Created by James Hurrell, last modified by N Padmavathi on Aug 10, 2022


Summary: This page provides a description of the Engineering Dashboard GUI.

Multiple Applications or single Application?

On login, depending on the number of Applications available, behavior will differ:

Number of ApplicationsBehavior
Single Application

You are taken direct to the Application landing page since there are no other Applications available:

Click to enlarge


Multiple Applications

You are offered a choice of which Application to access since there are multiple Applications available:

When the Application is selected, you will be taken direct to the selected Application's landing page. If you are not authorized to access the selected Application due to a data authorization rule, a "You are not authorized to access any applications" message will be displayed.

If you would like to choose different Application, you can do so using the dropdown list box located on the menu bar:

Click to enlarge

If you cannot locate the Application you require, you can use the search field to search for the Application - the search is instant - entering a single character will start the search mechanism:

Whenever relevant, loading icons will display when data could take some time to fetch/process and/or display.

Application landing page


The Application landing page consists of multiple tiles used to display data and information from the most recent snapshot of the selected Application:

Note that the tiles displayed out of the box are fully configurable by the CAST AI Administrator. Please see Engineering Dashboard tile management for more information.

Risk Model tile

  • This default tile displays "at a glance" information about the current Application status:
    • the number of Violations or Critical Violations in the Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations)
    • the number of Rules in the Application that have been triggered during an analysis/snapshot (this figure includes default CAST AIP rules/rules delivered with extensions and also custom rules with IDs above 1,000,000)
    • the number of Critical Rules in the Application that have been triggered during an analysis/snapshot
  • Clicking this tile will take you directly to the Risk investigation view (this can also be accessed by clicking the  button available in the sidebar).

Application Components tile

  • This default tile displays "at a glance" information about the Violation status for the current Application:
    • the number of Modules present in the Application (Modules can be configured during an analysis to divide the Application into meaningful groups)
    • the number of Lines of Code present in the Application
    • the total number of Objects in the current Application that contain at least one violation (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
    • the total number of Violations or Critical Violations in the current Application - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
    • the total number of Rules that have been violated in the current Application (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations))
  • Clicking this tile will take you directly to the Application investigation view (this can also be accessed by clicking the  button available in the sidebar).

Risk Introduced tile

  • By default, this tile shows two values for the Total Quality Index (TQI) Health Measure:
    • Added Critical Violations or Violations > The number of critical violations or violations (i.e. "risk") introduced in the current snapshot
    • Removed Critical Violations or Violations > The number of critical violations or violations removed from the current snapshot
  • Values are a comparison between the previous and current snapshot, therefore if this is the first snapshot then there will be Added Critical Violations or Violations but no Removed Critical Violations or Violations. It is also possible to change the Health Measure by clicking the drop down arrow next to the Health Measure name:

  • If no added or removed Critical Violations or Violations are present in the snapshot, then the tile will display no data and will not be clickable:

Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

  • Clicking the tile will take you directly to the Health Measure in the Risk Investigation view, however, the Risk Investigation view will only show added and removed violation information. Any Health Measure, Technical Criterion or Rule where the number of Added and/or Removed violations is 0, will not be visible. A message will reflect this:

ISO-5055 Tile

The ISO-5055 extension is supported with full functionality. The ISO-5055 tile has been added to automatically display ISO-5055 data, with full drill down capability.

ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.

Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):

All industry standard tiles (ISO-5055, CISQ, OWASP and MIPS) will display non-critical violation counts by default: these tiles are not impacted by the critical violation switch.

