Page tree
Skip to end of metadata
Go to start of metadata
  • The Constraint column shows whether the component will retrieve data for an "engineering" (AED) or "analytics" domain (AAD), and whether an extension needs to be installed in order to generate results (and if we need a specific version or RestAPI). The CAST-RestAPI version indicated is the minimal version of the RESTAPI needed by this component.
  • Due to backward compatibility, some components can have two different IDs, but the result will be the same.
  • The Mode column shows whether the component is targeted at an Application or a Portfolio or an Application - the relevant option should be chosen in Report Generator (see image below). CAST recommends always selecting an Application when the target domain is "engineering" and when using Application mode, as it will avoid empty results (this is because in an "analytics" domain, violations and components does not exist for an application).


Component IdDescriptionModeConstraintsParametersConfiguration sampleOutputResult sample
ACTION_PLANSDisplay the action plan summaryApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for word document. The results would not be readable on powerpoint or excel.

CAST-RestAPI 1.8.0

NoneTABLE;ACTION_PLANSDisplay the number of new and old items in action plans by rules

ACTION_PLAN_BOOKMARKS



Display the action plan details with the bookmark's codeApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for excel document. The results would not be readable on powerpoint or word.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL
  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)

To see added violations in action plan :
TABLE;ACTION_PLAN_BOOKMARKS;COUNT=ALL,FILTER=ADDED


To see all violations in action plan:
TABLE;ACTION_PLAN_BOOKMARKS;COUNT=ALL

List the violations in action plan with code bookmarks

ACTION_PLAN_BOOKMARKS_TABLE



Display the action plan details with the bookmark's start and end line numberApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL
  • HEADER=YES|NO to display or not the headers
  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)
To see the list of violations with their bookmark's positions:
TABLE;ACTION_PLAN_BOOKMARKS_TABLE;COUNT=ALL
List the violations in action plan with bookmarks' positions

ACTION_PLAN_VIOLATIONS



Display the action plan detailsApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  •  NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL

Option added in  1.19.0 :

  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)
TABLE;ACTION_PLAN_VIOLATIONS;
COUNT=10,NAME=SHORT
List the violations in action plan

AEFP_LIST



Display the list of AEFP


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • TYPE = type of the function to display, DF for data function, TF for transactions, by default both are listed
  • STATUS = status of the function to display, ADDED, MODIFIED or DELETED, all statuses by default
  • COUNT = the number of lines to display, 10 by default (-1 for all functions)

New option added in 1.19.0 :

  • PREVIOUS=YES|NO to display the AEP value for previous snapshot (no by default)

List all the modified data function :

TABLE;AEFP_LIST;TYPE=DF,STATUS=MODIFIED,COUNT=-1

List the top 10 functions (data functions and transactional, added, modified and deleted)

TABLE;AEFP_LIST


List the modified transactions withe their previous value of AEP:
TABLE;AEFP_LIST;TYPE=TF,STATUS=MODIFIED,COUNT=-1,PREVIOUS=YES


List the added, modified, deleted data functions and transactions

AETP_LIST

UPDATED IN 1.21.0

Display the list of AETP


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • COUNT = the number of lines to display, 10 by default (-1 for all functions)

New option added in 1.21.0 :

  • FORMAT: The number of decimals for effort complexity, ratio and AETP count (N2 for 2 decimals, N5 for 5 decimals), by default N2.

List all the technical AEP :
TABLE;AETP_LIST;COUNT=-1

List the top 10 technical AEP :
TABLE;AETP_LIST

List all the AETP with 5 decimals :
TABLE;AETP_LIST;COUNT=-1,FORMAT=N5

List the objects with technical AEP

CAST_COMPLEXITYCast ComplexityApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

NoneTABLE;CAST_COMPLEXITYEvolution of the distribution of objects regarding cast complexity

CAST_COMPLEXITY_WITH_VIOLComplexity with violations: Statistics about Artifacts – CAST Complexity & ViolationsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;CAST_COMPLEXITY_WITH_VIOLNumber of artifacts and artifacts with violations by cast complexity distribution

CAST_DISTRIBUTION



Evolution of a specific distribution of objectsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • PAR=ID where ID is the distribution ID

List of distributions :

