- SAP Managed Tags
In August 2025 we have published the updates to the technical guidelines for ABAP custom code development and governance in SAP S/4HANA private cloud and on-premise landscapes based on the evolution of the 3-tier extensibility model to the Clean Core Extensibility model following the newly established clean core level concept. See also the blog post ABAP Extensibility Guide – Clean Core for SAP S/4HANA Cloud - August 2025 Update for the summary of major updates and the chapter 5 of the ABAP Extensibility Guide for more comprehensive information.
While summarizing the ABAP test cockpit (ATC) recommendations for the governance of clean core ABAP development this blog post describes also in detail the new ATC checks for clean core.
Technical ATC Setup
Set up a central ATC check system for governance of your ABAP custom code developments for clean core utilizing either ATC on SAP BTP or central ATC in private cloud (or on-premise) system.
ATC on SAP BTP: central ATC in the SAP BTP ABAP environment is the SAP recommended approach for governance of ABAP developments for clean core in SAP S/4HANA private cloud or on-premise landscapes. Meanwhile ATC on SAP BTP became a mature extensive solution providing such capabilities like custom code analysis (including SAP CVA security checks without separate licensing fee), scheduling of ATC runs, developer scenario, robust exemptions workflow, baseline and more. See also the blog post ATC on SAP BTP for on-premise developments for more information.
Set up a central ATC system connected against all development related systems (DEV, Q). Setup the ATC blocking mode in DEV systems for all Priority 1 and Priority 2 findings for transport tasks and transport requests.
Setup of ATC check variant for clean core
You should add the recommended ATC checks for clean core to your existing global standard ATC check variant. If you set up ATC for the first time you should create your own ATC standard variant as a copy of the default ATC variant ABAP_CLOUD_DEVELOPMENT_DEFAULT in ABAP development tools for Eclipse and add the clean core checks.
The recommended ATC checks for clean core:
✅ Allowed SAP enhancement technologies *
✅ Usage of APIs *
✅ Search for customer modifications
✅ Critical statements**
In addition, the following ATC checks are recommended to be added to your ATC check variant:
- Code Vulnerability Analyzer (CVA) (for security if CVA is licensed accordingly)
* See the next chapter for more details on these new ATC checks for clean core
** The Critical statements check must be parametrized in the check details:
with the following values:
REMARK: you should be able to find the Search for customer modifications check under the Search functions category and the Critical statements check under the Security category in your check variant in ABAP development tools for Eclipse.
Overview of the new clean core ATC checks
The new ATC checks for clean core are available in the ATC on SAP BTP in the SAP BTP ABAP environment. In the SAP S/4HANA 2023 private cloud and on-premise systems implement the SAP Note 3565942.
The Allowed Enhancement Technologies check reports usage of enhancements in custom code (object type ENHO) based on not allowed enhancement technology. The Usage of APIs check is based on usage guidelines for SAP APIs in custom code.
In the following we will focus mainly on the Usage of APIs check.
The ATC check “Usage of APIs” – How it works
What are classic APIs
SAP offers recommendations for release independent upgrade stable SAP APIs (classic APIs), which shall be used classic ABAP developments and provides the list of classic APIs as objectClassifications_SAP.json on the GitHub - SAP/abap-atc-cr-cv-s4hc. This information is used by the ATC to govern the usage of classic APIs in custom code developments.
The classic APIs are based on the SAP recommendations for classic ABAP development technologies, reuse services and application specific frameworks, which should be utilized in classic ABAP developments (see the SAP Note 3578329 for more details).
Classifications are provided for the following SAP object types:
- Function modules (FUNC)
- Classes/interfaces (CLAS/INTF)
- CDS views (STOB)
- BO interfaces (BDEF)
Classic APIs can be inspected by the Cloudification Repository viewer on GitHub: https://sap.github.io/abap-atc-cr-cv-s4hc/?version=objectClassifications_SAP.json
Classic APIs offer access to application specific services like the well-known BAPIs and to the above-mentioned classic technologies and reuse services, for example central reuse classes from the SAP GUI programming:
Classic APIs classified as “transactional-consistent” can be used in the context of RAP-based applications (see also SAP Help Documentation about RAP Transactional Model).
There are also SAP objects classified as so called “no API”. These objects should not be used in custom code and replaced by SAP released APIs or classic APIs (if successor is available, it is listed in the object classification JSON file).
Check behavior
The purpose of the new ATC check Usage of APIs is to verify the usage of classic ABAP development objects based on the consumption of SAP APIs.
The check verifies usages of SAP standard objects in custom code like interfaces, classes, function modules, CDS views, behavior definitions, DDIC database tables and DDIC database views, programs or their subroutines, whereby the SAP DDIC object types like data elements, domains, table types and structures are not checked (no ATC finding is reported).