Top Riskiest Transactions tile

A "Top Riskiest Transactions tile" is provided "out-of-the-box" for the Robustness Health Measure:

  • This tile provides a clickable "cloud" of transaction names - the larger and bolder the font used to display the transaction name, the higher the TRI value (TRI or Transaction Risk Index is an indicator of the risk for transactions) within the specified Health Measure (i.e. Robustness, Efficiency and Security for example).
  • Robustness is set as the default Health Measure but can be changed in the tile itself using the drop down arrow:

  • Clicking a transaction name in the tile will take you directly to the parent Health Measure in the Transaction Investigation view (this can also be accessed by clicking the  button available in the sidebar):

Top Riskiest Components tile

A "Top Riskiest Components tile" is provided "out-of-the-box" for the Security Health Measure:

  • This tile provides a clickable "cloud" of object names  - the larger and bolder the font used to display the name, the higher the Risk (previously known as PRI: Propagated Risk Index) value the object has within the specified Health Measure (i.e. Security or Efficiency for example). See this table for more information about how Risk is calculated.
  • Security is set as the default Health Measure but can be changed in the tile itself using the drop down arrow:

  • Clicking an object name in the tile will take you directly to the object in the Application Investigation view - for example clicking the execSQL object will show this (click to enlarge):

Health Measure weakness/strength tiles

Two tiles listing the Strength and Weakness of a given Health Measure listed by Technical Criteria are available out of the box:

Depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

  • These tiles provide:
    • Weaknesses: Items displayed are the Technical Criteria considered to have at least one critical violation. The Technical Criteria are sorted from worst (top) to least bad (bottom).
    • Strengths: Items displayed at the Technical Criteria that do not have any critical violations (this includes Technical Criteria that have no critical Rules or Technical Criteria that have critical rules with no violations).
  • By default, the Robustness Health Measure is displayed for both tiles, however, you can change to a different Health Measure using the drop down list in each tile:

  • Clicking a Technical Criterion in the tile will take you directly to the Technical Criterion in the Risk Investigation view:

Technologies Overview tile

A "Technologies Overview" tile is available for the TQI Health Measure out of the box:

  • The tile displays the number of Critical violations/Violations count for the application based on a specific Health Measure (by default the Total Quality Index measure is selected).
  • the total number of Violations or Critical Violations in the current Application per specific technology - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application for that specific technology (the display depends on whether only Critical Violations or ALL Violations are being displayed).
  • Clicking this tile will take you directly to the Risk investigation view with the corresponding technology highlighted in the technology drop down
  • Drill down click option is disabled if the tile displays "N/A" Violations/Critical Violations.

Top Modules with Violations or Critical Violations tile

One "Top Modules with Violations" tile is provided "out-of-the-box" for the TQI (Total Quality Index) Health Measure (this Health Measure can be changed by clicking the drop down arrow next to the Health Measure name):

  • This tile provides a listing of the modules sorted by the number of critical violations present in each module.
  • Tile can be resized to display more or less modules. Clicking a module in the tile will take you directly to the module in the Application Investigation view.
  • In the Application Investigation view, violated Rules are listed by their number of violations, with critical rules first (by default: ordered by number of violations):

Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly.

Action Plan tile

A default Action Plan tile is displayed showing, initially, the total number of objects that have been added to the Action Plan list since the last snapshot was generated. Clicking the tile will take you directly to the Action Plan).

  • This tile can be manually re-sized (drag and drop the corners or sides of the tile) to include more information about Pending and Solved items (see the Action Plan for more information about the Pending and Solved statistics):

Exclusions tile

A default Exclusions tile is displayed showing:

  • Active Exclusions > Shows the number of violations that have been added to the Exclusion list and a subsequent snapshot has been generated (therefore the violations are not part of the results of the current snapshot) - i.e. they are actively excluded.
  • Scheduled Exclusions > Shows the number violations that have been added to the Exclusion list and no snapshot has yet been generated (therefore the violations still form part of the results of the current snapshot). When a snapshot is generated, exclusions in this list will move to the Active Exclusions list.

Clicking the tile will take you to the relevant Exclusion page, see Engineering Dashboard - Exclusions for more information.

Default tile:

Small size:

Top Rules with increasing / decreasing violations tiles

One "Top Rules with increasing violations" tile and one "Top rules with decreasing violations" are provided "out-of-the-box" for the TQI (Total Quality Index) Health Measure:

These tiles display a list of Rules and a value as follows:

  • Top Rules with increasing violations: the value represents the difference (increase) in the number of violations for the Rule between the most recent and the previous snapshot. The higher the value, the larger the difference, i.e. those Rules listed at the top of the list have MORE violations since the previous snapshot.
  • Top Rules with decreasing violations: the value represents the difference (decrease) in the number of violations for the Rule between the most recent and the previous snapshot. The higher the value, the larger the difference, i.e. those Rules listed at the top of the list have LESS violations since the previous snapshot.