  • 65105 : Size Distribution
  • 65350 : Coupling distribution
  • 65501 : Cyclomatic complexity distribution
  • 65601 : 4GL complexity distribution
  • 65701 : OO complexity distribution
  • 65801 : SQL complexity distribution
  • 66010 : Reuse by call distribution
  • 66015 : Class complexity distribution (WMC)
  • 66020 : Class Fan-Out distribution
  • 66021 : Class Fan-In distribution
  • 67001 : Cost complexity distribution
  • 67020 : distribution of violations to critical diagnostic-based metrics per cost complexity
  • 67030 : distribution of defects to critical diagnostic-based metrics per cost complexity

New parameters :

  • MODULES=Y or N to display the results by modules
  • TECHNOLOGIES=Y or N to display the results by technologies

Display the results for the application :
TABLE;CAST_DISTRIBUTION;PAR=65501

Display the results by modules:
TABLE;CAST_DISTRIBUTION;PAR=65501,MODULES=Y

Display the results by technologies:
TABLE;CAST_DISTRIBUTION;PAR=65501,TECHNOLOGIES=Y

Display the results by modules and technologies:
TABLE;CAST_DISTRIBUTION;PAR=65501,MODULES=Y,TECHNOLOGIES=Y

Evolution of the distribution of objects regarding specified distribution

CAST_HIGH_COMPLEXITYEvolution of high and very high categories of cast complexityApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

NoneTABLE;CAST_HIGH_COMPLEXITYEvolution of high and very high complex objects regarding cast complexity

CAST_HIGH_DISTRIBUTIONEvolution of high and very high categories of a specific distributionApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • PAR=ID where ID is the distribution ID

cf CAST_DISTRIBUTION for list of distribution

TABLE;CAST_HIGH_DISTRIBUTIONEvolution of high and very high complex objects regarding the specified distribution

COMPLIANCECompliance grades and evolutionApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;COMPLIANCE;HEADER=SHORTScore of compliance BC for previous and current snapshot with % variation

COMPLIANCE_TO_OBJ_TABLE

Compliance to objectives.  This component is based on:

  • Objectives – list of critical rules
  • Achievement : if there is 0 violation for a critical rule
  • Achievement ratio: # critical rules with 0 viol. / # critical rules
ApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;COMPLIANCE_TO_OBJ_TABLEComparison between objectives and achievment

CRITERIA_GRADEFor a business criteria, List of technical criteria with gradeApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicates the business criterion Id
  • COUNT= number of results, if omitted, all results are returned
TABLE;CRITERIA_GRADE;PAR=60017,COUNT=10Top technical criteria with scores and evolution for the specified BC

CRITICAL_VIOL_BY_APPLICATIONCritical violations in the application by health factors for current and previous snapshotsApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (by default HEADER=SHORT)
  • SHOW_PREVIOUS=1 (by default SHOW_PREVIOUS=0)
TABLE;CRITICAL_VIOL_BY_APPLICATIONHealth Factors number of total critical violations, added and removed

CRITICAL_VIOL_BY_MODULECritical violations in the modules by health factors for current snapshotApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;CRITICAL_VIOL_BY_MODULEHealth Factors number of total critical violations, added and removed for modules

DELTA_COMPONENTS_LIST_BY_STATUS

List of added, deleted or updated components in application, module or technology


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • STATUS = status of the components to display, “added”, “deleted” or “updated”, “added” by default
  • COUNT = the number of lines to display, 10 by default (-1 for all components)
  • MODULE = <module_name> if you want to filter components by module
  • TECHNOLOGY = <technology_name> if you want to filter components by technology
  • COMPLEXITY = to choose between “low”, “moderate”,”high” or “very high” if you want to filter by complexity (all by default)
  • CURRENT = first snapshot name for the comparison if different from the current selected snapshot
  • PREVIOUS = second snapshot name for the comparison if different from the previous selected snapshot

By default (without options), the list displayed the top ten added components for the application, between current and previous snapshots.
If module and technology are set in the same time, they will not be taken into account and list will be displayed for entire application

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS
No options => list top 10 added artifacts for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,COUNT=-1
List all updated artifacts for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=deleted,COMPLEXITY=very high
List top 10 deleted artifacts with very high complexity for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,MODULE=MyModule
List top 10 updated artifacts for module MyModule between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,TECHNOLOGY=.NET
List top 10 updated artifacts for technology .NET between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;CURRENT=S2,PREVIOUS=S1
List top 10 added artifacts between snapshot S1 and snapshot S2

