Reverse-engineering your SSIS estate: the automated approach

What reverse-engineering reveals

SSIS package reverse-engineering involves analysing the source code (.dtsx files) to reconstruct the complete map, without relying on existing documentation or oral knowledge.

The Decinova scanner parses each DTSX file and extracts cinq categories of’information.

Connections: which source and destination databases each package uses. This is the first surprise for many clients — discovering connections to servers that no longer exist or databases nobody knew were still being queried.

Dependencies: which package feeds which table, which table is read by which other package, which stored procedures are called. The result is a directed dependency graph — the “map” of your estate.

Complexity: the number of components per Data Flow Task, call chain depth, cyclomatic complexity of control logic. A package with 3 simple Data Flow Tasks is not the same as one with 25 transformations, nested loops, and dynamic SQL.

Code quality: presence or absence of error handling (Event Handlers), logging, environment variable parameterisation (rather than hard-coded connection strings). This is what separates a maintainable estate from a fragile one.

Obsolescence: packages referencing deprecated components (VB.NET Script Tasks instead of C#, connections via obsolete drivers, older DTSX version formats).

The technical debt score

The five categories above are aggregated into a single score from 0 to 100 — the technical debt score. This score is calculated from 12 weighted criteria, grouped into three axes: structure (40%), quality (35%), and obsolescence (25%).

A score below 30 means a healthy estate. Between 30 and 60, debt is significant but manageable — targeted actions can reduce it. Above 60, the estate represents an operational risk that should be addressed as a priority.

The score is broken down by package, making it possible to identify “time bombs” — the few packages that concentrate most of the risk. In most environments, 10% of packages account for 80% of the technical debt.

From diagnosis to action

An audit is worthless if it doesn't lead to sur un plan d’action. The Decinova report systematically includes a ranking of each component by business value × technical debt matrix, with four recommendations possibles: migrate first, migrate later, keep en as-is, or decommission.

This ranking comes with an effort estimate for each scenario. The CIO can thus compare: “if I migrate only the 30% most critical, it costs X and takes Y weeks” versus “if I migrate everything, it costs Z and takes W months.”

An audit that doesn't touch your data

Important point for organisations subject to strict regulatory constraints: the scanner analyses source code, not data. It needs no connection to your production databases. The audit can be run entirely offline in a sandboxed environment.