Summary: This page provides instructions for configuring and using the Report Generation feature.
Introduction
The Report Generation feature allows you to generate reports on the fly direct from the CAST Engineering Dashboard interface. Various reports can be generated, however, some require some configuration before they will work.
Changing the language in reports
From ≥ 2.8, reports can be generated in the following languages:
- German
- Italian
- Spanish
- French
- Chinese
To ensure that reports are generated in one of these languages, ensure that the Dashboard is localized to the chosen language using the User > Change Language menu, then generate a report. Some of the items in the generated reports will then be in the chosen language:
Accessing the Report Generation feature
| From the Side Menu bar, click the following icon: |
|
Available report categories
Three types of report categories are available:
| Category | Release | Enabled by default? | CAST Report Generator for Dashboards required? | Additional configuration required? | Output format | Available reports |
|---|---|---|---|---|---|---|
| Standard Compliance Reports | ≥ 2.8 |  |  | |
| |
| 2.7 | | | |
| ||
| ≤ 2.6 | | | | Same format (Word/Excel/PowerPoint) as the associated CAST Report Generator templates. | ||
| Miscellaneous Reports | ≥ 2.8 | | | | Inline in the browser. Can be downloaded in Excel format. |
|
| ≤ 2.7 | | | | Inline in the browser. Can be downloaded in Excel format. |
| |
| Custom Reports | ≥ 2.7 | Not available. | ||||
| ≤ 2.6 | | | | Same format (Word/Excel/PowerPoint) as the associated CAST Report Generator templates. | This category enables you to define your own custom reports via CAST Report Generator templates. | |
Standard Compliance Reports
This category provides reports on various industry recognized standards such as:
- CWE
- OWASP
- C-CPP
- STIG (Security Technical Implementation Guide)
- PCI (Payment Card Industry)
- NIST (National Institute of Standards and Technology)
- ISO-5055
- CISQ (not available in ≥ 2.4)
In ≥ 2.11, chapter bookmarks have been added to the Standard Compliance PDF reports:
Configuration process
In versions ≥ 2.7
No additional configuration is required as all reports are generated by the Dashboard in PDF format.
- Templates (in .json format) are stored in the Dashboard installation files in the "config/reports" folder within the installed "data" location:
- It is possible to create your own template .json and declare this as a Standard Compliance report. See Custom Standard Compliance report generation.
In versions ≤ 2.6
The generation of the Standard Compliance Reports relies on the use of CAST Report Generator for Dashboards to produce the reports. See Report Generation configuration and CAST Report Generator - CAST Report Generator for Dashboards for more detailed instructions about the configuration process.
Generation process
Choose a report type from the Standard Compliance Reports category and click the Generate Report button:
| Version 2.8 |
|
Version ≤ 2.7 |
|
The resulting report file name will contain the:
- application name
- snapshot version
- report type
For example: MEUDON_NEW-Snapshot-2022-07-07T12-02-59-ISO-5055 Compliance Report.pdf (MEUDON is an Application name).
In versions ≥ 2.8
Below screen is displayed with an option to select the REPORT CATEGORY: Standard Compliance or Miscellaneous.
Reports can be sorted and searched using the options: REPORT TYPE ^ and Search.
Clicking the GENERATE button will display the below screen with the following message: Report generation started in new window (allowing you to continue using Engineering Dashboard while the report is being generated as explained in Behaviour in ≥ 2.7 releases):
In version 2.7
A new tab will be opened in your browser (allowing you to continue using Engineering Dashboard while the report is being generated):
The report will be generated in PDF format and auto downloaded to the default "downloads" folder used by your browser:
If the generation fails, a message is displayed:
In versions ≤ 2.6
The report will be generated and auto downloaded to the default "downloads" folder used by your browser. Reports are generated using the same format as the associated CAST Report Generator templates. A notification message is displayed when the report is generated:
If the report fails to generate, a notification is also displayed with the error message.
This example shows that CAST Report Generator for Dashboards has not been configured:
Miscellaneous Reports
This category provides reports that can easily show where the biggest changes in violations between snapshots have occurred.
In versions ≥ 2.8
- The options available for Miscellaneous Reports and their behaviour remain same for version 2.8 as in versions ≤ 2.7.
- In ≥ 2.9, when there are many violations, search button
helps to search for a specific violation (based on the object name location field).
In versions ≤ 2.7
These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration.
The formula used to define the value for Improvement Gap in the report Top rules with the highest improvement opportunities is as follows:
Improvement Gap = (Quality_rule_weight * technical_criteria_weight) * (4 - Grade)
Report options
The following options are available for Miscellaneous Reports:
| Category | Release | Details |
|---|---|---|
| Filter on Health Measure | Version 2.8 | REPORT TYPE can be sorted using the button "^". Search option helps to find a specific report type. For some reports it is possible to filter results on a specific Health Measure. By default, the TQI measure will be active, but it is possible to choose a different measure if necessary:
|
Versions ≤ 2.7 | For some reports it is possible to filter results on a specific Health Measure. By default, the TQI measure will be active, but it is possible to choose a different measure if necessary:
Note that not all reports can be filtered in this way. | |
| Download reports | Version 2.8 | Report results can be downloaded in Excel format:
|
Versions ≤ 2.7 | Report results can be downloaded in Excel format:
| |
| Critical flag | Version 2.8 | Indicates whether the related rule is critical or not:
|
Versions ≤ 2.7 | Indicates whether the related rule is critical or not:
| |
| All versions | Click to drill down to violation's source code (not available in all reports). |
| Click to drill down to the selected object and view it in the Application Investigation view. |
Custom Reports
In ≥ 2.7, the option to generate Custom Reports using CAST Report Generator for Dashboards has been removed.
This category enables you to define your own custom reports via CAST Report Generator templates. The category is disabled by default (i.e. it does not contain any report templates). The templates you want to use to generate a report must be present on the server hosting Apache Tomcat in the "Templates" sub folder of your CAST Report Generator for Dashboards deployment location.
Configuration process
See Report Generation configuration.
Generation process
Choose a custom report type from the Custom Reports category and click the Generate Report button:
