doc.casthighlight.com
Open in
urlscan Pro
35.229.97.61
Public Scan
Submitted URL: https://learn.castsoftware.com/e3t/Ctc/IU+113/b3v204/VW79yQ8v2j5TW36_8Ds7hC3qsW197v5Z4ZyCr-N70Sktw3q3n_V1-WJV7CgT-vVZLDrD4jmKyw...
Effective URL: https://doc.casthighlight.com/cloudreadypatterns/?utm_campaign=General_HL_Product_Release_Notes&utm_medium=email&_hsmi=2549141...
Submission: On May 10 via api from US — Scanned from DE
Effective URL: https://doc.casthighlight.com/cloudreadypatterns/?utm_campaign=General_HL_Product_Release_Notes&utm_medium=email&_hsmi=2549141...
Submission: On May 10 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
CAST HIGHLIGHT | CLOUDREADY PATTERN DOCUMENTATION
CloudReady Rules 122
Blockers 65
Boosters 57
Containerization 15
See CloudReady Pattern List
--------------------------------------------------------------------------------
Type Platform Pattern Containerization Technologies BlockerAgnosticAccess to
environment variableC# Java JavaScript Kotlin PHP Python SWIFT TypeScript
VB/VB.Net C/C++ Scala Clojure Go BlockerAgnosticApplication server
dependenciesJava BlockerAgnosticAvoid code that can accidentally get
skippedCOBOL JavaScript TypeScript Scala BlockerAgnosticAvoid launching
OS-specific sub-processes from codeKotlin PHP Python SWIFT Scala Clojure Go
BlockerAgnosticAvoid using ALTER statements in mainframesCOBOL
BlockerAgnosticAvoid using binary data type in mainframesCOBOL
BlockerAgnosticAvoid using CA Panvalet Command in mainframes specific of
Z/OSCOBOL BlockerAgnosticAvoid using CURRENCY SIGN clause in mainframes specific
to Z/OSCOBOL BlockerAgnosticAvoid using DECIMAL POINT IS A COMMA clause in
mainframes specific to Z/OSCOBOL BlockerAgnosticAvoid using deprecated MySQL
commandsPHP BlockerAgnosticAvoid using DL/I CallsCOBOL BlockerAgnosticAvoid
using Double Byte character in mainframesCOBOL BlockerAgnosticAvoid using GOTO
statements in mainframesCOBOL BlockerAgnosticAvoid using hardcoded URLs (FTP
protocol) in source codeC# COBOL Java JavaScript Kotlin PHP Python SWIFT
TypeScript VB/VB.Net C/C++ Scala Clojure Go BlockerAgnosticAvoid using hardcoded
URLs (HTTP protocol) in source codeC# COBOL Java JavaScript Kotlin PHP Python
SWIFT TypeScript VB/VB.Net C/C++ Scala Clojure Go BlockerAgnosticAvoid using
hardcoded URLs (LDAP protocol) in source codeC# COBOL Java JavaScript Kotlin PHP
Python SWIFT TypeScript VB/VB.Net C/C++ Scala Clojure Go BlockerAgnosticAvoid
using hexadecimal constants in mainframesCOBOL BlockerAgnosticAvoid using OCCURS
clause in mainframesCOBOL BlockerAgnosticAvoid using packed Decimal unique way
of representation of decimal data in mainframesCOBOL BlockerAgnosticAvoid using
REDEFINES clause in mainframesCOBOL BlockerAgnosticAvoid using the
SYSIBM.SYSDUMMY1 dummy table in mainframesCOBOL BlockerAgnosticAvoid using
unsecured database connection stringsC# VB/VB.Net C/C++ BlockerAgnosticPerform
Directory ManipulationC# Java JavaScript Kotlin PHP Python SWIFT TypeScript
VB/VB.Net C/C++ Scala Clojure Go BlockerAgnosticPerform File ManipulationC# Java
JavaScript Kotlin PHP Python SWIFT TypeScript VB/VB.Net C/C++ Scala Clojure Go
BlockerAgnosticUse of an unsecured data stringC# COBOL Java JavaScript Kotlin
PHP Python SWIFT TypeScript VB/VB.Net C/C++ Scala Clojure Go BlockerAzureUse of
database driver incompatibility (PDO_DBLIB)PHP BlockerAgnosticUse of LDAP/AD
authenticationC# BlockerAgnosticUse of sendmail utility on Paas instead of
specific email sending libraryPHP BlockerAgnosticUse of WCF (Windows
Communication Foundation) servicesC# BlockerAzureUsing functions fn_get_sql,
fn_virtualfilestats, fn_virtualservernodes - Unsupported in Azure SQL
DatabaseTSQL BlockerAgnosticUsing a middleware applicationC# Java VB/VB.Net
BlockerAgnosticUsing a temporary local file or directoryC# VB/VB.Net C/C++ Scala
Go BlockerAgnosticUsing Access Control ListC# Java JavaScript TypeScript
VB/VB.Net C/C++ Scala Go BlockerAgnosticUsing Auto Generated Machine KeyC#
VB/VB.Net BlockerVMWare TanzuUsing CDI Beans ConfigurationJava
BlockerAgnosticUsing COM ComponentsC# VB/VB.Net BlockerAgnosticUsing Crypto
APIC# JavaScript TypeScript VB/VB.Net BlockerAgnosticUsing direct Database
Access through Connection StringsC# VB/VB.Net C/C++ BlockerSpecificUsing
EventLog in System.Diagnostics namespaceC# VB/VB.Net C/C++ C# VB/VB.Net
BlockerAgnosticUsing file systemC# COBOL Java JavaScript Kotlin PHP Python SWIFT
TypeScript VB/VB.Net C/C++ Scala Clojure Go BlockerAzureUsing function ALTER
DATABASE - Unsupported in Azure SQL DatabaseTSQL BlockerAzureUsing function
CREATE CREDENTIAL - Unsupported in Azure SQL DatabaseTSQL BlockerAzureUsing
function fn_my_permissions - Unsupported in Azure SQL DatabaseTSQL
BlockerAzureUsing function sp_addmessage - Unsupported in Azure SQL DatabaseTSQL
BlockerAzureUsing functions OPENQUERY, OPENROWSET, OPENDATASOURCE - Unsupported
in Azure SQL DatabaseTSQL BlockerAgnosticUsing hardcoded network IP address
(IPV4, IPV6)C# COBOL Java JavaScript Kotlin PHP Python SWIFT TypeScript
VB/VB.Net C/C++ Scala Clojure Go BlockerVMWare TanzuUsing IBM WebSphereJava
BlockerAgnosticUsing impersonate IdentityC# Java VB/VB.Net C/C++ BlockerVMWare
TanzuUsing JBoss Application ServerJava BlockerVMWare TanzuUsing JEE
ConfigurationJava BlockerAgnosticUsing Log4Net for application logsC# VB/VB.Net
BlockerSpecificUsing New Process in System.Diagnostics namespaceC# JavaScript
TypeScript VB/VB.Net BlockerAgnosticUsing of unsecure network protocols (HTTP,
FTP)C# COBOL Java JavaScript Kotlin PHP Python SWIFT TypeScript VB/VB.Net C/C++
Scala Clojure Go BlockerAgnosticUsing of Windows AuthenticationC# VB/VB.Net
BlockerVMWare TanzuUsing Oracle WebLogicJava BlockerAgnosticUsing other
configuration files than Web configurationC# VB/VB.Net BlockerAzureUsing
SEMANTICKEYPHRASETABLE (semantic search) - Unsupported in Azure SQL DatabaseTSQL
BlockerAgnosticUsing stateful session (Servlet)Java PHP BlockerAgnosticUsing
stateful session (Spring)Java BlockerAgnosticUsing system DLLsC# VB/VB.Net C/C++
Go BlockerSpecificUsing System.ServiceProcess (Windows services)C# VB/VB.Net
BlockerAzureUsing USE statement - Unsupported in Azure SQL DatabaseTSQL
BlockerAgnosticUsing Webform AuthenticationC# VB/VB.Net BlockerAgnosticUsing
Windows registry to store Application SettingsC# VB/VB.Net
BlockerAgnostic[deprecated] Use of an unsecured APIC# BoosterAgnosticCorrect
usage of LoggingC# VB/VB.Net BoosterAgnosticPresence of a web configuration
fileC# VB/VB.Net BoosterAgnosticRetry Patterns: Using RetryPolicy or
RetryManager classesC# VB/VB.Net BoosterAgnosticUse ConfigurationManagerC#
VB/VB.Net BoosterAgnosticUsing a CICS webservice in mainframesCOBOL
BoosterSpecificUsing a Cloud-based Access ControlC# Java BoosterSpecificUsing a
Cloud-based Active DirectoryJavaScript Kotlin SWIFT TypeScript Clojure Go
BoosterSpecificUsing a Cloud-based Active DirectoryC# Java PHP Python SWIFT
VB/VB.Net C# PHP Python VB/VB.Net BoosterSpecificUsing a Cloud-based Batch Job
OrchestrationC# Java PHP Python SWIFT VB/VB.Net C# Python SWIFT VB/VB.Net
BoosterSpecificUsing a Cloud-based Big Data technology (EMR)Kotlin Scala Clojure
Go Kotlin SWIFT Clojure Go Clojure Go BoosterAgnosticUsing a Cloud-based
Blockchain technologyKotlin SWIFT Clojure Go BoosterAgnosticUsing a Cloud-based
cache in-memory database (Memcached)Kotlin SWIFT Clojure Go BoosterSpecificUsing
a Cloud-based cache Management FrameworkC# Java PHP Python VB/VB.Net Clojure C#
Java PHP Python VB/VB.Net BoosterSpecificUsing a Cloud-based container
