Created by James Hurrell, last modified on Apr 13, 2021


On this page:

Summary: this page describes the new features and bugs that have been fixed in CAST Dashboard Package 1.6.0.

Content matrix

VersionSummary of contentZIP for CAST AIPZIP for CAST AIP for Security
1.6.0
  • New combined CAST Engineering and CAST Security Dashboard WAR
  • CISQ tag configuration
  • Dashboard internationalization

  • Improved column display at Application > Module level

  • Ability to add CISQ/OWASP/CWE related tiles in conjunction with the Quality Standards Mapping extension (com.castsoftware.qualitystandards)


Based on wars from CAST AIP 8.3.4.

Can be used with:

  • 8.3.3 - 8.3.15

Based on wars from CAST AIP for Security 1.0.

Can be used with:

  • 1.0

Resolved issues

Internal IDCall IDSituationSymptoms
DASHBOARDS-13712902When using the CAST Health Dashboard with Chinese locale activated. Then attempting to change the currency value for the Technical Debt tile.The currency value defaults to $ all the time.
DASHBOARDS-91-When looking at the results of an analysis in the CAST Engineering Dashboard.Bookmark tiles do not show data for some rules.

New features

Combined CAST Engineering and CAST Security WAR file

This release includes a new WAR file (CAST-Security-Engineering.war) that is not available in CAST AIP nor in CAST AIP  for Security:

  • This WAR is designed for use with CAST AIP only.
  • Security access and authentication is common to both Dashboards. Therefore, if you setup Active Directory authentication, then this must be used to access both Dashboards - you cannot use "Static List" for one Dashboard and "Active Directory" for the other.
  • Role configuration is common to both Dashboards. Therefore "UserA" that has been granted the "admin" role, will have the "admin" role in both Dashboards.
  • Data authorization is common to both Dashboards. Therefore if you authorize "UserA" to view Application "B" only via the authorizations.xml file, then this is true for both Dashboards. Note that authorizations based only on Tags and Categories created for the Health Dashboard (Tags and Categories are a feature that is not available in the Engineering Dashboard) WILL be applied in the Engineering Dashboard when using the combined war file.
  • Group configuration is common to both Dashboards, regardless of the authentication mode in use. Therefore if you authorize "GroupD"  to view Application "E" only, then this is true for both Dashboards.
  • On login, the user will be presented with a choice of Dashboard as shown below in a "Welcome" page. Clicking Access will take the user to the custom login screen for the chosen Dashboard:


CAST Engineering Dashboard

DASHBOARDS-66 - CISQ tag configuration

It is now possible to configure a tag based filter so that you can easily find rules that are based on CISQ specifications. The filter is configured in the ced.json file and when added a drop down selector will appear in the "Rules" panel under Risk Investigation:

By default "All Tags" will be selected from the drop-down. You can select any of the options from drop-down if they are configured:

When there are no rules that match the selected filter tag, a message will be displayed "No Rules found when filtering on Tag".

To use the CISQ tags, you need to download/install the Quality Standards Mapping extension and then configure your dashboard:

Step 1 - Download and install the Quality Standards Mapping extension (com.castsoftware.qualitystandards)

Note: please note that Steps 3 and 4 in Install an extension are NOT relevant for the Quality Standards Mapping extension. Please skip them.

Step 2 - Add the configuration to your deployed Dashboard

The tags can be configured in the ced.json file by adding the following line in the "configuration" section - see ED - Dashboard wide configuration options in json for more information about how to do this:

"ruleTag":["CISQ-Reliability", "CISQ-Security", "CISQ-Maintainability", "CISQ-Performance-Efficiency", "CWE", "OWASP"],

For example:

  "configuration": {
    "defaultLanguage": "English",
    "description": "To configure new language for application, define customLanguages as [{'label': 'languageName', 'value': 'localeFolderName'}]",
    "customLanguages": [],
	"ruleTag":["CISQ-Reliability", "CISQ-Security", "CISQ-Maintainability", "CISQ-Performance-Efficiency", "CWE", "OWASP"],
    "requestAccess": false,
    "confirmLogout": true,
    "filterHealthFactor": true,
    "violationsCount" : 5000,
    "navigation": {
      "pages": [
      ]
    },

Note that you may need to empty your browser cache and refresh the page to see the All Tags filter drop down.

DASHBOARDS-90 - Technologies Overview tile

A new tile called "Technologies Overview" has been introduced into the CAST Engineering Dashboard. This tile was previously only available in the CAST Security Dashboard:

  • The tile displays the number of Critical violations/Violations count for the application based on a specific Health Measure (by default the Total Quality Index measure is selected).
  • the total number of Violations or Critical Violations in the current Application per specific technology - in other words, the total number of times a Rule or Critical Rule has been violated by an object in the Application for that specific technology (the display depends on whether only Critical Violations or ALL Violations are being displayed).
  • Clicking this tile will take you directly to the Risk investigation view with the corresponding technology highlighted in the technology drop down
  • Drill down click option is disabled if the tile displays "N/A" Violations/Critical Violations.

