Page tree
Skip to end of metadata
Go to start of metadata

Page frame name:

FRAME_PORTAL_INVESTIGATION_VIEW

This view is designed to provide detailed information about Quality Rules, Distributions and Measures and the objects that violate these Quality Rules.

  • This view requires access to at least one Application.
  • When you refresh (F5) the page, any position you have selected will be lost. Use the "Capture permanent URL" option (see Using the CAST Engineering Dashboard) if you require a hard link to a specific object or violation.

Layout

Main window sections

Upper section

The upper section of the Investigation view shows:

  • Context selector - select Applications or their Modules (the entire page will refresh when a new context is selected):

  • Applications/Modules or Technology mode selector: or - will switch mode between displaying an Application/Module focus or a Technology Focus. Use the context selector in the upper left hand corner to select the item you require. For example, in Technology mode:

  • Business Criteria - Shows current grade of all Business Criteria, the grade variation in % (positive and negative are indicated) since the last snapshot and the name of the criterion
  • Technical Criteria/Quality Rules, Distributions and Measures - Shows current grade of item contributing to the selected parent item, the grade variation in % (positive and negative are indicated) since the last snapshot, the name of the item, contribution (weight) of the item and whether the criterion is Critical or not.

Contribution (weight)

The contribution value is designed to help instantly find the contribution with the highest impact on the selected item, taking into account the various aggregation mechanisms the AIP proposes. The method in use currently is as follows:

Weight of item in the parent quality indicator X share of applicable modules within the application taking into account optional module weight (the higher the value the more weight the contribution carries).

Values are therefore expressed as follows:

1 x 80%
5 x 100%

The contribution (weight) is determined by the Consolidation Mode that is used in the Assessment Model (see Defining Consolidation settings for more information):

Full Application mode

If the Consolidation Mode and the Module configuration are set to their defaults (Full Application mode and one Full Content module) you can expect values to be displayed as (weight)x100% at all levels (System/Application and Module and Technical Criteria/Quality Rule). This is because when the Full Application mode is used and one Full Content module exists, the scope of objects is determined by the Full Content module which represents 100% of the objects in the Application, therefore all items will have a contribution of 100% (and this is irrespective of any User Defined Modules that may exist alongside the Full Content module):

Other legacy modes based on averages of modules

If you are using legacy Consolidation Modes based on the averages of all modules, then you will get different values for the contribution. Take an example where the mode is set to Average of Modules, you have no Full Content module and you have defined 5 User Defined Modules:

The Contribution of 8 x 20% indicates that the quality rule "Avoid undocumented functions" has a weight of 8 in the parent "Documentation - Volume of comment" Technical Criterion and is applicable to 20% of the parent Application (applicable only to the "Webgoat interface" Module and not applicable to other four Webgoat Modules).

Changing the contributor

You can change the consolidation mechanism in the CAST Management Studio using the Assessment Model and changing the Consolidation Mode to something other than the default Full Application - a new snapshot needs to be generated in order for the changes to be reflected in the CAST Engineering Dashboard.

For example:

Available operations

  • CSV Export - All panels offer the ability to export the list of items to CSV file via the Export all button. Please see the section Export to CSV in Using the CAST Engineering Dashboard.
  • Action Plan interaction - the third panel (Quality Rules, Distributions and Measures) allows you to interact with the Improvement - Action Plan via the Action, Exclusion and Reset buttons.

The action/exclusion/reset options do not process one single violation at a time but all the violations of the selected Quality Rule, Distribution or Measures for the selected context.

Middle section

The middle panel of the Investigation view shows content that is dependent on the item selected in the right hand panel of the upper section:

Note that:

  • when a Quality Rule is selected (in the upper right Quality Rules, Distribution and Measures panel) that has a very large number of violations (typically many thousands) the middle panel may fail to load. This issue is a limitation of the CAST Engineering Dashboard - a limitation which is not present in the CAST Application Engineering Dashboard.
  • objects with the same name can occasionally appear twice in the Objects with Violation list. Typically this can occur when one object contains the source code of a procedure and the second identically named name object contains the declaration of the same procedure.