serviceKotlin Clojure Go SWIFT Clojure BoosterSpecificUsing a Cloud-based data
storageC# Java JavaScript Kotlin PHP Python SWIFT TypeScript VB/VB.Net Scala
Clojure Go C# Java JavaScript Kotlin PHP Python SWIFT TypeScript Scala Clojure
Go Go BoosterSpecificUsing a Cloud-based data storageC# Java JavaScript Kotlin
PHP Python SWIFT TypeScript Scala Clojure BoosterSpecificUsing a Cloud-based
encryption mechanismC# Java Kotlin Python SWIFT VB/VB.Net BoosterSpecificUsing a
Cloud-based function as a service (Serverless)C# Java Kotlin Scala Clojure Go C#
Java Kotlin Scala Clojure C# Java Kotlin Scala Clojure Go BoosterSpecificUsing a
Cloud-based key storageC# Java JavaScript Kotlin Python TypeScript VB/VB.Net
Scala Clojure Go C# Java JavaScript Kotlin Python SWIFT TypeScript VB/VB.Net
Scala BoosterSpecificUsing a Cloud-based Key storage (KMS)C# Java JavaScript PHP
Python TypeScript Clojure BoosterSpecificUsing a Cloud-based middleware
application (Pub/Sub)C# Java JavaScript Kotlin PHP Python SWIFT TypeScript Scala
Clojure Go BoosterSpecificUsing a Cloud-based search engineKotlin Clojure Go
Clojure BoosterSpecificUsing a Cloud-based Service BusC# Java JavaScript
TypeScript VB/VB.Net Go C# Java JavaScript PHP Python SWIFT TypeScript VB/VB.Net
Scala Go BoosterSpecificUsing a Cloud-based Stream and Batch data processingC#
Java Python BoosterSpecificUsing a Cloud-based task scheduling serviceJavaScript
TypeScript C# JavaScript TypeScript VB/VB.Net BoosterSpecificUsing a Cloud-based
task scheduling serviceC# Java JavaScript PHP Python SWIFT TypeScript Scala
BoosterAgnosticUsing a connection to DB2 in mainframesCOBOL BoosterAgnosticUsing
a connection to IBM IMS CSQ series in mainframesCOBOL BoosterAgnosticUsing a
connection to IBM MQ series in mainframesCOBOL BoosterSpecificUsing a Load
BalancerC# Java C# Java Java BoosterAgnosticUsing a processing JSON inputCOBOL
Kotlin SWIFT Clojure Go BoosterAgnosticUsing a processing JSON output in
mainframesCOBOL BoosterAgnosticUsing a processing XML inputCOBOL Kotlin SWIFT
Clojure Go BoosterAgnosticUsing a subset of data rows in DB2 in mainframesCOBOL
BoosterSpecificUsing BigQuery product cloud data warehouseGo C# Java JavaScript
Kotlin PHP Python TypeScript C/C++ Scala Clojure BoosterSpecificUsing BigTable
product fully managed NoSQL database serviceC# Java JavaScript PHP Python
TypeScript Scala Clojure Go BoosterAgnosticUsing CASE statements in
mainframesCOBOL BoosterSpecificUsing Cloud Datastore product NoSQL document
databaseC# Java JavaScript PHP Python TypeScript Scala BoosterSpecificUsing
Cloud IAM (Identity & Access Management) for managing specific resources access
authorizationKotlin PHP Python SWIFT Scala Clojure Go C# Java JavaScript PHP
Python TypeScript Clojure Go BoosterSpecificUsing Cloud IAP (Identity Aware
Proxy)C# Java JavaScript PHP Python TypeScript BoosterSpecificUsing Cloud
Memorystore for Redis fully managed in-memory data store serviceKotlin SWIFT
Scala Clojure Go C# Java JavaScript PHP Python TypeScript Go
BoosterSpecificUsing Cloud Spanner product relational database serviceC# Java
JavaScript PHP Python TypeScript Scala Clojure BoosterSpecificUsing cloud
specific storage componentC# Java C# Java C# Java BoosterSpecificUsing
Cloud-based database servicesC# Kotlin Clojure Go C# Java VB/VB.Net Go
BoosterSpecificUsing Devops automation and IaC (Infrastructure as Code)C# Java
C# Java SWIFT C# Java BoosterAgnosticUsing Docker product open-source platform
for managing containerized workloads and servicesKotlin SWIFT Scala Clojure Go
BoosterSpecificUsing ETLs (Extract Transform Load)C# Java C# Java C# Java
BoosterSpecificUsing Firebase Google's mobile platformC# Java JavaScript Kotlin
PHP Python SWIFT TypeScript Scala Clojure Go BoosterSpecificUsing Kubernetes
product open-source platform for managing containerized workloads and
servicesKotlin SWIFT Scala Clojure Go C# Java JavaScript PHP Python TypeScript
BoosterAgnosticUsing MongoDB databaseC# Java JavaScript Kotlin PHP Python SWIFT
TypeScript VB/VB.Net Scala Clojure Go BoosterSpecificUsing Monitoring ServiceC#
Java C# Java C# Java BoosterAgnosticUsing MySQL databaseC# Java JavaScript
Kotlin PHP Python SWIFT TypeScript VB/VB.Net Scala Clojure Go
BoosterSpecificUsing NoSQL document storageC# Java Kotlin PHP Python SWIFT
VB/VB.Net Scala Clojure Go Java JavaScript Kotlin PHP Python TypeScript Scala
Clojure Go BoosterAgnosticUsing Oracle databaseKotlin Clojure Go
BoosterAgnosticUsing PostgreSQL databaseC# Java JavaScript Kotlin PHP Python
SWIFT TypeScript VB/VB.Net Scala Clojure Go BoosterAgnosticUsing SQL server
databaseC# Kotlin VB/VB.Net Clojure Go BoosterAgnosticUsing uncommit read option
UR in mainframesCOBOL
Temporary Files
Agnostic
ACCESS TO ENVIRONMENT VARIABLE
Environment variables are OS-dependent and as such, not Cloud-friendly.
Additionally, their existence in a Cloud environment cannot be guaranteed over
time as the underlying infrastructure could be moved, remove or duplicated.
Instead, you should consider using YAML files or shared data source to store
your application configuration parameters.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE CODE FRAMEWORK
Use the CAST Highlight output listing all your code files declaring dependencies
to environment variables. Review the dependencies in each file. For each
environment variable that needs to be set up, ensure it will exist in your
container. There are two ways this information can be passed down to the
container. You can use the -e option in the run command of your docker
container. It is adequate when the number of variables is low. However, as soon
as we have more than a handful of variables, it can quickly become cumbersome
and error-prone. The second option is preferred: You can specify a file to read
values from, called an env_file.
REFERENCES
https://vsupalov.com/docker-arg-env-variable-guide/#setting-env-values
REFERENCES
https://support.cloud.engineyard.com/hc/en-us/articles/205407508-Environment-Variables-and-Why-You-Shouldn-t-Use-Them
Execution Environment
Agnostic
APPLICATION SERVER DEPENDENCIES
This pattern verifies the presence of dependencies to application servers such
as WebLogic and Jetty.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Code Execution
Agnostic
AVOID CODE THAT CAN ACCIDENTALLY GET SKIPPED
This pattern verifies the presence of the ‘assert()’ function in source code.
assert() is a debugging instruction that should not be found in mature code in
production. Moreover, this instruction is aimed to provide information in the
console, which doesn’t make sense in a Cloud context. Example of assert() usage:
function assert(condition, message) { if (!condition) { message = message ||
"Assertion failed"; if (typeof Error !== "undefined") { throw new
Error(message); } throw message; // Fallback } } In a COBOL context, this
pattern verifies the presence of DISPLAY statements and WITH DEBUGGING MODE
clauses in source code. DISPLAY statement is used to the value of a data item on
a screen or write it to a file. This is used for debugging purpose. It is not
good to have this in production environment. WITH DEBUGGING MODE activates a
compile-time switch for debugging lines written in the source text. A debugging
line is a statement that is compiled only when the compile-time switch is
activated. Debugging lines allow you, for example, to check the value of a
data-name at certain points in a procedure. This is used for debugging purpose.