For usage of released SAP APIs in custom code no ATC findings are reported. For usage of an SAP classic APIs the check reports an info message, for usage of an API which is not classified (SAP internal API) the check reports a warning and for usage of an API marked as “no API” an error message containing successor is reported (if such successor has been provided).
DDIC database tables, DDIC table views and programs are not considered as APIs, which means the following behavior is always reported: reading DDIC database tables or DDIC table views results in a warning, whereas modifying them results in an error.
Summarized the check behavior is as following:
Example
You can use the new ATC checks in the Analyze Custom Code app* (or Custom Code Migration app) on SAP BTP by including them into your custom ATC check variant in the SAP BTP ABAP environment and using this ATC check variant for analysis of your code in the private cloud or on-premise system. By filtering the findings you can target your analysis for example at an ATC check message. For instance, you can look how many findings and in which custom objects you get with the ATC check message “Updating DDIC database tables or DDIC table views is not allowed” to focus the adaptation efforts first on replacing SQL write accesses to SAP database tables with released CDS views. There are other useful filters in the app which can help to differentiate the ATC issues by the application components for example or by object name (e.g. to replace first the SQL write accesses in custom code to the specific table like VBAK).
* With SAP BTP ABAP environment 2508 the Custom Code Migration app was split up into two separate tiles. There is now the Analyze Custom Code app for the custom code analysis use case and the Custom Code Migration app for the migration to SAP S/4HANA use case. See also SAP Help Documentation Custom Code Analysis.
If you take a look at the parameters of the Usage of APIs check in the ABAP development tools in Eclipse, you will see that it takes as input the JSON file with classic SAP APIs objectClassifications_SAP.json:
NOTE: If you want to use clean core ATC checks for remote code analysis of the system, which is on older release, where either released SAP APIs are not yet available (e.g. an ECC system), or if you want to use the newer version of the released SAP APIs as in the checked system, you need to provide the value of the releasedAPIDataSource check parameter like this (e.g. using latest version of the released SAP APIs for the SAP S/4HANA Cloud Private Edition):
NOTE: If your ABAP system does not have access to the internet, you can upload the file with the classic SAP APIs using the program SYCM_API_CLASSIFICATION_MANAGR and provide filename for the value of the classicAPIDataSource check parameter like this:
NOTE: If you want to consider classic APIs provided by SAP partners apply the SAP Note 3630552 Classic API Support in ATC Check "Usage of APIs" for Partners. This SAP Note enhances the Usage of APIs ATC check with the option to provide multiple classic API data sources. In addition, the program SYCM_API_CLASSIFICATION_MANAGR will give SAP partners the option to create new classic API JSON files with their own APIs.
You can also execute the clean core ATC checks over the custom code in your SAP S/4HANA system in ABAP development tools in Eclipse, where you can see the ATC findings according to different usages of SAP APIs in custom code.
For your convenience the detailed documentation of the Usage of APIs check is provided in the details of analysis results for each ATC issue.
For more detailed information about relation of clean core ATC findings to the clean core levels as well as recommended actions how solve them refer to the chapter 5.1.2 in the ABAP Extensibility Guide.
How to control clean core development by ATC exemptions and baseline
If you have extension use cases, especially related to necessary changes in old legacy code, where you can not use classic APIs, you can work with ATC exemptions to control usage of SAP internal objects in your code. The ATC Exemption browser will monitor the ATC exemptions and provide the overview of the status of your system regarding to clean core development.
If you have a lot of legacy code in the system, and adjusting it to achieve a clean core is not considered reasonable from an ROI perspective you can create the initial ATC baseline for the clean core findings in this legacy code before starting with the new clean core development.
For more information please refer to the chapter 5.1.3 Clean core governance by using ATC exemptions in the ABAP Extensibility Guide.
Wrap up example
Here just one example to demonstrate how the ATC errors go down when using the new ATC clean core checks based on usage guidelines for SAP APIs instead of ABAP Cloud readiness checks based on usage of released APIs:
This multiple reduction of critical ATC issues in custom code is gained by the changes in the check procedure. The ABAP Language Version, ABAP Language Version of Objects and Allowed Object Types in Cloud Development checks are now excluded because the compliance with ABAP Cloud is not necessary for classic ABAP developments and the Usage of APIs check replaces the Usage of Released APIs check.
Try out the new ATC checks for clean core to reduce the number of the ATC findings in your classic ABAP developments and focus your adaptation efforts on real technical debts.
ATC clean core checks results in the RISE with SAP Methodology dashboard
To reflect the clean core level concept, the ATC clean core checks results generated in system can now be uploaded to the RISE with SAP Methodology dashboard. See the New Clean Core Extensibility KPIs arrive on the RISE with SAP Dashboard blog post for more details.
Bluesky| User | Count |
|---|---|
| 57 | |
| 16 | |
| 10 | |
| 10 | |
| 10 | |
| 9 | |
| 9 | |
| 9 | |
| 9 | |
| 8 |