List of components with Object name, Complexity, SQL complexity, granularity, Lack of comments, coupling, number of object updates and object full name

screenshot-1.png

FUNCTIONAL_WEIGHTFunctional weight informationApplicationCAST-RestAPI 1.8.0NoneTABLE;FUNCTIONAL_WEIGHTValues of Automated Function points (10202), Decision Points (10506) and Backfired Function Points (10201) metrics for application

FUNCTIONAL_WEIGHT_EVOLUTIONFunctional weight evolution informationApplicationCAST-RestAPI 1.8.0NoneTABLE;FUNCTIONAL_WEIGHT_EVOLUTIONValues of previous metrics (Automated Function points (10202), Decision Points (10506) and Backfired Function Points (10201) ) for current and previous snapshots with variation

GENERIC_TABLE



A Generic table component is built based on a table structure. The idea is to fill data into the table to populate it automatically


Application

The selection of metrics by standard quality tag name should only be used for an application where the extension “Quality Standards Support” is installed. If not, no metrics will be selected and graph will be empty

CAST-RestAPI 1.8.0

Quality Standards Mapping extension

COL1=A,COL11=B,ROW1=C,ROW11=D,A=a,B=b,C=c|d,D=e|f|g

where A,B,C and D are axis

and a, b, c, d, e, f, g is one or multiple tags of the axis

See more information in section about Generic components (Generic components in Report Generator 1.21)

TABLE;GENERIC_TABLE;
COL1=METRICS,ROW1=CRITICAL_VIOLATIONS,
METRICS=HEALTH_FACTOR,
CRITICAL_VIOLATIONS =ALL,
SNAPSHOTS=CURRENT

Depends on the selection.

See more information in section about Generic Components (Generic components in Report Generator 1.21)

HEALTH_FACTORHealth factors scores and evolution between previous and current snapshotsApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long
  • SHOW_EVOL=1 (displays a row indicating evolution as absolute values (delta), by default this row IS NOT displayed)
  • SHOW_EVOL_PERCENT=0 (displays a row indicating evolution as relative values (percent), by default this row IS displayed)
TABLE;HEALTH_FACTOR;HEADER=SHORTCurrent and previous health factors scores with evolution

HF_BY_MODULEHealth factors scores and evolution between previous and current snapshots for modulesApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;HF_BY_MODULE;HEADER=SHORTCurrent and previous health factors scores by modules with evolution

ID_NAME_INDICATOR_MAPPINGProvides numbers to use for ID values (for BC and distribution)ApplicationCAST-RestAPI 1.8.0NoneTABLE;ID_NAME_INDICATOR_MAPPINGList of BC and distributions ids

IFPUG_FUNCTIONS



List of IFPUG functionsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N where N indicate the number of the top N (default value is all rows)
  • TYPE=T where T is ‘TF’ for transactional functions, or ‘DF’ for data functions. If TYPE is not present (default), both types will be displayed

New options added in 1.19.0 :

  • PREVIOUS=YES|NO to display the AFP value for previous snapshot (no by default)
  • ZERO=YES|NO to display the functions that have 0 AFP (yes by default)

TABLE;IFPUG_FUNCTIONS;COUNT=5


For displaying the previous version of AFP for data functions when you give the previous snapshot to RG:
TABLE;IFPUG_FUNCTIONS;TYPE=DF,PREVIOUS=YES


To not display transactions with 0 FP :
TABLE;IFPUG_FUNCTIONS;TYPE=TF,ZERO=NO

List of IFPUG functions with FP details, module name and technology

LIST_OF_ALL_VERSIONSList all version of applicationApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N (no limit by default: all versions will be shown)
TABLE;LIST_OF_ALL_VERSIONSList all version of application with name and functional date

LIST_TAGS_DOC_BYCAT



List the quality tags applicability by quality standard categoryApplication

CAST-RestAPI 1.12.0

Quality Standards Mapping Extension 20190909

  • CAT = Id of the standard quality category, for example, STIG-V4R8-CAT1, or a list separated by ‘|’

TABLE;LIST_TAGS_DOC_BYCAT;CAT=STIG-V4R8-CAT1
List all the tags from the category STIG-V4R8-CAT1 with definition and applicability


TABLE;LIST_TAGS_DOC_BYCAT;CAT=STIG-V4R8-CAT1|STIG-V4R8-CAT2|STIG-V4R8-CAT3

List all the tags for each category STIG-V4R8-CAT1, STIG-V4R8-CAT2 and STIG-V4R8-CAT3 with definitions and applicability