It is not good to have this in production environment.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.w3schools.com/nodejs/ref_assert.asp
Execution Environment
Agnostic
AVOID LAUNCHING OS-SPECIFIC SUB-PROCESSES FROM CODE
Cloud/PaaS applications must be OS-agnostic as much as possible and should not
rely on OS-specific features or processes, which may not be available on the
Cloud environment as the underlying operating system (in this specific case,
Windows) may change over time. Sub-processes that are executed from code are
specific to an Operating System.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://developer.ibm.com/articles/1404-brown/
IBM Mainframes
Agnostic
AVOID USING ALTER STATEMENTS IN MAINFRAMES
The ALTER statement modifies a predetermined sequence of operations. The ALTER
statement is classed as an obsolete element in the ANSI’85 standard.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SGM_5.1.0/com.ibm.cobol51.aix.doc/PGandLR/ref/rlpsalte.html
IBM Mainframes
Agnostic
AVOID USING BINARY DATA TYPE IN MAINFRAMES
While modern compilers can emulate binary data type, there might be issues
during data movement or comparsions. Using binary data type should be avoided.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SGM_5.1.0/com.ibm.cobol51.aix.doc/PGandLR/ref/rlddeusa.html
IBM Mainframes
Agnostic
AVOID USING CA PANVALET COMMAND IN MAINFRAMES SPECIFIC OF Z/OS
CA-Panvalet is a revision control and source code management system for
mainframe computers such as the IBM System z and IBM System/370 running the z/OS
and z/VSE operating systems. CA Panvalet commands are specific to z/OS and not
applicable to Cloud-base / Open Source platforms.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSPSQF_9.1.0/com.ibm.etools.rdz.language.editors.doc/topics/czdinc.html
IBM Mainframes
Agnostic
AVOID USING CURRENCY SIGN CLAUSE IN MAINFRAMES SPECIFIC TO Z/OS
The CURRENCY SIGN clause affects numeric-edited data items whose PICTURE
character-strings contain a currency symbol. It is specific to z/OS.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSQ2R2_9.1.1/com.ibm.ent.cbl.zos.doc/PGandLR/tasks/tpari50.html
IBM Mainframes
Agnostic
AVOID USING DECIMAL POINT IS A COMMA CLAUSE IN MAINFRAMES SPECIFIC TO Z/OS
The DECIMAL-POINT IS COMMA clause exchanges the functions of the period and the
comma in PICTURE character-strings and in numeric literals. It is specific to
z/OS.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://software.fujitsu.com/jp/manual/manualfiles/m150010/b1wd3365/01enz200/b3365-00-01-15-00.html
Execution Environment
Agnostic
AVOID USING DEPRECATED MYSQL COMMANDS
This pattern verifies in source code (.php) the presence of deprecated MySQL
commands (mysql_connect, mysql_select_db, mysql_close). As deprecated commands
might be interrupted in the future, they should be replaced by currenlty
supported commands (mysqli or PDO).
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.php.net/manual/en/pdo.connections.php
https://stackoverflow.com/questions/21797118/deprecated-mysql-connect
https://dev.mysql.com/doc/apis-php/en/apis-php-function.mysqli-connect.html
IBM Mainframes
Agnostic
AVOID USING DL/I CALLS
Using DL/I calls IMS DB
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSGMCP_5.3.0/com.ibm.cics.ts.applicationprogramming.doc/topics/dfhp3_cobol_dlicall.html
IBM Mainframes
Agnostic
AVOID USING DOUBLE BYTE CHARACTER IN MAINFRAMES
Double Byte character set uses more than one byte to represent single charcter.
Languages such as Chinese, Japanese, and Korean use DBCS.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_72/rzasb/int23a.htm
https://www.microfocus.com/documentation/visual-cobol/vc50pu3/EclWin/HRLHLHPDF70E.html
https://www.microfocus.com/documentation/visual-cobol/VC23/EclWin/HHNLCHUNIC04.html
https://www.ibm.com/support/knowledgecenter/en/SS6SG3_4.2.0/com.ibm.entcobol.doc_4.2
https://stackoverflow.com/questions/5959709/cobol-question-unicode
IBM Mainframes
Agnostic
AVOID USING GOTO STATEMENTS IN MAINFRAMES
Using GOTO statements are generally difficult to understand and may lead to
infinite loops. It also violates the principles of encapsulation and locality of
reference. It is recommended to convert GOTO to PERFORM.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SGM_5.1.0/com.ibm.cobol51.aix.doc/PGandLR/ref/rlpsgotoa.html
Security & User Authentication
Agnostic
AVOID USING HARDCODED URLS (FTP PROTOCOL) IN SOURCE CODE
This pattern verifies the corresponding Cloud blocker in the source code of an
application.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
Agnostic
AVOID USING HARDCODED URLS (HTTP PROTOCOL) IN SOURCE CODE
This patterns verifies in source code the presence of hardcoded URLs using the
HTTP protocol (HTTP/HTTPS). This URL would need to be replaced by the new
resource's URL during the Cloud migration, if any change occured.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
Agnostic
AVOID USING HARDCODED URLS (LDAP PROTOCOL) IN SOURCE CODE
This patterns verifies in source code the presence of hardcoded URLs using the
LDAP protocol (LDAP/LDAPS). This URL would need to be replaced by the new
resource’s URL during the Cloud migration, if any change occured.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
AVOID USING HEXADECIMAL CONSTANTS IN MAINFRAMES
EBCDIC which stands for the Extended Binary Coded Decimal Interchange Code, is
an 8 bit character encoding used on IBM mainframes and AS/400s. List of all the
EBCIDIC characters to be checked is the following link column 2(h):
http://ascii-table.com/ebcdic-table.php EBCIDIC charcters should be detected and
converted in order to support Open Source platforms.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
http://ascii-table.com/ebcdic-table.php
IBM Mainframes
Agnostic
AVOID USING OCCURS CLAUSE IN MAINFRAMES
The OCCURS clause is used to define COBOL internal table. There is no array
concept in RDBMs. Translation in modernized environment needs to be taken care.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SG3_4.2.0/com.ibm.entcobol.doc_4.2/PGandLR/tasks/tptbl03.htm
IBM Mainframes
Agnostic
AVOID USING PACKED DECIMAL UNIQUE WAY OF REPRESENTATION OF DECIMAL DATA IN
MAINFRAMES
Packed Decimal is unique way of representation of decimal data in mainframes.
While modern compilers can emulate packed decimal, there is no equivalent of
packed decimal in open systems. There might be issues during data movement or
comparsions.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SGM_5.1.0/com.ibm.cobol51.aix.doc/PGandLR/ref/rlddeusa.html
IBM Mainframes
Agnostic
AVOID USING REDEFINES CLAUSE IN MAINFRAMES
The REDEFINES clause allows to use different data description entries to
describe the same computer storage area. Relational databases (e.g DB2) don’t
offer such a functionality, so each redefinition must be mapped to a different
structure.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SS6SG3_4.2.0/com.ibm.entcobol.doc_4.2/PGandLR/ref/rlddered.htm
IBM Mainframes
Agnostic
AVOID USING THE SYSIBM.SYSDUMMY1 DUMMY TABLE IN MAINFRAMES
SYSIBM.SYSDUMMY1 is a dummy table with one row. Normally used to extract current
date, timestamp, DB2 Version etc. SYSIBM.SYSDUMMY1 does not exist in Cloud-based
relational databases.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSEPEK_10.0.0/sqlref/src/tpc/db2z_bif_days.html
Sensitive Data Storage Protection
Agnostic
AVOID USING UNSECURED DATABASE CONNECTION STRINGS
Security is a key factor in the Cloud as the applications are more exposed and
inter-connected. This pattern verifies in source code (C# and VB/VB.Net) the
presence of SQL database unsecured connection strings. This blocker is triggered
when a database connection string is found during the code scan without any of
the patterns used to secure this connection.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string-builders
Persistent Files
Agnostic
PERFORM DIRECTORY MANIPULATION
Manipulating local directories requires specific permissions and usually assumes
a predefined directory structure exists. In the Cloud, it is not possible to
make such assumptions. If your application requires to create, delete or modify
folders, implementing IAM (Identity & Access Management) solutions should be
considered.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE
Container applications should not assume the local file system is accessible, as
the directory structure might be different from a traditional desktop or server
machine and/or the application may not have sufficient rights to access the
local file system. Instead, use relative paths to application resources (e.g.
../../reporting/reportBuilder.xml). Use the CAST Highlight output listing all
your code files declaring dependencies to the filesystem. Review the
dependencies in each file. When persistence is needed, the local file system
should be created using either volumes (preferred) or bind mounts (for sharing
configuration files). Volumes need then to be mounted into the containers that
will need it. Note: When many roadblocks are identified for this blocker, they
may be addressed holistically with one remediation.
REFERENCES
https://docs.docker.com/storage/
https://www.baeldung.com/ops/docker-container-filesystem
https://medium.com/@BeNitinAgarwal/docker-containers-filesystem-demystified-b6ed8112a04a
REFERENCES
https://cloud.google.com/resource-manager/docs/creating-managing-folders
Persistent Files
Agnostic
PERFORM FILE MANIPULATION
Manipulating local files requires specific permissions and usually assumes the
file will be persisted over time. In the Cloud, because the underlying
infrastructure can be moved or removed, it is not possible to make such
assumptions. Instead of using the file system, store your temporary information
in a dedicated Cloud-based storage or in a NoSQL database.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE
Container applications should not assume the local file system is accessible, as
the directory structure might be different from a traditional desktop or server
machine and/or the application may not have sufficient rights to access the
local file system. Instead, use relative paths to application resources (e.g.
