The solution provides agnostic blockers for platforms as well as for containerization. Within that containerization, it offers generic blockers. However, my project might require it to provide Windows-specific blockers or Linux-specific blockers, as I often work with only one platform at a time. If I received categorization in containerization blockers, it would save time. Understanding only the OS-specific blockers means I would avoid resolving irrelevant issues, thus saving time. Initially, I receive a response from support, however, if there is involvement from R&D or other teams, it may take longer than expected. The support team is challenging when sharing source code. As this is a static code analysis tool, it sometimes requires source code for R&D. However, CAST clients may be restricted from sharing due to business logic and nondisclosure agreements. This creates a challenge, and I may have to share pseudo code or seek client approval, risking escalation.
We get some code insights from CAST. We get insights as to if this or that function has way too many comments or things like that. We would like to backtrace, and understand how dependent that is as per the application. For example, when you are writing code in C Sharp versus writing code in C++, obviously, C++ has more complexities within that. What CAST does is CAST aggregates for different languages, and if they could provide us inputs for each of these languages separately, then that'd be great. When they classify code between their own code and third-party code, they classify it based on the number of files, and not really the number of lines. I'm not sure how extensive of a change this is on their end; however, it would be nice if they could tell us the number of lines of code that are not theirs. There's a bit of a learning curve at the outset. We have come across bugs occasionally. Technical support could be better.
Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. Both are licensed separately. As per CAST, Highlight is for RAPID prototyping and AIP is for in depth detailed analysis. But then there are areas which Highlights covers (Cloud Adoption) which AIP does not. Our experience in using AIP is that it also does not look at entire tech stack and does not provide the list of all technologies present in your application and then flag what is supported and what is not so that customer has clear view. Highlight probably does that. They need to simplify it for customers. I would expect CAST Highlight to have lighter version of the Health dashboard and the Engineering dashboards . These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time.
The level of abstraction is a little bit high compared to other solutions, such as Veracode. The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user. Reducing this type of technical debt would help to manage policy such that it was easier to create and submit for approval. Essentially, it does not provide enough help for the developers.
CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It automatically analyzes source code of hundreds of applications in a week for Cloud Readiness, Software Composition Analysis (Open Source risks), Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.
CAST is the...
The solution provides agnostic blockers for platforms as well as for containerization. Within that containerization, it offers generic blockers. However, my project might require it to provide Windows-specific blockers or Linux-specific blockers, as I often work with only one platform at a time. If I received categorization in containerization blockers, it would save time. Understanding only the OS-specific blockers means I would avoid resolving irrelevant issues, thus saving time. Initially, I receive a response from support, however, if there is involvement from R&D or other teams, it may take longer than expected. The support team is challenging when sharing source code. As this is a static code analysis tool, it sometimes requires source code for R&D. However, CAST clients may be restricted from sharing due to business logic and nondisclosure agreements. This creates a challenge, and I may have to share pseudo code or seek client approval, risking escalation.
There could be potential improvements or additional features added to CAST Highlight to make it better.
The ease of configuration and customization could be improved in CAST Highlight.
We get some code insights from CAST. We get insights as to if this or that function has way too many comments or things like that. We would like to backtrace, and understand how dependent that is as per the application. For example, when you are writing code in C Sharp versus writing code in C++, obviously, C++ has more complexities within that. What CAST does is CAST aggregates for different languages, and if they could provide us inputs for each of these languages separately, then that'd be great. When they classify code between their own code and third-party code, they classify it based on the number of files, and not really the number of lines. I'm not sure how extensive of a change this is on their end; however, it would be nice if they could tell us the number of lines of code that are not theirs. There's a bit of a learning curve at the outset. We have come across bugs occasionally. Technical support could be better.
CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves.
Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. Both are licensed separately. As per CAST, Highlight is for RAPID prototyping and AIP is for in depth detailed analysis. But then there are areas which Highlights covers (Cloud Adoption) which AIP does not. Our experience in using AIP is that it also does not look at entire tech stack and does not provide the list of all technologies present in your application and then flag what is supported and what is not so that customer has clear view. Highlight probably does that. They need to simplify it for customers. I would expect CAST Highlight to have lighter version of the Health dashboard and the Engineering dashboards . These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time.
The level of abstraction is a little bit high compared to other solutions, such as Veracode. The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user. Reducing this type of technical debt would help to manage policy such that it was easier to create and submit for approval. Essentially, it does not provide enough help for the developers.