List all the tags from category with definition and applicability

LOC_BY_MODULEList of modules with number of code linesApplicationCAST-RestAPI 1.8.0
  • FORMAT=LOC|KLOC, by default or if omitted, format is LOC
TABLE;LOC_BY_MODULEList of all modules with their number of code lines

METRIC_TOP_ARTEFACTList of artefacts with violations to business criteriaApplication

This component is only relevant on an engineering database. It is empty on an analytics database

CAST-RestAPI 1.8.0

  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the ID of the business criterion. PAR also supports several business criteria. Multiple business criteria are indicated as a list of BCID separated by “|”, for instance PAR=60011|60012
  • IDX=i where i indicates the index of the specific rule wanted, for instance i=0 1st rule, i=1 2nd rule, i=3 3rd rule…
TABLE;METRIC_TOP_ARTEFACT;
COUNT=10,PAR=60016,IDX=0
List of objets in violation for the idx-ème rule of the specified BC

MODULE_LISTList of modules in applicationApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;MODULE_LISTList of all modules names

PF_IGNORED_APPLICATIONSProvides list of application ignored during computation.PortfolioCAST-RestAPI 1.8.0NoneTABLE;PF_IGNORED_APPLICATIONSIf not empty, investigation should be done to find corruption

PF_IGNORED_SNAPSHOTSProvides list of snapshots ignored during computation.PortfolioCAST-RestAPI 1.8.0NoneTABLE;PF_IGNORED_SNAPSHOTSIf not empty, investigation should be done to find corruption

PF_GENERIC_TABLE



A Generic table component is built based on a table structure. The idea is to fill data into the table to populate it automaticallyPortfolio

CAST-RestAPI 1.8.0


COL1=A,COL11=B,ROW1=C,ROW11=D,A=a,B=b,C=c|d,D=e|f|g

  • where A,B,C and D are one of the axis above
  • and a, b, c, d, e, f, g is one or multiple tags of the axis
  • AGGREGATORS

See more information in section about Generic components (Generic components in Report Generator 1.21)

TABLE;PF_GENERIC_TABLE;
ROW1=APPLICATIONS, COL1=CRITICAL_VIOLATIONS,
CRITICAL_VIOLATIONS =ALL,APPLICATIONS=EACH

Depends on the selection.

See more information in section about Generic Components (Generic components in Report Generator 1.21)

PF_BC_RELEASE_PERFORMANCESLA viewPortfolioCAST-RestAPI 1.8.0
  • BF=T1 T2 T3 T4 T5 T6 T7 T8 where Tx is a target to fix regarding each line
  • SLA=X Y where X is corresponding to the 2% and Y is corresponding to the 5% in the formula below

SLA Assessment thresholds :

  • Good if % difference between Target and Actual is less than 2%
  • Acceptable if & difference between Target and Actual is between 2% and 5%
  • Poor if % difference between Target and Actual is greater than 5%

Actual score : average score using latest snapshot data (even if snapshot date is before current quarter

Target score: score to reach, to be configured as an option of the component

Score from previous quarter: average score using snapshot from previous quarter. If last snapshot date is old and previous current quarter, last snapshot date will be used also for previous quarter calculation

TABLE;PF_BC_RELEASE_PERFORMANCE;
BF=2.90 2.90 2.90 2.90 2.90 2.90 2.90 2.90,
SLA=2 5
SLA view for Business Criterion : previous score, target score, current score and SLA

PF_TABLE_RELEASE_PERFORMANCE



Generic SLA viewPortfolioCAST-RestAPI 1.8.0
  • ID=ID1|ID2|ID3… where Idx is the metric id of the quality indicator (BC, TC or QR) to assess

  • TARGETS=T1|T2|T3… where Tx is a target to fix regarding each line, if only one target, it will be used for all metrics

  • SLA : 2 values a|b corresponding to SLA Assessment thresholds :

    • Good if % difference between Target and Actual is less than a%
    • Acceptable if & difference between Target and Actual is between a% and b%
    • Poor if % difference between Target and Actual is greater than b%

Actual score : average score using latest snapshot data (even if snapshot date is before current quarter

Target score: score to reach, to be configured as an option of the component

Score from previous quarter: average score using snapshot from previous quarter. If last snapshot date is old and previous current quarter, last snapshot date will be used also for previous quarter calculation