../../reporting/reportBuilder.xml). Use the CAST Highlight output listing all
your code files declaring dependencies to the filesystem. Review the
dependencies in each file. When persistence is needed, the local file system
should be created using either volumes (preferred) or bind mounts (for sharing
configuration files). Volumes need then to be mounted into the containers that
will need it. Note: When many roadblocks are identified for this blocker, they
may be addressed holistically with one remediation.
REFERENCES
https://docs.docker.com/storage/
https://www.baeldung.com/ops/docker-container-filesystem
https://medium.com/@BeNitinAgarwal/docker-containers-filesystem-demystified-b6ed8112a04a
REFERENCES
https://blog.codingoutloud.com/2011/06/12/azure-faq-can-i-write-to-the-file-system-on-windows-azure/
Security & User Authentication
Agnostic
USE OF AN UNSECURED DATA STRING
This pattern verifies the presence in source code (Java, C#, VB/VB.net) of
sensitive data strings: String variables containing typical keywords like
password, pwd, user, username, uid, auth, db, database, account String
containing a private key String containing a certificate String containing a JWT
token
CRITICALITY
Blocker Critical
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://security.web.cern.ch/recommendations/en/password_alternatives.shtml
https://www.appmarq.com/public/security,1020104,Avoid-hardcoded-passwords-Javascript
Execution Environment
Azure
USE OF DATABASE DRIVER INCOMPATIBILITY (PDO_DBLIB)
This pattern verifies the corresponding Cloud blocker in the source code of an
application.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Security & User Authentication
Agnostic
USE OF LDAP/AD AUTHENTICATION
Use of Active Directory / LDAP authentication is not fully compatible with cloud
providers (AWS, Azure...)
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Execution Environment
Agnostic
USE OF SENDMAIL UTILITY ON PAAS INSTEAD OF SPECIFIC EMAIL SENDING LIBRARY
This pattern verifies the corresponding Cloud blocker in the source code of an
application.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Security & User Authentication
Agnostic
USE OF WCF (WINDOWS COMMUNICATION FOUNDATION) SERVICES
The Windows Communication Foundation (WCF), previously known as Indigo, is a
free and open-source runtime and a set of APIs in the .NET Framework for
building connected, service-oriented applications. For Azure, most ASP.NET
websites (Webforms, MVC) and services (Web API, WCF) can move directly to Azure
App Service with no changes. Some may need minor changes while others may need
some refactoring. For AWS, AWS Elastic Beanstalk or AWS Toolkit for Visual
Studio can help for WCF projects migration.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://docs.microsoft.com/en-us/dotnet/framework/wcf/hosting-services#managed-windows-services
https://docs.microsoft.com/en-us/dotnet/framework/wcf/configuring-services-using-configuration-files
https://docs.microsoft.com/en-us/dotnet/azure/migration/app-service
https://forums.aws.amazon.com/thread.jspa?threadID=88264
Code Execution
Azure
USING FUNCTIONS FN_GET_SQL, FN_VIRTUALFILESTATS, FN_VIRTUALSERVERNODES -
UNSUPPORTED IN AZURE SQL DATABASE
Functions ‘fn_get_sql’, ‘fn_virtualservernodes’ are not supported functions in
Azure SQL Database. They should be removed or replaced by equivalent functions
supported in Azure.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-my-permissions-transact-sql
Inter Application Messaging
Agnostic
USING A MIDDLEWARE APPLICATION
Existing application may use asynchronous messaging middleware that enables to
send data between decoupled systems. Most of the time, these messaging
environments are not natively integrated in PaaS services and should be replaced
by Cloud-based solutions. Identifying upfront and at the portfolio level the
applications using such components is key to anticipate, plan and optimize
technical tasks of the migration.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE
Existing application may use asynchronous messaging middleware that enables to
send data between decoupled systems. These messaging environments need to be
isolated into their own container in order to have a release cycle independent
from the applications relying on the messaging queues. Use the CAST Highlight
output listing all your code files declaring dependencies to messaging
middlewares. Review the dependencies in each file. The messaging environment
needs to be instantiated as part of a dedicated container. Create a docker image
based on the publicly available image from the framework of your choice and
configure it through a Dockerfile.
REFERENCES
https://medium.com/@codescrum/microservices-with-rabbitmq-and-docker-2bbe26c3fc55
https://hub.docker.com/_/rabbitmq https://hub.docker.com/r/ibmcom/mq/
https://docs.tibco.com/pub/bwce/2.4.1/doc/html/GUID-E1609C4C-BCA4-4D04-8E5B-503FE3166B89.html
https://techcommunity.microsoft.com/t5/containers/hello-world-msmq-from-windows-containers/ba-p/382422
REFERENCES
https://www.ibm.com/blogs/systems/middleware-in-the-cloud-era-of-it-infrastructure/
https://azure.microsoft.com/en-us/documentation/articles/service-bus-fundamentals-hybrid-solutions/
Temporary Files
Agnostic
USING A TEMPORARY LOCAL FILE OR DIRECTORY
Manipulating temporary files on the local file-system requires specific
permissions which may not be available in a Cloud environment.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Low
Migration Impact CONTAINER ONLY
Use the CAST Highlight output listing all your code files declaring dependencies
to temporary files mechanisms. Review the dependencies in each file. Consider
mounting a tmpfs volume to increase performance.
REFERENCES
https://stackoverflow.com/questions/52658113/how-to-manage-temporary-files-in-docker
REFERENCES
https://dennymichael.net/2013/07/24/create-local-storage-on-cloud-services-to-store-temporary-files/
Access Control List
Agnostic
USING ACCESS CONTROL LIST
When migrating an application to the Cloud, capabilities offered by PaaS
services should be leveraged in order to make your apps more scalable,
resilient, available… This is especially true for systems storing and
administrating files that your application may need to access, create, update,
process, etc. As Cloud-based file storage services use their own ACL mechanisms
(AWS S3, Google Cloud Storage, Azure Storage, etc.), you’ll need to adapt the
way your application manages file access & permissions when designing the
targeted architecture and ensure the configuration of accesses in the Cloud
corresponds to the same as it was when running on your premise. This migration
step is quite sensitive from a security standpoint as the application will be
running out of your premise. Permissions should be tested in depth in order to
detect possible cases of over-exposed of files. As a migration task, you should
identify within your application the usage of file access related functions and
adapt to the targeted Cloud-based storage service.
CRITICALITY
Blocker Critical
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
https://cloud.google.com/storage/docs/access-control/create-manage-lists
https://medium.com/@benlaurie_18378/how-to-ruin-a-perfectly-good-container-d33250fca595
Data Encryption Key
Agnostic
USING AUTO GENERATED MACHINE KEY
From a software engineering standpoint, and especially in the Cloud,
applications should be developed like we don’t know what is the underlying
infrastructure. Using this configuration setting to encrypt or decrypt keys
should be avoided. Instead, it is recommended using a cloud-based encryption
mechanism. This CloudReady pattern verifies the presence of validationKey
attribute in machineKey tag of .config files, containing “AutoGenerate”.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-3.0/w8h3skw9(v=vs.85)
Code Execution
VMWare Tanzu
USING CDI BEANS CONFIGURATION
If you’re envisioning moving your application to Pivotal CloudFoundry, it is
recommended to convert CDI beans configuration to Spring-based application
configuration. This pattern verifies the presence of a bean tag in beans.xml,
having an xmlnx attribute initialized.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://github.com/Pivotal-Field-Engineering/ephemerol/blob/master/ephemerol-react/public/default-rulebase.yml
https://content.pivotal.io/blog/how-do-i-migrate-applications-to-pivotal-cloud-foundry
Code Execution
Agnostic
USING COM COMPONENTS
Use of COM (Component Object Model) components is discouraged in the Cloud
because they must be installed on the Cloud platform, thus requiring specific
administrator privileges. Additionally, there are several execution modes for
COM components which may not all be supported in the Cloud. Application services
generally don’t configure any web framework settings to restricted modes such as
“full” trust. Web frameworks, including both classic ASP and ASP.NET, can call
in-process COM components (but not out of process COM components) like ADO
(ActiveX Data Objects) that are registered by default on the Windows operating
system. Applications can spawn and run arbitrary code. It is allowable for an
app to do things like spawn a command shell or run a PowerShell script. However,
executable programs and scripts are still restricted to the privileges granted
to the parent application pool. Identified Tasks: - Validate the application
privileges prerequisites - Replace unsupported components with in-process
equivalent and supported libraries.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality High
Migration Impact CONTAINER ONLY
Use the CAST Highlight output listing all your code files declaring dependencies
to COM components. Review the dependencies in each file. Edit the Dockerfile to
copy all required and compatible COM components to the container and execute
registration (regsvr32). Note: c:\Windows\SysWOW64\msvbvm60.dll might be
required to include in the container for the registration to work. For
incompatible COM components, find alternatives and replace.
