Quality and Security Management

1 Introduction

Mendix Quality and Security Management (QSM) is a cloud service developed by Mendix and the Software Improvement Group (SIG). Mendix AQM performs a static analysis of Mendix application models according the ISO 25010 standard for maintainability. Dashboards provide instant insight into the quality of the application models as they’re built, including quality ratings based on benchmarks of thousands of projects.

By proactively monitoring quality on a daily basis customers can improve maintainability and reduce lifecycle costs.

The Mendix AQM quality model is based on the SIG/TÜViT Evaluation Criteria. These criteria provide standardized evaluation and certification of the technical quality of the source code of software products. The purpose of such evaluation and certification is to provide an instrument to developers for guiding improvement of the products they create and enhance.

The general notion of software quality embraces a variety of quality aspects, of which a taxonomy is available in the ISO/IEC 25010 international standard on software product quality. The scope of the SIG/TÜViT Evaluation Criteria is limited to the internal quality characteristic of maintainability and its sub-characteristics of analyzability, modifiability, testability, modularity and reusability. The evaluation concerns the source code of a software product, not the behavior of the product in a test or production environment.

2 Additional Information

• Mendix AQM is available for projects based on Mendix 6.0 and above
• Mendix AQM supports self-service onboarding of new AQM apps for existing customers via Mendix Support
• Mendix AQM is part of our Mendix pricelist – for more information or activation, please contact your Mendix Customer Success Manager or Sales
• Detailed documentation is available via the complementary Sigrid Academy
• Mendix AQM dashboard reports are generated every night based on the latest version in your Project Team Server
  • By default, the Mendix AQM reports are based on the main line in your app’s Team Server
  • We are building CI support for Mendix that will allow you to run AQM in your Mendix CI pipeline (for more information, see SigridCI)

3 Implemented Checks for Best Practices

AQM includes automated checks for a subset of the Mendix Development Best Practices. The following checks are currently implemented in AQM:

4 Release Notes

2.0.0

Quality Monitor tool update

It is now possible to compare snapshots with each other. This functionality is similar to the metrics table. The Compare snapshot functionality shows the differences between two snapshots.

We have enhanced dependency graph with some nice new features so you can see more information about the dependencies:

• You can see details of dependencies between two components by clicking on the edges.
• You can also see the dependency graph of the previous snapshot.
• The Graph can be filtered by dependency types, so you see only relevant information
• If you want to analyze the dependencies a bit further, you now can download the information in the DOT format. This can be used in tools like Graphviz.
• Large graphs are now correctly rendered again.

Analysis tool update - Pseudocode generator

The Analysis tool has been enhanced a lot, this will mitigate the occurrence of commonly seen false positive duplicates in the Microflows and Pages:

• Render references similar to attributes in CreateObject action
• Render variable name and show-in-browser value for DownloadFile action
• Render name and called operation for WebserviceCall action
• Render new values for attributes that get modified by ChangeObject action
• Render template name and parameters for GenerateDocument action
• Don’t render canvas size for pages and snippets
• AllowedRoles are now all rendered on a single line in the pseudo code of a Page

System Analysis Toolkit

We have upgraded the Model to the latest version 8.0 of SIG/TÜVIT Maintainability Model (Feb. 2016 calibrated version).