rules and metrics used
- Compliance standards applied: OWASP, CWE, SANS25, PCI-DSS, HIPAA, WASC, MISRA-C, BIZEC, ISO 25000, ISO 9126, CERT-C, CERT-J
Risk Index
This metric measures the potential risk due to poor source code quality.
Consider the following indicators:
- Global Indicator score
- Effort to Target (Hours required to reach quality goals)
A low-risk index means minimal risk, while a high-risk Index indicates greater exposure and higher remediation effort.
Main Indicators
Summarizes the Global Indicator (overall quality score). It provides individual scores for the CQM indicators: Security, Reliability, Efficiency, Maintainability, and Portability.
It compares current indicators to predefined application targets and visualizes indicators of quality evolution over time to monitor trends.
Reparation Efforts
Displays the Effort to Target metric, indicating the estimated effort (in hours) to meet your quality objectives.
Also, it helps to prioritize defect correction based on the minimum work required to achieve your targets.
Main Metric Values
Offers a snapshot of key metrics gathered during an analysis, including the following:
- Lines of Code (LOC): Excluding comments and blanks.
- Function Points: Estimated size of the software.
- Average Complexity: Complexity per function/method.
- Duplicated Code Ratio: Percentage of code duplication.
Indicator Distribution in Files
This metric evaluates how quality indicators are distributed across files and uses quintiles to group files by indicator score.
It also lists the files with the lowest quality indicators, highlighting focus areas for remediation.
Metric Distribution in Files
Analyzes how the following code metrics are spread across files (shows quintile-based distribution):
- File Size (lines of code)
- Complexity (cyclomatic complexity)
- Duplicated Code (duplication ratio)
Top 10 Repair First Defects
Last but not least, this section lists the top 10 defect types that should be fixed first. It prioritizes defects based on their impact and the required effort to resolve them.
Each entry includes the following:
- Defect type and associated rule
- Files where the defect appears
- Related characteristic
- Priority level and estimated effort