REFERENCES
https://docs.microsoft.com/en-us/visualstudio/install/advanced-build-tools-container?view=vs-2019
https://stackoverflow.com/questions/54502335/how-to-register-com-components-inside-docker-as-regsvr32-command-executes-succes
Example command with MSI components
https://github.com/dotnet-architecture/eShopModernizing/wiki/02.-How-to-containerize-the-.NET-Framework-web-apps-with-Windows-Containers-and-Docker
Example command with DLL components
https://forums.docker.com/t/windows-application-32-bit-com-dll-registration/47205/8″
REFERENCES
https://azure.microsoft.com/en-us/documentation/articles/web-sites-available-operating-system-functionality
Data Encryption Key
Agnostic
USING CRYPTO API
Data confidentiality and protection is key aspects of Cloud systems and should
rely on encryption services provided by the Cloud platform instead of using
technology-based mechanisms such as .NET’s Crypto API.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://msdn.microsoft.com/en-us/magazine/ee291586.aspx
Sensitive Data Storage Protection
Agnostic
USING DIRECT DATABASE ACCESS THROUGH CONNECTION STRINGS
Database connection strings are very sensitive data in a Cloud application as
they protect access to data storage or other application services. As a result,
connection strings must be protected to prevent data theft. It is recommended to
store this kind of sensitive data in a secured cloud-based storage such (e.g.
Azure Key Vault, AWS CloudHSM, etc.)
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Low
Migration Impact CONTAINER ONLY
Connection strings must be protected to prevent data theft. It is recommended to
store this kind of sensitive data in a secured cloud-based storage like Azure
Key Vault. Use the CAST Highlight output listing all your code files declaring
unsecure connection strings. Review the dependencies in each file. Ensure the
Secrets Store CSI Driver and the Azure Keyvault Provider are installed on your
Kubernetes. Create a new Azure Key Vault resource or use an existing one. Update
your container configuration to include the CSI driver and the ID of your Key
Vault resource.
REFERENCES
https://docs.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security#:~:text=You%20can%20integrate%20Azure%20Key,only%20to%20the%20requesting%20pod.
https://github.com/Azure/secrets-store-csi-driver-provider-azure#usage
https://microsoft.github.io/AzureTipsAndTricks/blog/tip245.html
REFERENCES
https://www.hanselman.com/blog/BestPracticesForPrivateConfigDataAndConnectionStringsInConfigurationInASPNETAndAzure.aspx
https://stackoverflow.com/questions/11211007/how-do-you-pass-custom-environment-variable-on-amazon-elastic-beanstalk-aws-ebs
Application Logs
Agnostic
USING EVENTLOG IN SYSTEM.DIAGNOSTICS NAMESPACE
Using EventLog solution from System.Diagnostic could lead to some non
compliance, in terms or privilege access or resource, depending on the
situation. Logging to the Event Log is not recommended for Cloud native apps.
Consider refactoring to use a ConsoleTraceListener with the System.Diagnostics
logging system and/or use a Cloud-based logging system. Usage of Microsoft’s
EventLog is detected if specific patterns are detected in the source code or in
application configuration files (see pattern details below).
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process?redirectedfrom=MSDN&view=netframework-4.8
Execution Environment
Agnostic
USING FILE SYSTEM
Cloud applications should not assume the local file system is accessible, as the
directory structure might be different from a traditional desktop or server
machine and/or the Cloud application may not have sufficient rights to access
the local file system. Instead, use relative paths to application resources
(e.g. ../../reporting/reportBuilder.xml). Depending on your application context
and the Cloud platform where it is deployed, you could also consider using
functions or classes like LocalResources to dynamically resolve file paths.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE
Container applications should not assume the local file system is accessible, as
the directory structure might be different from a traditional desktop or server
machine and/or the application may not have sufficient rights to access the
local file system. Instead, use relative paths to application resources (e.g.
../../reporting/reportBuilder.xml). Use the CAST Highlight output listing all
your code files declaring dependencies to the filesystem. Review the
dependencies in each file. Also assess if this file system dependency for
execution will be needed by multiple containers. If it is the case, consider the
use of volumes instead of writable layers. Note: When many roadblocks are
identified for this blocker, they may be addressed holistically with one
remediation.
REFERENCES
https://docs.docker.com/storage/
https://www.baeldung.com/ops/docker-container-filesystem
https://medium.com/@BeNitinAgarwal/docker-containers-filesystem-demystified-b6ed8112a04a
REFERENCES
https://en.wikipedia.org/wiki/Distributed_file_system_for_cloud
https://stackoverflow.com/questions/11687903/could-not-find-a-part-of-the-path-on-windows-azure
http://www.linux-france.org/article/sys/fichiers/fichiers-2.html
Code Execution
Azure
USING FUNCTION ALTER DATABASE - UNSUPPORTED IN AZURE SQL DATABASE
The SQL statement ‘ALTER DATABASE’ is not supported in Azure SQL Database.
Instead, use the dedicated statement syntax statement for an Azure SQL Database
context. When used in on-premise SQL databases, the ‘ALTER DATABASE’ statement
modifies a database, or the files and filegroups associated with the database.
Adds or removes files and filegroups from a database, changes the attributes of
a database or its files and filegroups, changes the database collation, and sets
database options. Database snapshots cannot be modified.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-transact-sql
https://docs.microsoft.com/en-us/sql/t-sql/statements/alter-database-azure-sql-database
Code Execution
Azure
USING FUNCTION CREATE CREDENTIAL - UNSUPPORTED IN AZURE SQL DATABASE
The SQL statement ‘CREATE CREDENTIAL’ is not supported in Azure SQL Database as
it creates server-level database credentials. Instead, use database-scoped
credentials. When used in on-premise SQL databases, the ‘CREATE CREDENTIAL’
statement creates a server-level credential. A credential is a record that
contains the authentication information that is required to connect to a
resource outside SQL Server. Most credentials include a Windows user and
password. For example, saving a database backup to some location might require
SQL Server to provide special credentials to access that location. To make the
credential at the database-level use CREATE DATABASE SCOPED CREDENTIAL
(Transact-SQL). Use a server-level credential when you need to use the same
credential for multiple databases on the server. Use a database-scoped
credential to make the database more portable. When a database is moved to a new
server, the database scoped credential will move with it. Use database scoped
credentials on SQL Database.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/t-sql/statements/create-credential-transact-sql
https://docs.microsoft.com/en-us/sql/t-sql/statements/create-database-scoped-credential-transact-sql
Code Execution
Azure
USING FUNCTION FN_MY_PERMISSIONS - UNSUPPORTED IN AZURE SQL DATABASE
Using ‘sys.fn_my_permissions’ is not a supported function in Azure SQL Database.
It should be removed or replaced by an equivalent functions that is supported in
Azure. When used on on-premise SQL databases, this function returns a list of
the permissions effectively granted to the principal on a securable. A related
function is HAS_PERMS_BY_NAME (which is supported on Azure SQL Database).
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-my-permissions-transact-sql
Code Execution
Azure
USING FUNCTION SP_ADDMESSAGE - UNSUPPORTED IN AZURE SQL DATABASE
Using ‘sys.fn_my_permissions’ is not a supported function in Azure SQL Database.
It should be removed or replaced by an equivalent function supported in Azure.
When used on on-premise SQL databases, this function stores a new user-defined
error message in an instance of the SQL Server Database Engine. Messages stored
by using sp_addmessage can be viewed by using the sys.messages catalog view.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-addmessage-transact-sql
Code Execution
Azure
USING FUNCTIONS OPENQUERY, OPENROWSET, OPENDATASOURCE - UNSUPPORTED IN AZURE SQL
DATABASE
OPEN SQL functions such as ‘OPENQUERY’, ‘OPENROWSET’ and ‘OPENDATASOURCE’ are
not supported functions in Azure SQL Database. They should be removed or
replaced by equivalent functions supported in Azure.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/fr-fr/sql/t-sql/functions/openquery-transact-sql
https://docs.microsoft.com/fr-fr/sql/t-sql/functions/openrowset-transact-sql
https://docs.microsoft.com/en-us/sql/t-sql/functions/opendatasource-transact-sql
Security & User Authentication
Agnostic
USING HARDCODED NETWORK IP ADDRESS (IPV4, IPV6)
From a software engineering standpoint, and especially in the Cloud,
applications should be developed like we don’t know what is the underlying
infrastructure. Using, calling or referencing remote resources by using
hardcoded IP addresses should be avoided as they can regularly change. Instead,
it is recommended using domain names or eventually store IP addresses in a
configuration file. This CloudReady pattern verifies the presence of IPV4 or
IPV6 addresses in the source code.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
CONTAINERIZATION
Criticality Medium
Migration Impact CODE
Container applications should not assume the network access will be similar than
on-premises, as its structure or firewall rules might be different. Hardcoded IP
addresses are to be avoided in general. Use the CAST Highlight output listing
all your code files declaring hardcoded IP addresses. Review the dependencies in
each file. If these dependencies are internal to your organization and reflect
the current layout of your application portfolio, replace the hardcoded IPs with
domain-based addressing.
