Created by James Hurrell, last modified on Oct 05, 2020

Summary: this page describes the new features and bugs that have been fixed in CAST Report Generator 1.16.x.

Content matrix

VersionSummary of content
1.16.0

Adaptation of Compliance Reports for the new "index" extensions.

Compatibility matrix

This release of Report Generator GUI and for Report Generator for Dashboards functions with the following:

CAST RestAPI≥ 1.12.xMandatory
MIPS Reduction Index≥ 20200518

These extensions are required for Compliance Report generation. Depending on what "standard" you are targeting in your Compliance Report, you can install a combination of extensions:

  • To generate Compliance Reports for MIPS standards, you MUST always install the MIPS Reduction Index extension.
  • To generate Compliance Reports for CISQ, OMG-ASCQM and OWASP standards, you can install either the CISQ, OMG-ASCQM and OWASP extensions or the Quality Standards Mapping extension. If both the CISQ, OMG-ASCQM and OWASP extensions and the Quality Standards Mapping extension are installed, data is automatically taken from the CISQ, OMG-ASCQM and OWASP extensions at all times.
If you are using CAST AIP Console ≥ 1.14.0, the Quality Standards Mapping extension is installed with all new source code versions, however, you should ensure that the correct release of the extensions is used.
CISQ Index≥ 20200518

OMG-ASCQM Index

≥ 20200518
OWASP Index≥ 20200518
Quality Standards Mapping extension≥ 20200220
.NET Core SDK3.1.x

Component documentation

1.16.0-funcrel

Resolved issues

No customer bugs reported for fix in this release.

Table component updates

The changes below have been made so that data can be taken from either the CISQ, OMG-ASCQM and OWASP extensions or the Quality Standards Mapping extension for Compliance Reports. If both the CISQ, OMG-ASCQM and OWASP extensions and the Quality Standards Mapping extension are installed, data is automatically taken from the CISQ, OMG-ASCQM and OWASP extensions at all times. There is no need to make any changes to the templates themselves.

QUALITY_STANDARDS_EVOLUTION

The table component listed below will now function with a Business Criterion Name, shortName or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0. Results will be searched for a Business Criterion by the Name, then by shortName, then by the ID, but if not found, it will search instead for a standard.

  • QUALITY_STANDARDS_EVOLUTION

If the option MORE=true is set with a Business Criterion shortName (for example CISQ), the direct Technical Criterion of CISQ will not be listed, but instead the Business Criterion associated to CISQ will be displayed (CISQ-Security, CISQ-Reliability, CISQ-Maintainability, CISQ-Performance-Efficiency) with their associated Technical Criterion. I.e. the list of Technical Criteria will be dispatched in the various Business Criteria instead of in a big list. This presentation will therefore be similar to the presentation provided when a "standard" is used in the Compliance Report.

QUALITY_TAGS_RULES_EVOLUTION

The table component listed below will now function with a Business Criterion Name or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0Results will be searched for a Business Criterion by the Name or ID, but if not found, it will search instead for a standard.

  • QUALITY_TAGS_RULES_EVOLUTION

RULES_LIST_STATISTICS_RATIO, LIST_RULES_VIOLATIONS_BOOKMARKS, LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE

The table components listed below will now accept a Name (for a Business Criterion) or shortName (for a Technical Criterion) in the METRICS parameter - see also Table components for Report Generator 1.16.0.

  • RULES_LIST_STATISTICS_RATIO
  • LIST_RULES_VIOLATIONS_BOOKMARKS
  • LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE

Template updates

See also Components documentation for Report Generator 1.16.0 for more information about template changes and requirements.

Updated templates

These Compliance Report templates have been updated to take data from CISQ, OMG-ASCQM and OWASP standards extensions if they are installed:

  • CISQ Detailed Report.docx

  • CISQ Full Detailed Report.xlsx

  • CISQ Security Compliance Report.docx

  • CISQ Security Detailed Report.docx

  • CISQ Security Full Detailed Report.xlsx

  • CWE (2011) Top 25 Full Detailed Report.xlsx
  • CWE (2019) Top 25 Full Detailed Report.xlsx
  • CWE Full Detailed Report.xlsx
  • OMG-ASCQM Compliance Report.docx
  • OMG-ASCQM Detailed Report.docx
  • OMG-ASCQM Full Detailed Report.xlsx
  • OMG-ASCQM Security Compliance Report.docx
  • OMG-ASCQM Security Detailed Report.docx
  • OMG-ASCQM Security Full Detailed Report.xlsx
  • OWASP-2013 Compliance Report.docx
  • OWASP-2013 Detailed Report.docx
  • OWASP-2013 Full Detailed Report.xlsx
  • OWASP-2017 Compliance Report.docx
  • OWASP-2017 Detailed Report.docx
  • OWASP-2017 Full Detailed Report.xlsx

New templates

All new templates require the MIPS Reduction Index extension v. ≥ 20200518, and CAST-RESTAPI ≥ 1.12.0.
  • MIPS Reduction Compliance Report.docx
  • MIPS Reduction Detailed Report.docx
  • MIPS Reduction  Full Detailed Report.xlsx