Welcome!

Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

Blog Feed Post

6 Hidden Costs of Building Your Own Open Source Code Analyzer Platform

Thinking about building your own multi-language custom source code analyzer platform using open source components?  Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier).  Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple. Source Code Analyzer:  What is under the code? First, what we mean by “multi-language custom source code analyzer platform” is a platform that analyzes all the source code underlying your critical custom software applications and projects, and: Delivers consistent and business relevant measurements, trends, and benchmarking Enables staff to identify and address flaws causing instability and excess complexity Provides insights on the trajectory of code quality and complexity Analyzes flaws at both the code and component interaction levels across all technology layers Anything less would leave your applications difficult to manage, your users unsatisfied, and your management team in the dark.   Hidden Costs of Building an Open Source Code Analyzer This is a big undertaking.  Yes, you’ve seen much bigger projects, but this one comes with significant hidden costs: Scarce Expertise – Open source doesn’t automatically mean easy-to-integrate.  In fact, many times, it means quite the opposite.  Many companies resort to hiring expensive code quality consultants when it’s time to integrate the results.  And, if this happens in the middle of the project, after your team has thrown in the towel, it can be extra costly. Training – Sure, you can develop your own source code analyzer and parsing expertise.  But, it takes time, money, and you have to be sure you can retain the talent once they are trained. Project Scope Creep – Currently available open source code analyzers are mostly based on Java.  If you applications are based in C, COBOL, .Net, or other commonly used languages, you may need to purchase or extend additional custom code analyzers.  This means a significant expansion in the original scope of the project. Inability to Scale – Many open source code analyzers work very well at the individual developer or small team scale.  However, an organizational-wide adoption of code analysis requires sharing of information, easily accessible visibility, and meeting all technologies needs of the entire organization.  Often, companies see huge hurdles to adoption or outright abandonment because it was simply not useful for everyone. Opportunity Cost – We estimate that it takes two resources over five years to build an adequate software quality analysis platform (10 man-years) for a specific environment.  That means these management and development resources have to deprioritize tasks that may have better returns. Waiting for Return – Typically the value of software quality analysis and the process that implement to address it begin to materialize 6 – 12 months after initial implementation.  Building your own means that the return is that much further down the timeline. An off-the-shelf solution will not only help you avoid the above hidden costs, but also deliver immediate code quality improvements.  Plus, a proven provider will help you navigate through challenges that you may face during implementation. This is the first in a series of two blog posts.  In the next post, we will look at the hidden costs of owning and maintaining your own software quality analysis platform based on open source components.

Read the original blog entry...

More Stories By Lev Lesokhin

Lev Lesokhin is responsible for CAST's market development, strategy, thought leadership and product marketing worldwide. He has a passion for making customers successful, building the ecosystem, and advancing the state of the art in business technology. Lev comes to CAST from SAP, where he was Director, Global SME Marketing. Prior to SAP, Lev was at the Corporate Executive Board as one of the leaders of the Applications Executive Council, where he worked with the heads of applications organizations at Fortune 1000 companies to identify best management practices.

IoT & Smart Cities Stories
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
In an age of borderless networks, security for the cloud and security for the corporate network can no longer be separated. Security teams are now presented with the challenge of monitoring and controlling access to these cloud environments, at the same time that developers quickly spin up new cloud instances and executives push forwards new initiatives. The vulnerabilities created by migration to the cloud, such as misconfigurations and compromised credentials, require that security teams t...
The graph represents a network of 1,329 Twitter users whose recent tweets contained "#DevOps", or who were replied to or mentioned in those tweets, taken from a data set limited to a maximum of 18,000 tweets. The network was obtained from Twitter on Thursday, 10 January 2019 at 23:50 UTC. The tweets in the network were tweeted over the 7-hour, 6-minute period from Thursday, 10 January 2019 at 16:29 UTC to Thursday, 10 January 2019 at 23:36 UTC. Additional tweets that were mentioned in this...