CAST Application Intelligence Platform Reviews

We use CAST Application Intelligence Platform for multiple purposes. One of its use cases is understanding the code health in terms of scalability, reliability, efficiency, and performance. These are some of the metrics the solution measures which could be found in the health and engineering dashboard. We also use the CAST Application Intelligence Platform for doing a deep dive into security related issues in our source code, so if we want to understand if our application code is secure as per ISO 5055 guidelines or as per OWASP Top 10 guidelines, that's what when we use the security dashboard of the CAST Application Intelligence Platform to do end-to-end analysis. These are some of the most important use cases of the solution.

The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out.

The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules.

An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code.

I've been using the CAST Application Intelligence Platform for one and a half years.

CAST Application Intelligence Platform is a stable product. I haven't seen any issues at all in that aspect. It's pretty stable. The performance of the product is also okay, but it's deployed on-premises, so performance would also depend on the infrastructure provision. Otherwise, the CAST Application Intelligence Platform is pretty good in terms of performance.

CAST Application Intelligence Platform is a scalable product. Depending on your required usage, you can easily train more people to use the product and scale up the number of users, so scalability isn't a problem. Scaling up the CAST Application Intelligence Platform just requires a little bit of training which is not difficult.

We didn't have any escalations with the technical support team of the CAST Application Intelligence Platform, but we did raise tickets for bugs and issues, and they released patches to resolve certain issues. They're pretty good and able to resolve our issues, so they deserve a rating of four out of five.

There are other tools which we have looked at which work for code health, code health analysis, and code quality analysis, apart from CAST Application Intelligence Platform, and those are SonarQube, Veracode, and Checkmarx.

We chose CAST Application Intelligence Platform because of the details we get from it, the overall coverage of the rules, and the dedicated health dashboard in the solution. Those are some of the features present in CAST Application Intelligence Platform that give it better capability than other tools.

CAST Application Intelligence Platform also integrates with Imaging for better architecture analysis, which gives added value for us.

The initial setup for CAST Application Intelligence Platform is a little complex because it has multiple requirements, so it does take a little time. Because the solution is deployed on-premises, the setup process depends on the environment provision and the different libraries you need to install, making the process a little tricky and time-consuming.

How long it would take to set up CAST Application Intelligence Platform could be between one to two weeks depending on where you're setting it up and how good the environment is.

We implemented the CAST Application Intelligence Platform with the help of CAST experts.

We've seen ROI from CAST Application Intelligence Platform because we've been able to leverage it for doing multiple customer engagements. We've been able to win more business for our organization by leveraging the product.

I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform.

My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license.

On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five.

My organization uses CAST products extensively, particularly CAST Imaging, CAST Highlight, and CAST Application Intelligence Platform. My company has an enterprise deployment for all three products.

I'm using the latest version of the CAST Application Intelligence Platform.

The maintenance of the CAST Application Intelligence Platform is done manually because there's no auto-upgrade. There's a dedicated team that handles the maintenance and upgrades.

In my team, which is the COE team, three dedicated senior architects use the CAST Application Intelligence Platform, specifically to onboard the applications and do the initial analysis. My company has other users of the solution as well.

CAST Application Intelligence Platform is on an enterprise deployment in my company, so there's a plan to increase usage for it. My company continues to look at different opportunities to increase usage and other adoptions. There's a plan to also take it to customers to give them value.

My advice to anyone who's looking to implement CAST Application Intelligence Platform is to have a very clear understanding of what the product does and does not do because a lot of times, people believe it can do anything and everything, but it doesn't. The product has limitations in terms of the tech stack it supports and the tech stack it doesn't support, so please have a clear understanding of CAST Application Intelligence Platform first.

You should understand what the customer expects as an outcome and give a demo of the product before you onboard this for your customer because the customer needs to really understand the outcomes he can get from CAST Application Intelligence Platform, and agree that this is what he customer wants, otherwise it will be a waste of time.

My rating for CAST Application Intelligence Platform is eight out of ten.

My company has a partnership with CAST.

CAST AIP is a valuable solution for quality metrics and application security. It is beneficial for software architecture detection.

CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform.

Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues.

I have been working with CAST AIP for almost three years.

I would rate the stability of CAST AIP as a ten out of ten. It is very stable.

I would rate the scalability of CAST AIP as an eight out of ten. My clients for CAST AIP are usually enterprise businesses.

I would rate the technical support as a six out of ten. It could be improved.

Neutral

Implementing CAST AIP can be challenging in complex customer environments, but it is easier for software vendors and system integrators. I would rate the easiness of the initial setup as a five out of ten.

Deployment of CAST AIP typically takes at least a few weeks, sometimes even longer, but it's not a quick process.

CAST AIP is very expensive.

CAST AIP supports software process improvement by providing insights into code quality, security, and architecture, aiding in the enhancement of development processes.

CAST AIP helps identify and correct software flaws and it is one of the main strengths of the solution.

The automated code review process in CAST AIP is beneficial and can contribute to the digital transformation of IT shops.

Integrating AIP with existing development tools and ecosystems is challenging but beneficial. With proper support and technical assistance, the process becomes smoother.

I would recommend CAST AIP for organizations with well-established and clear software processes. However, for organizations with complex or less-defined processes, it may not be the best fit.

Overall, I would rate CAST AIP as a seven out of ten.

There are different products of the CAST solution that we use for different reasons. For quality improvement, we use CAST AIP which is an Application Intelligence Platform. We have a health dashboard where we can view improvements and violations that have been fixed. 

Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients. 

The integration of this solution could be improved. 

I have used this solution for four years. 

This is a stable solution. 

The customer service and support team take time to analyze issues. Sometimes they do provide solutions but this first requires troubleshooting. 

Neutral

I would advise those considering using this solution to understand their business use case and how it can benefit them.

I would rate this solution eight out of ten. 

Hourly, daily, and monthly static code analysis before making a project live. Therefore, controlling the technical debt and code quality.

Clean code writing with the help of issues. However, it has very few plugins to access different code repositories, so source code has to be fed.

• Application engineering dashboard
• Quality model
• Application components model, etc. 

Also, it supports most programming languages.

Supporting more than 50 application configurations per analysis in the servers.

Implementation could be made simpler as it is complex.