Administration Center - Extensions Strategy

Summary: documentation for the Extensions Strategy panel in the Console Administration Center.

Options available here are global to ALL Applications managed in Console. Note that this page describes settings available only in CAST Console ≥ 2.8. For older releases, please see Administration Center - Settings - Extensions Strategy instead.

Introduction

The Extensions Strategy setting provides various options for managing at a global level (i.e. for all Applications managed in the Console) the extensions that are used in each Application analysis. The main objective of these options is to ensure that the extensions that are available for use in an analysis can be controlled - for example, admins can choose to do any of the following:

  • ensure that extensions are always updated to their latest release - global and extension level
  • allow/prevent the use of specific extensions depending on their status (LTS, funcrel, beta, alpha etc.) - global level
  • allow/prevent the use of Labs or User Community extensions - global level
  • allow only specific extensions and specific versions of extensions to be used
  • force the installation/use of specific extensions

The settings are controlling mechanisms to prevent or grant access to any specific official or custom extensions that have been published by CAST. It is not mandatory to make any changes to the default options, however, CAST does recommend that you evaluate the correct strategy for your own environment:

Click to enlarge

General tips and rules for extension installation

  • The release number of extensions used for your application will be determined the first time you run an analysis on this application. The most recent release of the extension will be downloaded (respecting the Extension stability level setting) if the extension does not already exist on the Node (in %PROGRAMDATA%\CAST\CAST\Extensions) responsible for your application. If the extension already exists on the Node, then it is this specific release of the extension that will be used unless auto update is enabled or unless a specific release number is manually selected (either in the Admin Center or at Application level in the Application - Extensions screen).
  • If you find that your analyses are failing at the "install extensions" step due to CAST Console automatically requesting an extension that does not meet the strategy requirements (i.e. it is an alpha or beta where only LTS or funcrel extensions are allowed), you can blacklist/deny the extension to prevent Console from automatically attempting to install it. See Blacklisting/denying extensions below. Note that this may mean your analysis results are compromised where the extension provides specific functionality required for your source code.
  • The following priority levels are applied to extensions settings - settings at the top have priority:

Out of the box settings

Out of the box, Console will have the following pre-defined settings:

General settings

SettingPosition
Auto updateDisabled - i.e. extensions will not update when a new release becomes available, therefore maintaining stability.
Extension stability levelLTS and Funcrel permitted, Beta and Alpha extensions are blocked and will not be made available for installation whether manually or automatically.
Allow User Community/LabsEnabled.

Force installed extensions

A set of extensions will be listed in the force install list out of the box (and also after upgrade). This means that these extensions will be installed for all Applications managed within Console during the next analysis:

It is not mandatory to use any of these extensions (they can be disabled), but they provide additional insight and information and CAST highly recommends that they are left enabled - indeed some features in CAST Imaging will not be available if the force installed extensions are disabled. Some additional notes:

  • If you are using CAST Extend local server and you intend to use these extensions (i.e. leave them listed in the table) you must ensure that you update your service to include these extensions.
  • The Auto Update option at extension level will be disabled by default - this means that extension will not update automatically unless you either:
    • enable Auto Update at global level
    • manually enable Auto Update at extension level by moving the slider to the enabled position alongside the extension

Click to enlarge

Available options

Extension settings

Auto update

When enabled (set by default to disabled), this option provides a global (i.e. for all Applications managed in Console) method of ensuring that all Applications will always use the latest release for all Included extensions - i.e. those required for analysis, including Force Installed extensions. CAST Console will respect the setting applied via the Extension stability level slider - in other words, if you only permit LTS or funcrel via the slider, the "latest extension" will be the most recent LTS or funcrel release - any other more recent alpha or beta releases will be ignored.

When an extension update is required, it will be applied either before an analysis or before a snapshot in a dedicated job step

In addition, when this option is enabled (not the default position) the Auto Update option for individual extensions (All Extensions and Force Installed extensions) list will be set to auto update, but can still be overridden at extension level:

Enabling or disabling the option will show this confirmation prompt with a tick box: Force all extensions to this option. Ticking this option will ensure that ALL individual extensions are ALSO set to the same setting (either enabled or disabled), overriding any auto update settings set at the extension level:

Extension stability level

This option provides the ability to control which type of extensions can be used for Application analyses (you can see more about this in Release types).