SLA Assessmennt for TQI, Efficiency - Expensive Calls in Loops and Avoid Classes with a very low comment/code ratio (7780) with the same target :
TABLE;PF_TABLE_RELEASE_PERFORMANCE;ID=60017|66068|7780,TARGETS=3.00,SLA=2|5


SLA Assessmennt for TQI, Efficiency - Expensive Calls in Loops and Avoid Classes with a very low comment/code ratio (7780) with each one its own target :
TABLE;PF_TABLE_RELEASE_PERFORMANCE;ID=60017|66068|7780,TARGETS=2.90|3.00|3.50,SLA=2|5

SLA view for chosen metrics (BC, TC or QR) : previous score, target score, current score and SLA

PF_TOP_RISKIEST_APPSTop riskiest applications regarding specific health factorPortfolioCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
  • ALT=N (where N is an health factor id - eg. 60017)
TABLE;PF_TOP_RISKIEST_APPS;
COUNT=5,ALT=60017
List of applications with number of critical violations, BC score and last snapshot date

QUALITY_RULE_VIOLATIONSList of violations for a quality ruleApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • BCID= The Id of the business criterion. If this id correspond to efficiency (60014), robustness (60013), or security (60016), the propagatedRiskIndex is displayed. By default, BCID = 60013
  • ID= The Id of the quality rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
  • COUNT=N where N indicates the top N number ; default value = 10
  • NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • SNAPSHOT=CURRENT|PREVIOUS to select from which snapshot we take results; default is Current

If there is no previous snapshot, column Status is not displayed

TABLE;QUALITY_RULE_VIOLATIONS;
BCID=60013,ID=7788,COUNT=10
List of objects in violation for the rule with their PRI and status

QUALITY_RULE_VIOLATIONS_BOOKMARKS


List of violations for a rule with associated bookmarks


Updated in 1.11.0 : when there is an associated value of integer type, this value is also displayed

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component exists only for word document. The results would not be readable on powerpoint.

CAST-RestAPI 1.8.0

  • ID= The Id of the quality rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks from a violation are displayed.

If there is no previous snapshot, status is not displayed

Option added in 1.18.0 :

  • DESC=no|simple|full to display or not the description of the rule. No to not display, simple for only rationale, description and remediation; full for all description fields (rationale, description, remediation, reference, sample, remediation sample, output, associated value, total). No description by default for this component.
TABLE;QUALITY_RULE_VIOLATIONS_BOOKMARKS;
ID=7788,COUNT=5

List of violations with object name, type, status, file path and bookmark

QUALITY_STANDARDS_EVOLUTION



Evolution of category or tag for a quality standard

Updated in 1.13.0 : option added for not displaying added and removed columns, if there is no previous snapshot added and removed columns are not displayed except if EVOLUTION option is set to true

Application

To use this component, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624

CAST-RestAPI 1.11.0

  • STD= Name of the parent quality standard you want the details, for example, CWE-2011-Top25 will list total, added and removed violations for standards CWE-22, CWE-78, CWE-79, CWE-89, CWE-134, CWE-327, CWE-434 and CWE-798.
    From 1.16.0 it can also take the name, shortName or ID of a Business Criterion
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations

Option added in 1.11.0

  • MORE=true : add this one if you have specified a category in STD and want the evolution of the tags associated to this category (not specified by default). This option is valuable only when STD is a category (for example category = STIG-V4R8, tag = STIG-V4R8-CAT1). For a tag, there is no more data and the display is worse (for example tag = OWASP-2017 for which category=OWASP).

Options added in 1.13.0

  • EVOLUTION=true|false to display added and removed violations columns. By default or if not exists, is true if there is a previous snapshot.
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;QUALITY_STANDARDS_EVOLUTION;STD=CWE-2011-Top25
will list the tags associated with category CWE-2011-Top25 with total, added and removed number of violations


TABLE;QUALITY_STANDARDS_EVOLUTION;STD=STIG-V4R8,MORE=true
will list the categories and their associated tags with total, added and removed number of violations

List the sub standards with total, added and removed violations (row is highlighted if total or added violations are more than 0)