REFERENCES
https://www.greenhousedata.com/blog/what-to-know-about-ip-addresses-before-your-cloud-migration
REFERENCES
https://www.greenhousedata.com/blog/what-to-know-about-ip-addresses-before-your-cloud-migration
Execution Environment
VMWare Tanzu
USING IBM WEBSPHERE
If you’re envisioning moving your application to Pivotal CloudFoundry, it is
recommended to move away from container-specific APIs to portal APIs such as
Spring. This pattern verifies the presence of Websphere imports or configuration
files such as ibm-application-bnd.xmi, ibm-application-bnd.xml,
ibm-ejb-jar-bnd.xmi, ibm-ejb-jar-bnd.xml, etc.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://github.com/Pivotal-Field-Engineering/ephemerol/blob/master/ephemerol-react/public/default-rulebase.yml
https://content.pivotal.io/blog/how-do-i-migrate-applications-to-pivotal-cloud-foundry
Security & User Authentication
Agnostic
USING IMPERSONATE IDENTITY
The primary reason for impersonation is to cause access checks to be performed
against the client’s identity. Using the client’s identity for access checks can
cause access to be either restricted or expanded, depending on what the client
has permission to do. For example, suppose a file server has files containing
confidential information, and each of these files is protected by a DACL. To
prevent a client from obtaining unauthorized access to information in these
files, the service can impersonate the client before accessing the files. Some
on-premise applications may rely on executing code with the identity of the
actual Windows user. This requires a corresponding user account has been created
on the platform, which is not possible in a Cloud environment. User
authentication should be replaced by a Cloud-based and OS-agnostic identity &
access management solution such as Active Directory.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://msdn.microsoft.com/en-us/library/134ec8tc.aspx
Execution Environment
VMWare Tanzu
USING JBOSS APPLICATION SERVER
There is no JBoss runtime natively available on CloudFoundry so you cannot push
them directly. As JBoss is not available, the app configuration should be
converted to a Spring-based application configuration.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://stackoverflow.com/questions/12634486/cloudfoundry-jboss-support
https://content.pivotal.io/blog/how-do-i-migrate-applications-to-pivotal-cloud-foundry
Execution Environment
VMWare Tanzu
USING JEE CONFIGURATION
If you’re envisioning moving your application to Pivotal CloudFoundry, it is
recommended to move away from JEE-specific configurations to Spring-based
application configuration. This pattern verifies the presence of JEE
configuration files such as application.xml, webservices.xml, etc.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://github.com/Pivotal-Field-Engineering/ephemerol/blob/master/ephemerol-react/public/default-rulebase.yml
https://content.pivotal.io/blog/how-do-i-migrate-applications-to-pivotal-cloud-foundry
Application Logs
Agnostic
USING LOG4NET FOR APPLICATION LOGS
For more resilient, scalable and powerful leverage of application and telemetry
logs, logs and log analytic services should be replaced by a Cloud-based service
(e.g. AppInsights on Azure, CloudWatch Log Insights on AWS…).
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://www.techradar.com/best/best-cloud-logging-services
Execution Environment
VMWare Tanzu
USING NEW PROCESS IN SYSTEM.DIAGNOSTICS NAMESPACE
Launching additional processes within a container is not recommended. Consider
refactoring this code to either embed the functionality, or establish a separate
service. Apps can spawn and run arbitrary code. It is allowable for an app to do
things like spawn a command shell or run a PowerShell script. However, even
though arbitrary code and processes can be spawned from an app, executable
programs and scripts are still restricted to the privileges granted to the
parent application pool.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Security & User Authentication
Agnostic
USING OF UNSECURE NETWORK PROTOCOLS (HTTP, FTP)
Using secured protocols such as HTTPS and SFTP (over HTTP and FTP) should now be
the norm as applications are more and more exposed and interconnected. This
CloudReady patterns looks for unescured URI in the source code. Ideally, URLs
should be replaced in your source code by secured protocols HTTPS and SFTP (and
ensure the infrastructure implements these protocols for the resources your
application calls, uses or references).
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
CONTAINERIZATION
Criticality Low
Migration Impact CODE
Using secured protocols such as HTTPS and SFTP (over HTTP and FTP) should now be
the norm as applications are more and more exposed and interconnected. Use the
CAST Highlight output listing all your code files declaring use of unsecure
protocols. Review the dependencies in each file. For each occurence, establish
if it is a connection made to an internal service (owned by your organization)
or an external service. If the service is external and supports secured
protocols, switch over to secure mode. If the service is internal, work with the
corresponding team to support a secure channel.
REFERENCES
REFERENCES
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https
https://www.ssh.com/ssh/sftp/
Security & User Authentication
Agnostic
USING OF WINDOWS AUTHENTICATION
This pattern verifies the corresponding Cloud blocker in the source code of an
application.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Execution Environment
VMWare Tanzu
USING ORACLE WEBLOGIC
If you’re envisioning moving your application to Pivotal CloudFoundry, it is
recommended to move away from container-specific APIs to portal APIs such as
Spring. This pattern verifies the presence of WebLogic imports or configuration
files such as weblogic.xml, weblogic-application.xml, etc.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://github.com/Pivotal-Field-Engineering/ephemerol/blob/master/ephemerol-react/public/default-rulebase.yml
Application Settings Configuration
Agnostic
USING OTHER CONFIGURATION FILES THAN WEB CONFIGURATION
Storing application settings in external files other than web.config and that
are not manageable in the Cloud platform is not recommended as such settings
will not be easily changeable.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
CONTAINERIZATION
Criticality Low
Migration Impact CONTAINER ONLY
Storing application settings in external files other than web.config and that
are not manageable is not recommended as such settings will not be easily
updated. Use the CAST Highlight output listing all your config files. Review
each to confirm they are needed as part of the container deployment. Use docker
configs to centralize and use configuration templates.
REFERENCES
https://docs.docker.com/engine/swarm/configs/
REFERENCES
https://stackoverflow.com/questions/10961862/its-possible-to-have-one-web-config-specific-to-windows-azure
Code Execution
Azure
USING SEMANTICKEYPHRASETABLE (SEMANTIC SEARCH) - UNSUPPORTED IN AZURE SQL
DATABASE
Using semantic search (SEMANTICKEYPHRASETABLE) is not a supported function in
Azure SQL Database. It should be removed or replaced by an equivalent function
or service supported in Azure. When used on on-premise SQL databases, this
function returns a table with zero, one, or more rows for key phrases associated
with the specified columns in the specified table. This rowset function can be
referenced in the FROM clause of a SELECT statement as if it were a regular
table name.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en/sql/relational-databases/system-functions/semantickeyphrasetable-transact-sql
Persistent Files
Agnostic
USING STATEFUL SESSION (SERVLET)
For modern applications running in the Cloud, it is not recommended to be
stateful, especially for sessions as they’re not scalable, and are generally
harder to replicate and fix bugs (server-side). Ideally, stateful sessions
should be replaced by stateless and client-side mechanisms such as cookies,
client cache (e.g. Redis, memcache…) or in an external cloud-based storage. This
is an important architectural constraint of microservices-style applications, as
it enables resiliency, elasticity, and allows any available service instance to
execute any task.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality High
Migration Impact ARCHITECTURE CODE
For modern applications running in the Cloud, it is not recommended to be
stateful, especially for sessions as they’re not scalable, and are generally
harder to replicate and fix bugs (server-side). Ideally, stateful sessions
should be replaced by stateless and client-side mechanisms such as cookies,
client cache (e.g. Redis, memcache…) or in an external cloud-based storage. Use
the CAST Highlight output listing all your code files declaring dependencies to
stateful sessions. Review the dependencies in each file. Modify the application
to support a stateless architecture, which often requires a deep refactoring.
REFERENCES
https://ultimatecourses.com/blog/stateful-stateless-components
REFERENCES
https://nordicapis.com/defining-stateful-vs-stateless-web-services/
https://toddmotto.com/stateful-stateless-components
Persistent Files
Agnostic
USING STATEFUL SESSION (SPRING)
For modern applications running in the Cloud, it is not recommended to be
stateful, especially for sessions as they’re not scalable, and are generally
harder to replicate and fix bugs (server-side). Ideally, stateful sessions
should be replaced by stateless and client-side mechanisms such as cookies,
client cache (e.g. Redis, memcache…) or in an external cloud-based storage. This
is an important architectural constraint of microservices-style applications, as
it enables resiliency, elasticity, and allows any available service instance to
execute any task.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
REFERENCES
https://nordicapis.com/defining-stateful-vs-stateless-web-services/
https://toddmotto.com/stateful-stateless-components
Execution Environment
Agnostic
USING SYSTEM DLLS
Cloud/PaaS applications must be OS-agnostic as much as possible and should not
rely on OS-specific features (such as system DLLs in a Windows environment),
which may not be available on the Cloud environment as the underlying operating
system (in this specific case, Windows) may change over time. In some cases, you
can remediate this by using compatibility libraries that make one operating
system “look” like another. However, avoid the OS-specific dependencies as much
as you can, and rely instead on services that are provided by your service
providers.
CRITICALITY
Blocker High
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality High
Migration Impact CONTAINER ONLY
Use the CAST Highlight output listing all your code files declaring dependencies
to DLLs. Review the dependencies in each file. Edit the Dockerfile to copy all
required and compatible DLLs to the container and execute registration
(regsvr32) if needed. Note: c:\Windows\SysWOW64\msvbvm60.dll might be required
to include in the container for the registration to work. For incompatible DLL
components, find alternatives and replace.