  • LTS (or longterm: Long Term Support)
  • Funcrel (i.e.: Functional Release)
  • Beta
  • Alpha

For example, it may not be desirable to allow the use of extensions that are in Funcrel, Beta or Alpha status in a "production" analysis. Therefore the slider can be adjusted to allow only LTS extensions:

When the strategy is updated, a notification is displayed:

This strategy change will be visible as follows;

LocationDescription
Extensions strategy

When looking at the extensions or force installed extensions, the number and the list of available extensions will update:

Click to enlarge

Application

When looking at the Available Extensions tab (see Application - Extensions) - only extensions whose version status matches the strategy chosen at global level will be available for selection - in the image below, Funcrel, Beta and Alpha extensions are no longer available since the strategy has been changed to LTS only:

Click to enlarge

Allow User Community/Labs

This option either allows or prevents the installation of User Community or Labs extensions (see Contributor types for more details). By default the option is enabled, meaning that User Community or Labs extensions will be listed in the Extensions Strategy page and will be available for installation in the Available panel in the Application - Extensions interface:

Click to enlarge

Enabling or disabling the option will show this confirmation prompt with a tick box: Force all extensions to this option. Ticking this option will ensure that ALL individual extensions are ALSO set to the same setting (either enabled or disabled), overriding any settings set at the extension level:

When the option is disabled, all User Community and Labs extensions will be blacklisted/denied preventing them from being installed:

Click to enlarge

If a User Community or labs extension is set to Force Install prior to disabling the Allow User Community/Labs option, the extension will remain in the Force Install list and will NOT be blacklisted/deny listed.

Reset settings

This option will reset all custom extension strategy settings to the default settings provided by CAST (see Out of the box settings above).

Extensions list

Click to enlarge

The extension list allows you to manage individual extensions at a global level. Any changes here will override settings in the left hand Extensions Settings panel:

OptionDescription

Filter


This is a filter which will self-update whenever changes are made either in the Extensions Settings panel or at extension level. Clicking the filter will update the list of extensions below - only those meeting the specific filter requirements will be listed:

  • User Strategy Settings > Lists all extensions that have a customized setting or have been customized in the past (i.e. Force Install has been enabled, or the extension has been blacklisted/deny listed). When an extension is set back to its default settings position, the extension will remain under this filter to indicate that a setting was changed in the past.
  • All Extensions > Lists all extensions
  • Force Installed > Lists all extensions that are set to Force Install
  • Black Listed / Deny Listed > Lists all extensions that are blacklisted/deny listed
  • Auto Updated > Lists all extensions that have the Auto Update option enabled
  • UC/Labs Extensions > List all User Community (UC) and Labs extensions

The filters respect the Extension Stability Level setting. I.e. if Extension Stability Level is set to LTS only, then only LTS extensions will be listed in all of the filters.

Search

Use this option to search for a specific extension in the list:

Filter Table

Use this option to filter the table:

Bulk Actions

Available when more than one check box is selected. Provides bulk actions for all available options - for example you can enable or disable Auto update, Force install and Blacklist/Deny list for some or all extensions:

NameName of the extension as displayed in CAST Extend.
Type

Indicates the type of extension (see Contributor types), i.e.:

  • Product
  • Labs
  • User Community

Auto update

Toggle switch determining whether the extension will auto update or not for all applications. If enabled, CAST Console will always use the latest release of the extension that is available in CAST Extend/CAST Extend local server. When a new release is available, it will be installed the next time the "install extensions" is step is run, which is usually during a new analysis of each application. The extension will also appear as requiring an update in the Included tab in the Application - Extensions screen:

Version

Determines the version of the extension that will be installed for all applications. The selected version will be installed the next time the "install extensions" is step is run, which is usually during a new analysis of each application. In addition the selected version number will be displayed in the Included tab in the Application - Extensions screen.

The exceptions to this rule are as follows - in other words a change to the Version number in the Admin Center will NOT reflect in the Included tab in the Application - Extensions screen and instead, the previously determined extension version number will be used (either the most recent version if the extension is not present on the Node responsible for your application, or the version present on the Node):

  • The extension com.castsoftware.jee
  • If you have changed the version of a discovered extension
  • If you have included an extension from the Available tab in the Application - Extensions screen while changing its version from the default set in the Admin Center
Force install

Toggle switch determining whether the extension is set to Force Install. If enabled, this means that the extension will be automatically installed for all Applications managed within CAST Console during a new analysis of each application. The extension will also appear in the Included tab in the Application - Extensions screen when filtering on Force Install:

Black list / Deny list

Toggle switch determining whether the extension is blacklisted / deny listed or not. If an extension is blacklisted / deny listed, it cannot be installed for any application. This means that:

  • users will not be able to select the extension in the Available tab in the Application - Extensions screen at application level.
  • even if the extension is "discovered" by CAST Console (i.e. it is determined as being required) during the source code delivery/Fast Scan stage, it will not be installed.
Changed on

Indicates the last date/time any of the following options were modified for the specific extension (i.e. at extension level):

  • Auto-update
  • Version
  • Force Install
  • Blacklist/Deny list

If the value is removed using a global option, the last modified time is no longer displayed.