QUALITY_TAGS_RULES_EVOLUTION



Evolution of CAST rules associated to a quality standard categoryApplication

To use this component, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624

CAST-RestAPI 1.11.0

  • STD= Name of the quality standard category for which you want the details per tag, for example, STIG-V4R8-CAT1 will list total, added and removed violations for cast rules associated to all tags belonged to category STIG-V4R8-CAT1.
    From 1.16.0, the STD can also be a BC name or a BC id. This is to support the new way to calculate standard as BC with new index extensions.
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations

Options added in 1.13.0:

  • DESC=true|false. For display rationale, description and remediation of the rule. By default if not present, it is false
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;QUALITY_TAGS_RULES_EVOLUTION;STD=CISQ-Security
will list each quality standard tag associated to the quality standard category CISQ-Security (with its number of total, added and removed violations), and for each tag, the list of associated CAST rules with numbers of total, added and removed violations


List the tags and their CAST rules with numbers of total, added and removed violations

REMOVED_VIOLATIONS_LIST



List of removed violations by Business Criterion


Updated in 1.11.0 with a filter on criticity

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.11.0

  • BCID = name of the BCID to get the rule’s compounded weight and to filter results (60017 by default)
  • COUNT = the number of lines to display, 50 by default (-1 for all removed violations)
  • CRITICITY = c for only critical violations, nc for only non critical violations, all for critical and non critical violations (all by default if not configured)

TABLE;REMOVED_VIOLATIONS_LIST;BCID=60017,COUNT=10

All deleted critical violations for Robustness :
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60013,COUNT=-1,CRITICITY=c

50 first non critical violations deleted for TQI :
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60017,COUNT=50,CRITICITY=nc

50 deleted violations for BC Changeability (critical and non critical)
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60012,COUNT=50,CRITICITY=all

List the violations that have been deleted, either fixed or disappeared (because of exclusion or deletion of object) with rule name, object name, compounded weight of the rule, and action and exclusion status.

RULE_IMPROVEMENT_OPPORTUNITY



For a Business Criterion, list of rules sorted by highest improvement opportunityApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicate the Business Criterion Id
  • CRITICAL=Y|N - add this option to add a column displaying whether the rule is flagged as critical or not
  • COUNT=N where N is the number of the top N
  • C=N where N represents the order of the result :
    • C=0 or nothing indicates a descending Improvement gap order
    • C=1 indicates a descending Improvement variation order
    • C=2 indicates a descending Degradation variation order

Formula is: (quality rule weight x technical criterion weight) * (4 – quality rule grade)

TABLE;RULE_IMPROVEMENT_OPPORTUNITY;PAR=60017,
COUNT=10

List of rules wit violations and scores evolutions

Criticity is added in 1.13.0 (Y for critical, N for non critical)

RULE_NAME_DESCRIPTIONRule name details and violations countApplicationCAST-RestAPI 1.8.0
  • RULID=N where N indicates the rule Id
TABLE;RULE_NAME_DESCRIPTION;RULID=4670Descriptions of the rule with count of violations in current snapshot

RULE_NAME_DESCRIPTION_TOPCRITVIOL

or METRIC_NAME_DESCRIPTION

Rule Name Details & Violation Count For Top Critical Violations RulesApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the ID of the business criterion. PAR also supports several business criteria. Multiple business criteria are indicated as a list of BCID separated by “|”, for instance PAR=60011|60012
  • IDX=i where i indicates the index of the specific rule wanted, for instance i=0 1st rule, i=1 2nd rule, i=3 3rd rule…
TABLE;RULE_NAME_DESCRIPTION_TOPCRITVIOL;
COUNT=3,PAR=60016
Descriptions of the top rules for a BC with count of violations in current snapshot

RULES_LIST


List of rules for list of criterionApplicationCAST-RestAPI 1.8.0
  • PAR=N[|N]* where each submitted N indicate a business criterion ID
TABLE;RULES_LIST;PAR=60014|60013|60012|60011|60016,
COUNT=7
List of rules with their compounded weight, criticity, score, technical criteria, number of violations, and total checks

RULES_LIST_LARGEST_VARIATIONList of rules with largest variationApplicationCAST-RestAPI 1.8.0
  • BCID = name of the BCID to get the rule’s compounded weight (60017 by default)
  • VARIATION = increase or decrease (decrease by default)
  • DATA = number or percent (number by default)
  • COUNT = the number of lines to display, 50 by default (-1 for all rules)

The formula are taken from the ones from CED :

