Required Software

A Final Perspective on Technical Requirements

Today, the technical requirements that the system must meet are these, but tomorrow they will be different. The only certainty we have about the future is that it will be different from the present. The 30-year success story of the various implemented systems illustrates one of the main advantages of working with models: technologies change without disturbing the functional model (data, interfaces, processes, business rules) defined in Genio.

Functional models and technological layers evolve autonomously. And the continuous evolution at an accelerated pace, both in terms of functionalities and technological features, over the last 30 years, gives us the right to claim that Quidgest systems are future-proof.

Technology evolution

Security in the Development Process

Since its establishment in 1988, Quidgest has always been concerned with Quality and Security, along with automatic generation. The ISO 27001 certification – Information Security Management System covers, at Quidgest, all activities pursued and, consequently, relevant to the supply of systems: design, development and automatic generation of information systems and related consulting, training, research, technical assistance and evolutionary maintenance activities.

Among the mechanisms that ensure the security of the development process are:

  • Automatic validation of the Genio model
  • The maturity of the components used
  • Continuous integration processes, including unit tests
  • Constant peer review
  • Static code analysis tools.

Since Genio generates standard code written in the most popular programming languages (which is not usually the case with low-code platforms), it can benefit from the use of any tools, often open-source, created by third parties. Examples include Jenkins and SonarQube. Using and periodically updating specialized third-party tools ensures compliance with very high security levels and keeps up with the constantly changing demands of this sensitive knowledge domain.

A static code analysis tool aims to identify sensitive code areas that require manual review, creating correction plans and maintaining general code quality metrics. To achieve this goal, in a context of automatic generation based on patterns, the tool will analyze:

  • Genio's own generator code.
  • The code of a test application generated by Genio; representative of all others used in the company.

This analysis results in 5 measurement vectors:

  • Efficiency
  • Maintenance
  • Portability
  • Robustness
  • Security

Acceptance criteria are established for new versions of Genio triggered by Jenkins, and if they fail, Genio development teams are notified. From these reports, action plans are produced whenever there is a decrease in code quality. These action plans are sent to the development teams that use SonarQube as a knowledge base for examples of correcting similar situations.

The SonarQube platform validates that the corrections applied to the code effectively remove the situations found in the previous analysis so that the metrics can resume the continuous improvement process.

SonarQube detects all the most common security flaws in code development:

  • Injection
  • Pointer and reference handling
  • Encryption & randomness
  • File handling
  • Error handling & fault isolation
  • Initialization & shutdown
  • Control flow management
  • Misconfiguration
  • Information leaks
  • Design error

Therefore, when they occasionally occur, they always deserve prioritization of urgency in action plans.