REFERENCES
https://docs.microsoft.com/en-us/visualstudio/install/advanced-build-tools-container?view=vs-2019
https://stackoverflow.com/questions/54502335/how-to-register-com-components-inside-docker-as-regsvr32-command-executes-succes
Example command with MSI components
https://github.com/dotnet-architecture/eShopModernizing/wiki/02.-How-to-containerize-the-.NET-Framework-web-apps-with-Windows-Containers-and-Docker
Example command with DLL components
https://forums.docker.com/t/windows-application-32-bit-com-dll-registration/47205/8
REFERENCES
https://www.ibm.com/developerworks/websphere/techjournal/1404_brown/1404_brown.html
Scheduled Services & Tasks
VMWare Tanzu
USING SYSTEM.SERVICEPROCESS (WINDOWS SERVICES)
The System.ServiceProcess namespace provides classes that allow to implement,
install, and control Windows service applications. In the Cloud, we cannot
assume that the underlying Operating System will be Windows. As a result,
Windows-specific services should be migrated.
CRITICALITY
Blocker None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
Code Execution
Azure
USING USE STATEMENT - UNSUPPORTED IN AZURE SQL DATABASE
The SQL statement ‘USE’ is not supported in Azure SQL Database. It should be
removed or replaced by equivalent functions supported in Azure. When used in
on-premise SQL databases, the ‘USE’ statement changes the database context to
the specified database or database snapshot in SQL Server. In Azure SQL
Database, the database parameter can only refer to the current database. If a
database other than the current database is provided, the USE statement does not
switch between databases, and error code 40508 is returned. To change databases,
you must directly connect to the database.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/sql/t-sql/language-elements/use-transact-sql
Security & User Authentication
Agnostic
USING WEBFORM AUTHENTICATION
Using “Web Forms” authentication requires that user accounts and passwords be
created and managed in a storage such as a database. This mechanism does not
offer the flexibility of claims-based authentication and should not be used in
Cloud applications. Ideally, user authentication should be replaced by a
Cloud-based and OS-agnostic identity & access management solution such as Active
Directory.
CRITICALITY
Blocker Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
ARCHITECTURE CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact ARCHITECTURE CODE
Using “Web Forms” authentication requires that user accounts and passwords be
created and managed in a storage such as a database. This mechanism does not
offer the flexibility of claims-based authentication and should not be used in
Cloud applications. Use the CAST Highlight output listing all your code files
declaring Webform Authentication dependencies. Review the dependencies in each
file. Refactor the app to be AD-integrated and leverage Active Directory domain
identities to support your authentication scenario. To achieve this, you can
configure a Windows container to run with a group Managed Service Account
(gMSA), which is a special type of service account introduced in Windows Server
2012 designed to allow multiple computers to share an identity without needing
to know its password.
REFERENCES
Registry Settings
Agnostic
USING WINDOWS REGISTRY TO STORE APPLICATION SETTINGS
Application settings must not be defined in OS-specific storage such as Windows
Registry, as in the Cloud the operating system is not guaranteed to be the same
from a server to another. In addition, on Windows-based Cloud resources,
write-access to the registry is generally blocked, including access to any
per-user registry keys. From the app’s perspective, write access to the registry
should never be relied upon in the Cloud environment since apps can (and do) get
migrated across different virtual machines. These application settings should be
stored in a Cloud-based and OS-agnostic service.
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
MIGRATION IMPACT
CODE FRAMEWORK
Migration impact levels indicate the different layers of your application that
you should modify or fix, in order to comply with Cloud-oriented programming
best practices and remove the identified roadblocks.
CONTAINERIZATION
Criticality Medium
Migration Impact CONTAINER ONLY
Application settings must not be defined in OS-specific storage such as Windows
Registry, as in the container the operating system is not guaranteed to be the
same. Use the CAST Highlight output listing all your code files declaring
registry dependencies. Review the dependencies in each file. Create a .reg file
containing all the entries required by the application. Edit the Dockerfile to
copy this file inside the container on creation and add the registry entries.
REFERENCES
https://stackoverflow.com/questions/46274898/in-docker-for-windows-how-can-i-add-registry-entries-in-bulk-while-building-my
REFERENCES
https://docs.microsoft.com/en-us/azure/app-service/web-sites-available-operating-system-functionality
https://www.ibm.com/developerworks/websphere/techjournal/1404_brown/1404_brown.html
https://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/
Sensitive Data Storage Protection
Agnostic
[DEPRECATED] USE OF AN UNSECURED API
ASP.NET applications translate Active Directory groups into roles which is no
longer possible with Azure AD. Regarding AWS, AWS cognito uses its own group and
users and a specific library is needed. Remediation steps: For Azure: Assign
ASP.NET roles to your Azure AD groups For AWS : Use CognitoAuthentication
extension library
CRITICALITY
Blocker Medium
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
https://www.c-sharpcorner.com/article/authorize-asp-net-core-app-by-azure-ad-groups-using-graph-api/
https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/cognito-authentication-extension.html
Application Logs
Agnostic
CORRECT USAGE OF LOGGING
The ETW (Event Tracing for Windows) framework is supported in ASP.NET through
classes in the System.Diagnostics namespace. The
Microsoft.WindowsAzure.Diagnostics namespace, which inherits from and extends
standard System.Diagnostics classes, enables the use of System.Diagnostics as a
logging framework in the Windows Azure environment. So, applications using
System.Diagnostics.Trace are ensured to be compliant with Azure.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://msdn.microsoft.com/en-us/magazine/ff714589.aspx
Application Settings Configuration
Agnostic
PRESENCE OF A WEB CONFIGURATION FILE
Web.config is the chief method the .NET framework has for managing changes
across environments. By storing things like URLs, feature toggles, and server
information in parameters, we free the applications itself to only focus on
business logic that is the same for all deployments.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://blog.submain.com/web-config-5-common-mistakes/
Code Execution
Agnostic
RETRY PATTERNS: USING RETRYPOLICY OR RETRYMANAGER CLASSES
Detect the usage of the class RetryPolicy in the namespace
Microsoft.Practices.TransientFaultHandling;
https://msdn.microsoft.com/en-us/library/microsoft.practices.transientfaulthandling.retrypolicy.aspx
or the usage of the class RetryManager in the namespace
Microsoft.Practices.EnterpriseLibrary.WindowsAzure.TransientFaultHandling
https://msdn.microsoft.com/en-us/library/microsoft.practices.enterpriselibrary.windowsazure.transientfaulthandling.retrymanager(v=pandp.50).aspx
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://msdn.microsoft.com/en-us/library/hh680900(v=pandp.50).aspx
Application Settings Configuration
Agnostic
USE CONFIGURATIONMANAGER
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING A CICS WEBSERVICE IN MAINFRAMES
CICS webservices are supported in Microfocus COBOL.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Access Control List
AWS
USING A CLOUD-BASED ACCESS CONTROL
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
Azure
USING A CLOUD-BASED ACTIVE DIRECTORY
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
AWS
USING A CLOUD-BASED ACTIVE DIRECTORY
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Code Execution
AWS
USING A CLOUD-BASED BATCH JOB ORCHESTRATION
This CloudReady pattern will be documented very soon…
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Big Data
Agnostic
USING A CLOUD-BASED BIG DATA TECHNOLOGY (EMR)
These patterns verify in the source code the use of Cloud-based Big Data and
analysis services.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Data Encryption Key
Agnostic
USING A CLOUD-BASED BLOCKCHAIN TECHNOLOGY
These patterns verify the use of cloud-based Blockchain technology.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Agnostic
USING A CLOUD-BASED CACHE IN-MEMORY DATABASE (MEMCACHED)
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Shared Caching
AWS
USING A CLOUD-BASED CACHE MANAGEMENT FRAMEWORK
This CloudReady pattern detects in the source code the usage of a Cloud-based
cache management framework. Cache management is available as a service in the
majority of Cloud/PaaS platforms, providing your application with native high
scalability, elasticity and availability.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://azure.microsoft.com/en-us/services/cache/
https://aws.amazon.com/elasticache/
Execution Environment
AWS
USING A CLOUD-BASED CONTAINER SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Registry Settings
AWS
USING A CLOUD-BASED DATA STORAGE
This CloudReady pattern detects in the source code the usage of a Cloud-based
data storage. Storage is available as a service in the majority of Cloud/PaaS
platforms, providing your application with native high scalability, elasticity
and availability.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://azure.microsoft.com/en-us/services/storage/blobs/
https://aws.amazon.com/products/storage/
Registry Settings
Google Cloud
USING A CLOUD-BASED DATA STORAGE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Data Encryption Key
Azure
USING A CLOUD-BASED ENCRYPTION MECHANISM
This CloudReady pattern detects in the source code the usage of a Cloud-based
encryption mechanism. Encryption is available as a service in the majority of
Cloud/PaaS platforms, providing your application with native high security,
scalability, elasticity and availability.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
https://aws.amazon.com/kms/
Execution Environment
AWS