Violation count difference is displayed on the right of a rule and a red dot is added when the rule is critical. Rules are clickable and will take you direct to the Rule in the Risk Investigation view.

The default behavior in the dashboard is to display ONLY Critical Violations (see Data filtering on Critical Violations) - therefore the display in this tile will reflect this and only Critical Violations (with a red dot) will be displayed. If the default filter is disabled to show ALL violations, then the tile will display Critical and non-Critical Violations.

Continuous Improvement tile

A "Continuous Improvement" tile is available out of the box:

  • This tile shows the following information:
    • Removed Violations in the current snapshot
    • Added Violations in the current snapshot
  • No data is shown when a previous snapshot is activated.
  • Clicking the tile will take you direct to the Improvement tab, which is part of Continuous Improvement.

Architecture model violation tile

The Architecture Model tile (not available out of the box) displays all Architecture Models that have been assigned to the Application and checked during the snapshot. The tile displays the number of violations/critical violations (depending on the configuration of the criticalsRulesOnly parameter in the tile configuration) per Architecture Model. Clicking an Architecture Model rule will drill down and display the details of the selected rule in the Risk Investigation page.

In a snapshot, if there is no data for architecture rule then it is displayed as "n/a".

Architecture Rule will not be available for the previous snapshot.

The Architecture model violation tile is not added by default. This tile should be configured in the panel section of the profile. See: Architecture model violation tile.

Configuring the landing or home page

As explained previously the landing page or home page contains a set number of "default" tiles that are delivered "out of the box". Your dashboard Administrator may chose to configure additional tiles or custom locations for the default set of tiles  (see Engineering Dashboard tile management ) but you have a certain amount of freedom to set up the home page as you require:

  • All tiles (custom and default) can be moved by dragging and dropping to the new location.
  • Some tiles can be resized larger or smaller by dragging and dropping the bottom right hand corner of the tile. When tiles are configured (whether custom or default), they contain information that specifies their maximum and minimum size on the horizontal and vertical axes - i.e. you may find that certain tiles will not resize as you wish - this is by design.

Saving changes

Changes you make to the location or size of tiles is saved via a cookie, therefore the positions and sizes of tiles will be retained over successive sessions using the same browser. Using a different browser on the same workstation will not retain the changes to the tiles.

Resetting the home page

If you would like to reset the position and size of the tiles as they are provided to you "out of the box", you can use the Reset homepage option located in the top right hand corner:

Adding tiles as bookmarks/favorites

If you would like to monitor a specific Rule (perhaps a critical Rule with multiple violations) in your Application via a tile in the landing/home page you can do so by adding a "bookmark" or "favorite" tile which links to the item in question. To do so:

  • Navigate to the item you would like to monitor. In this example we have a chosen a critical Rule that has a high number of violations.
  • Ensure the item is selected, then click the star icon (highlighted below) to add the item as a bookmark or favorite on the landing/homepage:

  • A message will inform you that the tile has been added:

  • The tile will now be visible in the landing/home page. The number of violations will be displayed, whether the rule is critical and, where applicable, an evolution percentage will be displayed which represents how the number of violations for the Rule has evolved between the current and previous snapshots:

Tips:

  • It is only possible to create a bookmark/favorite for a Rule. Any other type of item (Business Criteria, Technical Criteria, Distribution and Measure) are excluded from this feature.
  • Bookmark/favorite tiles are easily recognisable in that they feature a star icon in their upper right corner.
  • These tiles can be resized and moved just like any other custom/default tile.
  • You can remove the tile by rolling your mouse over the star icon in the upper right corner of the tile - it will transform into a cross and remove the tile when clicked. A message will inform you that the tile has been removed.
  • Bookmark/favorite tiles are persistent between browser sessions, but are specific to the browser. In other words, bookmark/favorite tiles are only visible in the browser they were created in (provided the browser cache/cookies have not been emptied since the tile was created).