CAST Health Dashboard

DASHBOARDS-93 - Tile labels can now be translated

It is now possible to translate (into a chosen supported locale), all static tile labels defined in the following resource files:

  • CAST-Health\portal\resources\app.json
  • CAST-Health\portal\resources\cmp.json
  • CAST-Health\portal\resources\app-navigation.json

Previously it was only possible to translate the content of CAST-Health\portal\locales\<locale>\translation.json.

  • See HD-ED - Dashboard localization for more information about configuring a locale.
  • If you want to add new labels ( or example, adding new tiles at portfolio level or application level), you need to manually configure those newly added labels in the translation.json file.

SCRAIP-31770 - Column display at Application > Module level

The columns displayed when drilling down from Module Tree Map tile into the Module detail view have been updated to match columns displayed for other tile drill downs:

It is now also possible to force the "% Compliance" column to display "% Failed". See HD - Dashboard wide configuration options in json in the app-navigation.json section.

All Dashboards

SCRAIP-32181 - Ability to add CISQ/OWASP/CWE related tiles in conjunction with the Quality Standards Mapping extension (com.castsoftware.qualitystandards)

It is now possible to add CISQ/OWASP/CWE tiles that show the number of violations for rules tagged as follows:

  • CISQ-Security
  • CISQ-Maintainability
  • CISQ-Reliability
  • CISQ-Performance-Efficiency
  • OWASP
  • CWE

To do so, you need to download/install the Quality Standards Mapping extension and then configure your dashboard:

Step 1 - Download and install the Quality Standards Mapping extension (com.castsoftware.qualitystandards)

Note: please note that Steps 3 and 4 in Install an extension are NOT relevant for the Quality Standards Mapping extension. Please skip them.

Step 2 - Add the tile configuration to your deployed Dashboard

CAST Health Dashboard

You can add the tiles at either Portfolio or Application level (or both). Modify (using a text editor - Notepad or other similar application) the following files (depending on where you want to view the tiles) that are part of your deployed CAST Health Dashboard:

  • Portfolio level: CATALINA_HOME\webapps\CAST-Health\portal\resources\cmp.json
  • Application level: CATALINA_HOME\webapps\CAST-Health\portal\resources\app.json

Add the following plugin configuration to the file - this will create a tile called CISQ-Security that will display the number of violations of rules tagged as "CISQ-Security".

cmp.json

{
	"id": 213,
	"plugin": "QualityStandards",
	"color": "blue",
	"parameters": {
		"title": "CISQ-Security",
		"qualityStandards": {
			"id": "CISQ-Security",
			"format": "0,000",
			"description": "Violations"
		}
	}
},

app.json

{
	"id": 1030001,
	"plugin": "QualityStandards",
	"color": "blue",
	"parameters": {
		"title": "CISQ-Security",
		"qualityStandards": {
			"id": "CISQ-Security",
			"format": "0,000",
			"description": "Violations"
		}
	}
},

You can use the following tags in the "title" and "id" parameters:

  • CISQ-Security
  • CISQ-Maintainability
  • CISQ-Reliability
  • CISQ-Performance-Efficiency
  • OWASP
  • CWE

Ensure that you save the files on completion.

CAST Engineering and Security Dashboards

Modify (using a text editor - Notepad or other similar application) the following file that are part of your deployed dashboard:

  • CAST Engineering Dashboard: CATALINA_HOME\webapps\CAST-Engineering\engineering\resources\ced.json
  • CAST Security Dashboard: CATALINA_HOME\webapps\CAST-Security\security\resources\ced.json

Add the following plugin configuration to the file - this will create a tile called CISQ-Security that will display the number of violations of rules tagged as "CISQ-Security".

{
	"id": 213,
	"plugin": "QualityStandards",
	"color": "blue",
	"parameters": {
		"title": "CISQ-Security",
		"qualityStandards": {
			"id": "CISQ-Security",
			"format": "0,000",
			"description": "Violations"
		}
	}
},

You can use the following tags in the "title" and "id" parameters:

  • CISQ-Security
  • CISQ-Maintainability
  • CISQ-Reliability
  • CISQ-Performance-Efficiency
  • OWASP
  • CWE

Ensure that you save the files on completion.

Step 3 - View the results

To view the new tiles, refresh your browser. If you do not see the tiles, you may need to empty your browser cache. The tiles will be displayed as follows (example for the CISQ-Reliability tag in the CAST Health Dashboard):

Clicking the tile will drill down as follows:

Application level (click to enlarge):

Portfolio level (click to enlarge):