USING A CLOUD-BASED FUNCTION AS A SERVICE (SERVERLESS)
These patterns verify the use of cloud-based function as a service from Amazon
Web Services, Azure and Google Cloud. - Amazon Web Services: AWS Lambda - Azure:
Azure Functions - Google Cloud: Cloud Functions
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Sensitive Data Storage Protection
AWS
USING A CLOUD-BASED KEY STORAGE
This CloudReady pattern detects in the source code the usage of a Cloud-based
key storage. Key storage is available as a service in the majority of Cloud/PaaS
platforms, providing your application with native high security, scalability,
elasticity and availability.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis
https://aws.amazon.com/kms/
Third-Party Dependencies
Google Cloud
USING A CLOUD-BASED KEY STORAGE (KMS)
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Google Cloud
USING A CLOUD-BASED MIDDLEWARE APPLICATION (PUB/SUB)
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Application Logs
Agnostic
USING A CLOUD-BASED SEARCH ENGINE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Inter Application Messaging
AWS
USING A CLOUD-BASED SERVICE BUS
This CloudReady pattern detects in the source code the usage of a Cloud-based
Service Bus. Service Bus services are available as a service in the majority of
Cloud/PaaS platforms, providing your application with native high scalability,
elasticity and availability.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://azure.microsoft.com/en-us/services/service-bus/
https://aws.amazon.com/sqs/
Third-Party Dependencies
Google Cloud
USING A CLOUD-BASED STREAM AND BATCH DATA PROCESSING
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Services and Scheduled Tasks
Azure
USING A CLOUD-BASED TASK SCHEDULING SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Services and Scheduled Tasks
Google Cloud
USING A CLOUD-BASED TASK SCHEDULING SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING A CONNECTION TO DB2 IN MAINFRAMES
DB2 can be migrated to Cloud-based relational databases.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING A CONNECTION TO IBM IMS CSQ SERIES IN MAINFRAMES
Message Queue solutions are generally available as a service in the Cloud.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://aws.amazon.com/fr/amazon-mq/?amazon-mq.sort-by=item.additionalFields.postDateTime&amazon-mq.sort-order=desc
https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.ref.dev.doc/q101650_.htm
IBM Mainframes
Agnostic
USING A CONNECTION TO IBM MQ SERIES IN MAINFRAMES
Message Queue solutions are generally available as a service in the Cloud.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q028780_.htm
https://aws.amazon.com/fr/amazon-mq/?amazon-mq.sort-by=item.additionalFields.postDateTime&amazon-mq.sort-order=desc
Execution Environment
AWS
USING A LOAD BALANCER
These patterns verify the use of cloud-based load balancing services from Amazon
Web Services, Azure and Google Cloud. - Amazon Web Services: Elastic Load
Balancing - Azure: Azure Load Balancer - Google Cloud: Load Balancing CDN
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Inter Application Middleware
Agnostic
USING A PROCESSING JSON INPUT
This pattern verifies the presence of using JSON format
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING A PROCESSING JSON OUTPUT IN MAINFRAMES
This pattern verifies the corresponding Cloud blocker in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Inter Application Middleware
Agnostic
USING A PROCESSING XML INPUT
This pattern verifies the presence of using XML format
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/en/SS6SG3_6.3.0/pg/ref/rpxml03e.html
IBM Mainframes
Agnostic
USING A SUBSET OF DATA ROWS IN DB2 IN MAINFRAMES
Subset of rows returned in a database query is compatible with Cloud-based
relational database such as AWS Aurora DB.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSEPEK_10.0.0/perf/src/tpc/db2z_fetchfirstnrows.html
Big Data
Google Cloud
USING BIGQUERY PRODUCT CLOUD DATA WAREHOUSE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Big Data
Google Cloud
USING BIGTABLE PRODUCT FULLY MANAGED NOSQL DATABASE SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING CASE STATEMENTS IN MAINFRAMES
Case statement are supported in DB2 but also in AWS Redshift.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
https://www.ibm.com/support/knowledgecenter/SSEPEK_11.0.0/sqlref/src/tpc/db2z_caseexpression.html
https://docs.aws.amazon.com/fr_fr/redshift/latest/dg/r_CASE_function.html
Big Data
Google Cloud
USING CLOUD DATASTORE PRODUCT NOSQL DOCUMENT DATABASE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
Google Cloud
USING CLOUD IAM (IDENTITY & ACCESS MANAGEMENT) FOR MANAGING SPECIFIC RESOURCES
ACCESS AUTHORIZATION
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Security & User Authentication
Google Cloud
USING CLOUD IAP (IDENTITY AWARE PROXY)
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Google Cloud
USING CLOUD MEMORYSTORE FOR REDIS FULLY MANAGED IN-MEMORY DATA STORE SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Google Cloud
USING CLOUD SPANNER PRODUCT RELATIONAL DATABASE SERVICE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Registry Settings
AWS
USING CLOUD SPECIFIC STORAGE COMPONENT
This pattern verifies the use of Cloud-based specific storage services: - Amazon
Web Services: AWS Elastic File System (EFS), AWS Backup, S3 Glacier - Azure:
Azure Files, Archive Storage, Azure Backup - Google Cloud: Filestore
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Registry Settings
AWS
USING CLOUD-BASED DATABASE SERVICES
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Inter Application Middleware
AWS
USING DEVOPS AUTOMATION AND IAC (INFRASTRUCTURE AS CODE)
These patterns verify the use of DevOps automation and IaC (Infrastructure as
Code) services from Amazon Web Services, Azure and Google Cloud. - Amazon Web
Services: CloudFormation, CodeBuild, CodeDeploy, CodePipeline, DataPipeline -
Azure: Aure Deployment Manager, Azure Pipelines - Google Cloud: Cloud Deployment
Manager, Cloud Build, Cloud Composer
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Execution Environment
Agnostic
USING DOCKER PRODUCT OPEN-SOURCE PLATFORM FOR MANAGING CONTAINERIZED WORKLOADS
AND SERVICES
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Inter Application Middleware
AWS
USING ETLS (EXTRACT TRANSFORM LOAD)
These patterns verify the use of cloud-based ETL services from Amazon Web
Services, Azure and Google Cloud. - Amazon Web Services: AppFlow, Glue - Azure:
Azure Data Factory - Google Cloud: Cloud Data Fusion
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Google Cloud
USING FIREBASE GOOGLE'S MOBILE PLATFORM
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster None
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Third-Party Dependencies
Google Cloud
USING KUBERNETES PRODUCT OPEN-SOURCE PLATFORM FOR MANAGING CONTAINERIZED
WORKLOADS AND SERVICES
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Execution Environment
Agnostic
USING MONGODB DATABASE
This CloudReady pattern detects in the source code the usage of a MongoDB NoSQL
database. MongoDB is available as a service in the majority of Cloud/PaaS
platforms, providing your application with native high scalability, elasticity
and availability.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
Microsoft Azure:
https://azuremarketplace.microsoft.com/en-en/marketplace/apps/jetware-srl.mongodb?tab=Overview
AWS: https://docs.aws.amazon.com/quickstart/latest/mongodb/overview.html Google
CloudPlatform: https://cloud.google.com/solutions/deploy-mongodb
Application Logs
AWS
USING MONITORING SERVICE
These patterns verify the use of cloud-based monitoring services from Amazon Web
Services, Azure and Google Cloud. - Amazon Web Services: CloudWatch - Azure:
Azure Monitor - Google Cloud: Cloud Monitoring
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Execution Environment
Agnostic
USING MYSQL DATABASE
This CloudReady pattern detects in the source code the usage of a MySQL
database. MySQL is available as a service in the majority of Cloud/PaaS
platforms, providing your application with native high scalability, elasticity
and availability.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
Oracle Cloud: https://cloud.oracle.com/mysql
Microsoft Azure: https://azure.microsoft.com/en-us/services/mysql/ Google
CloudPlatform: https://cloud.google.com/sql/ AWS: https://aws.amazon.com/rds/
Execution Environment
AWS
USING NOSQL DOCUMENT STORAGE
This CloudReady pattern verifies in source code the use of Cloud-based NoSQL
databases. It is a booster as most of Cloud service providers supports NoSQL
databases as a service.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Execution Environment
Agnostic
USING ORACLE DATABASE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
Execution Environment
Agnostic
USING POSTGRESQL DATABASE
This CloudReady pattern detects in the source code the usage of a PostgreSQL
database. PostgreSQL is available as a service in the majority of Cloud/PaaS
platforms, providing your application with native high scalability, elasticity
and availability.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
AWS: https://aws.amazon.com/rds/postgresql/
Microsoft Azure: https://azure.microsoft.com/en-us/services/postgresql/ Google
CloudPlatform: https://cloud.google.com/sql/docs/postgres/
Execution Environment
Agnostic
USING SQL SERVER DATABASE
This pattern verifies the corresponding Cloud booster in the source code of an
application.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
IBM Mainframes
Agnostic
USING UNCOMMIT READ OPTION UR IN MAINFRAMES
The ISOLATION (UR) or uncommitted read option allows an application to read
while acquiring few locks, at the risk of reading uncommitted data. UR isolation
applies only to the following read-only operations: SELECT, SELECT INTO, or
FETCH from a read-only result table. This is the commonly found isolation level
in DB2 sql queries. Read uncommitted is supported in some Cloud-based relational
databases such as Amazon RDS.
CRITICALITY
Booster Low
The criticality level impacts the application CloudReady score, whether it is a
blocker (a negative pattern found during the code scan) or a booster (a pattern
that makes your app more Cloud-ready) and the corresponding level (low, medium,
high, critical).
REFERENCES
http://ibmmainframes.com/about7843.html
© Copyright 2022 - CAST