Changing tile colors

Each tile displayed in the landing or home page will be configured with a predefined colour as defined in the .JSON (see Engineering Dashboard tile management ). However, you can change this from your browser:

  • Click the cog icon in the top right hand corner of any tile and choose the colour you require.

  • The updated color of the tile is stored in the browser cache, therefore:
    • the tile chosen color will be retained until the cache is emptied.
    • the chosen color is specific to the browser, therefore other dashboard users will not see the new color
  • Resetting the homepage will reset the tile color to the default.

Changing the dashboard language display

By default, the Engineering Dashboard is delivered with language display set to English: all messages and text displayed in the dashboard is only displayed in English. However, it is possible to choose a specific language locale and provided that a translation of the default English text and messages has been configured (see Dashboard localization), the dashboard will then display text and messages in the chosen language. To do so, click the user menu drop down and select the the Change Language option:

A popup window will then enable you to select the required language - choose the language and click Change:

The dashboard will then reset and text items will be displayed in the chosen language. The example below shows that Chinese has been configured (see Dashboard localization):

Note that:

  • changes are browser specific and are stored in the cache. Therefore if the cache is emptied, the language will reset to the default. See Dashboard localization.
  • only those languages that are defined for use will be available in the drop down.

  • From version ≥ 2.8 onwards, reports can be generated in the following languages - German, Italian, Spanish, French, and Chinese. To ensure that reports are generated in one of these languages, ensure that the Dashboard is localized to the chosen language using the User > Change Language menu, then generate a report. Some of the items in the generated reports will then be in the chosen language.

Top menu bar

A description of each numbered item is provided below:

ItemNameDescription
1

Application selector

(drop-down arrow/list)

This option enables you to select the Application you wish to view. A drop down list box will be displayed enabling you to pick the Application you require. Note that only the Applications you are authorized to view will be available for selection.
2Snapshot descriptionDisplays information about the current snapshot data you are viewing: Name, Version, and Date.
3

Snapshot selector

(select a snapshot icon)

This option enables you to select a specific snapshot to investigate - if multiple snapshots are available for the current Application. This allows you to "go back in time" and investigate data from a previous snapshot. Note that not all data is available for previous snapshots.

All data that is displayed in the dashboard is taken from the most recent snapshot that has been generated for the selected Application. However, it is possible to view data from a previous snapshot if required by using the snapshot selector in the top menu.

Clicking this option will display a drop down menu where you can select the snapshot you require:

Click to enlarge

To view a previous snapshot, select it on the timeline and then click the Select Snapshot option:

Click to enlarge

The display will then update to show the data from the selected snapshot.

Note that when viewing data from a previous snapshot, some information/tiles are not available:

  • Action Plan / Exclusions - the Action Plan / Exclusions is available in the previous snapshot, however, the ability to change the action plan / exclusions (add/edit violations) is only available from the most recent snapshot.
  • Education / Continuous Improvement is not available
  • Application Investigation is not available (data not historized in database)
  • Source Code is not available
  • Some tiles refer to data that is not available in a previous snapshot. In this case, inactive tiles are still displayed using faded colours and contain a short text explaining the issue. The following tiles are not available:
    • Application Components
    • Top Modules with Critical Violations
    • Top Riskiest Components

Returning to current snapshot

To return to the current snapshot data use the snapshot selector button on the top menu bar to select the most recent snapshot:

4

Share data

(share your screen icon)

Clicking this icon will open a new email in your default email client, together with a link to the current location in the dashboard. You can therefore use option to share a link with colleagues. Example email shown below:

Hi, I want to share with you my Engineering Dashboard. You can access it by clicking this url :
http://server:8080/CAST-Engineering/engineering/index.html#ADG/applications/101/snapshots/2/business/60017/qualityInvestigation/60013.
Regards.
5Moving from ED to HD

This icon, 'go to HD' lets you move from Engineering Dashboard to Health Dashboard.

Click on the 'go to HD' icon. Following message is displayed.