Quality Rule

  • a list of all the objects that violate the Quality Rule selected in the right hand panel of the upper section, including:
    • Object Status
    • Violation Status
    • And when applicable:
      • VI (Violation Index)
      • RPF (Risk Propagation Factor)
      • PRI (Propagated Risk Index)
  • Act./Excl column: an icon indicates whether an object is selected for action or exclusion (the above image shows both icons)
For more information about VI, RPF and PRI, including the formulas used to calculate them, please see Risk Indicators - Object Level.

Distribution

  • A list of the objects that match the Distribution criteria, including:
    • Object Status
    • And when applicable:
      • VI (Violation Index)
      • RPF (Risk Propagation Factor)
      • PRI (Propagated Risk Index)
  • Act./Excl column: an icon indicates whether an object is selected for action or exclusion (the above image shows both icons)
  • Category column: objects are placed into categories depending on the criteria of the Distribution. A coloured icon indicates which category the object has been placed in - usually Low (Green), Average, High and Very High (Red)
For more information about VI, RPF and PRI, including the formulas used to calculate them, please see Risk Indicators - Object Level.

Measure

  • Not displayed

Available operations

To process multiple violations at a time with the Action Plan, you can either use the SHIFT or CTRL keys to select the violations that interest you, or, if you want to select ALL the violations for a given Quality Rule, Distribution or Measure, use the Action, Exclusion and Reset buttons on the parent item.

Lower section - Details

The lower section of the view uses a tab system to display information about the items selected (Quality Rules/Distributions) in the upper and middle sections:

Computing Details

Quality Rule

A list of the assessed Modules with their grades, based on their level of compliance to the selected Quality Rule:

  • Module Name
  • Weight (Contribution)
  • Failed Checks > number of objects that have failed the current Quality Rule (i.e. violations). Note that the Failed Checks value is sometimes greater than the number of objects that are actually in violation as displayed below in Number of objects with violations or in the middle panel (Objects with Violation). This is due to the fact that some objects are shared between multiple components, and as such, one failed check is counted for each component, whereas the component is only recorded once in the middle panel (Objects with Violation).
  • Total Checks > total number of objects that were checked by the current Quality Rule.
  • Grade > Information about the Module's grade (displayed as a percentage and also as a 1-4 value)

The number of objects with violations is also displayed  for each assessed Module.

Distribution

A list of the assessed Modules with their grades, based on the distribution of their objects in the four Categories of the selected Distribution (each Category split share leads to an intermediate grade; resulting Quality Distribution grade is the minimal value).

  • Population > Category only - number of objects in the category
  • Weight (Contribution) > Module only
  • Grade > Information about the Module's grade (displayed as a 1-4 value) and grade of the category according to the object split (displayed as a percentage and also as a 1-4 value)

Measure

A list of the assessed Modules with their grades, based on their level of compliance to the selected Measure:

  • Module Name
  • Weight (Contribution) > Module only
  • Grade > Information about the Module's grade (displayed as a percentage and also as a 1-4 value)

Violation Details

This tab displays information about the selected item via the Violation Viewer.

Interactive table

Some panels in this page use an interactive table to display data. Interactive tables allow you to sort the data in a more comprehensive manner than simply in ascending/descending order. See the section Interactive tables in Using the CAST Engineering Dashboard.

Default content

When first opening the page:

  1. Business Criterion are listed by grade (ascending) and then by name (A-Z). The Business Criterion with the worst grade is selected first of all.
  2. Technical Criterion are listed by grade (ascending), by contribution weight (descending) and by Name (ascending). The Technical Criterion with the worst grade and contributing to the selected Business Criterion is selected
  3. Quality Rules/Distributions/Measures are listed by grade (ascending), by contribution weight (descending) and by Name (ascending). The Quality Rule/Distribution/Measure with the worst grade and contributing to the selected Technical Criterion is selected
  4. the Objects with Violations list shows the object with violations for the selected Quality Rule
  5. the Details section shows the Violation Viewer
  • No labels