Cybersecurity: A Strategic Imperative on IBM i

1. When Software Quality Becomes a Pillar of Cybersecurity

Cybersecurity has become a top concern for organizations of all sizes — small, medium, and large. Threats are constantly evolving, and attacks increasingly target business applications themselves.

In this context, the source code — the heart of every information system — is both an asset and a major cybersecurity risk. A single development error can create a vulnerability that malicious actors can exploit.

To address this reality, companies are now adopting tools capable of detecting vulnerabilities as early as the development phase, even before the code is deployed to production. This is the purpose of SAST (Static Application Security Testing) solutions, such as CodeChecker, ARCAD Software’s static security analysis tool designed specifically for the IBM i platform.

2. Software Vulnerabilities: An Often Underestimated Risk

Security flaws originating in source code are not necessarily due to negligence; they often result from increasing application complexity, time constraints, or a lack of security best practices.

On IBM i environments, the issue is even more specific. Many critical applications — in banking, insurance, logistics, or manufacturing — are built on legacy programs written in RPG, CLP, or DDS, maintained for decades. These strategic applications must be modernized and secured without disruption, as part of a broader cybersecurity strategy for the organization’s application assets.

That’s precisely where SAST tools come into play.

3. SAST Tools: The Developer’s First Line of Defense

Static Application Security Testing (SAST) tools analyze source code to detect errors, inconsistencies, or vulnerabilities. Unlike dynamic testing (DAST), they act upstream in the development lifecycle, directly within coding environments.

Their goal: detect weaknesses as soon as they appear, before they propagate to deployed versions. This approach aligns with the DevSecOps philosophy, which integrates security at the heart of development rather than treating it as a final step.

Thanks to this “Shift Left Security” mindset, companies gain reliability, responsiveness, and compliance — all at once.

4. CodeChecker: A SAST Built for IBM i

One of CodeChecker’s greatest strengths lies in its native design for the IBM i platform. While most general-purpose security tools struggle to interpret legacy syntax, CodeChecker was built to cover the full range of IBM i languages: RPG II, III, IV, ILE, Free, CLP, and DDS.

This exhaustive coverage ensures precise and relevant analysis without false positives caused by syntax misinterpretation. CodeChecker doesn’t just focus on security — it also enhances code quality, compliance, and overall reliability.

In short, it’s a dual-purpose tool: securing the code while promoting better development practices.

5. Continuous Monitoring and Expert Support

Even the best tool isn’t enough on its own. In cybersecurity, threats evolve constantly, and new vulnerabilities emerge every week. To remain effective, a SAST must be supported by ongoing threat intelligence and updates.

That’s where ARCAD Software’s added value truly shines.

The company provides a comprehensive support and monitoring service: new threats are identified, detection rules are updated, and delivered quickly to CodeChecker users. This “tool + service” model ensures continuous protection — effortlessly.

The value of the solution lies not only in its technology but also in the human expertise and responsiveness behind it.

6. “Coach, Not Cop”: A Pedagogical Approach to Security

Controlling the code is good — coaching developers is better. This is the essence of CodeChecker’s “Coach, not Cop” philosophy. The goal isn’t to penalize mistakes but to train and raise awareness among development teams continuously.

The earlier an issue is detected, the cheaper it is to fix. That’s why CodeChecker integrates directly into IBM i developers’ environments:

• Native tools (SEU/PDM),
• RDi (Rational Developer for i),
• Visual Studio Code.

Analysis results appear in context, right within the source code, enabling quick and intuitive fixes.

This seamless integration encourages natural adoption and strengthens the security culture within teams.

7. Fast Deployment, Measurable Benefits

Unlike many complex security solutions, CodeChecker is simple to deploy and use. It comes with a full set of ready-to-use security rules, plus hundreds of quality and compliance checks.

Organizations quickly see tangible results:

• Reduced code review time,
• Fewer security incidents,
• Stronger compliance with internal or regulatory standards.

In highly regulated sectors such as banking and insurance, where code reviews are mandatory, CodeChecker delivers major time savings and stronger protection — without slowing development.

8. Conclusion: Security and Quality, Two Sides of the Same Commitment

In today’s digital world, code reliability determines enterprise security — making static analysis an essential reflex.

For organizations running on IBM i, CodeChecker is far more than a control tool: it’s a trusted partner, combining technical expertise, continuous monitoring, and human support.

By embedding cybersecurity directly into the developer’s workflow — following the “Coach, not Cop” approach — companies adopt a preventive, efficient, and sustainable security strategy.

Because security isn’t declared — it’s built, line by line.