kiskadee architecture aims to decouple source code analysis from release monitoring. To accomplish that, we have separated the module responsible to fetch package versions and source code, and the module responsible to run the analyses. The communication between them is done through queues, as shown in the Figure below.

For the current architecture, we use three queues. The packages_queue is used by the fetchers to enqueue the packages that should be analyzed. This queue is consumed by the monitor module, to check if the enqueued package was already analyzed. The second queue, called analysis_queue, is consumed by the runner module, in order to receive packages that must be analyzed, which are queued by the monitor module. If a dequeued package does not exist in the database, the monitor module enqueues it for analysis in the analysis_queue. When an analysis is performed, the runner module sends the analysis report to the monitor module, by enqueing it in the results_queue. The package (and the analysis) are saved in the database by the monitor module. Currently, kiskadee only generates analysis for projects written in C/C++. This was a scope decision made by the kiskadee authors.


Figure One: kiskadee architecture.

Monitor - Module to manage kiskadee analysis

The Monitor class is responsible for dequeuing packages from the packages_queue and for checking what packages need to be analyzed.

The class defines the following public behaviors:

class kiskadee.monitor.Monitor

Provide kiskadee monitoring objects.


Dequeue packages and check if they need to be analyzed.

The packages are dequeued from the package_queue. When a package needs to be analyzed, this package is enqueued in the analyses_queue so the runner component can trigger an analysis. Each fetcher must enqueue its packages in the packages_queue.

Runner - Module to run static analysis

This module is responsible for running several static analyzers on on a given project source code.

The module defines the following public behaviors:

Run each static analyzer in each package marked for analysis.

class kiskadee.runner.Runner

Provide kiskadee runner objects.

analyze(analyzer, source_path)

Run each analyzer on some sorce code.

The analyzer is the name of a static analyzer already created on the database. The source_path is the directory to a uncompressed source, returned by the _path_to_uncompressed_source().


Iterate over the package analyzers.

For each analyzer defined to analysis the source, call the function analyze(), passing the source dict, the analyzer to run the analysis, and the path to a compressed source.


Run static analyzers.

Continuously dequeue packages from analyses_queue and call the analyze() method, passing the dequeued package. After the analysis, updates the status of this package on the database.