Clicking on 'Leaving to HD' will take you to the Health dashboard application view.

Following message will be displayed if the application is not present in the Health Dashboard.

If the application is present in Health Dashboard but the selected snapshot is not consolidated in Health Dashboard, then the following message is displayed.

Navigating from the Engineering Dashboard to Health Dashboard works only when the Health and Engineering Dashboards are deployed using a combined WAR (Health-Engineering.WAR) file.

If you are using standalone WAR files, then the microscope drill down icon is disabled.

6

Data filtering

(only critical violations icon)

This icon activates/deactivates data filtering on Critical Violations.

By default, the Engineering Dashboard only shows information about Critical Violations, rather than showing data for ALL violations - this allows you to instantly see the most important flaws in the analyzed application:

When in the default position showing only information about Critical Violations, the icon is colored red as shown above. When in this position, the dashboard only shows information about Critical Violations and other non-Critical Violations are ignored. For example, the Risk Model tile will display data only about Critical Violations (as specified in the black circle):

Note that:

  • all tiles and views in the dashboard are impacted by the data filter and will update their display accordingly. Only the following components are unaffected:
    • Action Plan view
    • Top Riskiest Components tile
    • Top Riskiest Transactions tile

    • All industry standard tiles: ISO-5055, CISQ, OWASP and MIPS (count of non-critical violations is always shown)

  • if you use a fixed URL (for example a bookmark) to access data such as a violations of a non critical Rule, then a message will be displayed to inform you that the filter has been temporarily disabled:

  • if you reset the homepage (see Configuring the landing or home page for more information about this option.) then the filter will return to its default setting showing only Critical Violations.

Disabling filtering on Critical Violations

If you would prefer to view all data about ALL Violations (not just Critical Violations) in your application, you can disable the filter by clicking the filter icon on the top menu:

Once the filter is disabled, ALL data is now displayed. For example the Risk Model tile now displays data about ALL violations:


7Search

Activates a search field enabling you to search for names of items in the Assessment Model. See Engineering Dashboard - Search options for more information.

8User menu

Indicates the name of the current user that is logged in to the Engineering Dashboard. A drop down list box is also available:

This contains the following options:

  • Check for update -available only for users with the Admin role. It performs a check to see whether the current Dashboard is up-to-date or if a new release is available. A dialog box showing the current Dashboard version information, and whether a new version is available will be displayed:

  • User Configuration is available only in Dashboards ≥ 2.x and to users who have been assigned the ADMIN role. It provides access to the Roles and data authorization interface. See User roles - 2.x and above for more information:

Side menu bar

ItemNameDescription

HomeThis button will take you back to the initial "home" or landing page from wherever you are located in the Engineering Dashboard.

Risk Investigation viewThis option focuses on application risk level from the Assessment Model perspective - moving through Business Criteria, Technical Criteria, Rules/Measures/Distributions right down to the objects in violation.

Application Investigation view

This option focuses on the application's technical components (i.e. its objects) and provides violation details on those objects and their related dependencies.

Transaction Investigation viewThis option focuses on the application's transactions and provides violation details on the riskiest transactions and their related dependencies.

Advanced SearchThis is a feature that allows you to search for an object name based on a list of violations. Filters can be enabled to limit the search scope.

Education / Continuous ImprovementThis option provides access to the Education / Continuous Improvement features. By default, the focus will be on the Education feature.

Actions / Exclusions

This option provides access to the Actions / Exclusions features. By default, the focus will be on the Action Plan feature.

Report GenerationProvides access to the Report Generation feature.

Contextual help

This option provides basic help for various items in the Engineering Dashboard. To use it:

  • Click the button in the sidebar (1) - the button will transform into a cross inside a circle
  • Any contextual help that has been configured on the current page will be highlighted with a plus sign in a blue circle (2)


  • Click the plus sign in a blue circle to view the contextual help:

  • To exit the contextual help, first click the cross in the upper left corner of the contextual help explanation to close the explanation, then click the contextual help button in the sidebar menu.

What's newThis icon will take you to the What's new in the Engineering Dashboard page.