  • Decrease number : previous failed checks - current failed checks
  • Decrease percent : current failed checks / current total checks - previous failed checks / previous total checks , display in percentage (*100)
  • Increase number : current failed checks - previous failed checks
  • Increase percent : previous failed checks / previous total checks - current failed checks / current total checks , display in percentage (*100)

TABLE;RULES_LIST_LARGEST_VARIATION;BCID=60017,

VARIATION=decrease,DATA=number,COUNT=50

List of rules with compounded weight and number of violations variation

RULES_LIST_STATISTICS_RATIO



List of violations statistics by BC, TC or Standard Quality Tag


Updated in 1.11.0 : option added for not displaying added and removed columns

Updated in 1.13.0 : if there is no previous snapshot added and removed columns are not displayed except if EVOLUTION option is set to true

Updated in 1.16.0 : METRICS parameter updated

Application

To use the quality standard tags selection, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’.
    From 1.16.0 It can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COMPLIANCE=true : add this option if you want to display the compliance score column ; by default this column is not displayed.
  • SORTED=COMPLIANCE : add this option if you want to sort the data by compliance score, from worse to better ; by default the sort of data is from the max number of total violations to the min.
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations
  • EVOLUTION=true|false to display added and removed violations columns. By default or if not exists, is true if there is a previous snapshot

Options added in 1.13.0:

  • DESC=true|false. For display rationale, description and remediation of the rule. By default if not present, it is false
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=CISQ-Security,COMPLIANCE=true,LBL=violations


List the rules associated to quality tag A7-2017, without added and removed columns :
TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=A7-2017,EVOLUTION=false


List of critical rules from Robustness with description of the rules :
TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=60013,CRITICAL=true,DESC=true


List of selected rules with total, added and removed violations, and optionnally the compliance ratio



LIST_RULES_VIOLATIONS_BOOKMARKS



List of violations for a list of rules with bookmarks


Updated in 1.11.0 : when there is an associated value of integer type, this value is also displayed


Updated in 1.16.0 : METRICS parameter updated

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component exists only for word document. The results would not be readable on powerpoint.

To use the quality standard tags selection, the Quality Standards Support extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’.
    From 1.16.0, it can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks of a violation are displayed.

Options added in 1.13.0 :

  • WITHCODELINES = Y|N, by default (or option not present) source code is displayed, if you don’t want to see it, set this option to N
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

If there is no previous snapshot, status is not displayed

When we do not display the code lines, if there is bookmarks available, for bookmarks we display start line and end line numbers. 

Option added in 1.18.0 :

  • DESC=no|simple|full to display or not the description of the rule. No to not display, simple for only rationale, description and remediation; full for all description fields (rationale, description, remediation, reference, sample, remediation sample, output, associated value, total). Simple by default for this component.

with source code : TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS;
METRICS=CWE,COUNT=2


without source code : TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS;
METRICS=CWE,COUNT=2,WITHCODELINES=N

Selected rules with list of detailed violations (object name, type, status, file path, bookmarks,...)

LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE



List of violations for a list of rules with bookmarks without source code

Updated in 1.16.0 : METRICS parameter updated

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for excel document. The results would not be readable on powerpoint or word.

To use the quality standard tags selection, the Quality Standards Support extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’. 
    From 1.16.0, it can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks of a violation are displayed.
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

If there is no previous snapshot, status is empty.



TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE;
METRICS=CWE,COUNT=2


Selected rules with list of detailed violations (rule name, object name, type, status, file path, start line, end line)

TC_IMPROVEMENT_OPPORTUNITYFor a Business Criterion, list of technical criteria sorted by highest improvement opportunity ApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicate the Business Criterion Id
  • COUNT=N where N is the number of the top N

Formula is : Sum (rule weight x technical criterion weight) * (4 – technical criterion grade)

TABLE;TC_IMPROVEMENT_OPPORTUNITY;
PAR=60017
List of technical criterion with number of violations, total checks and scores

TECHNICAL_CRITERIA_RULESList of rules with new violations by technical criteriaApplication

Behavior : if no new violation  appeared on rule, rule description is not loaded

CAST-RestAPI 1.8.0

  • CNT=N where N indicates the shown rule number; if this item missed, no limitation will be applied
  • TCID=N where N indicates the technical criterion Id
  • BZID=N where N indicates the business criterion Id
TABLE;TECHNICAL_CRITERIA_RULES;
TCID=61001,BZID=60016,CNT=1
Rules with name, description and number of violations

TECHNICAL_DEBTTechnical debtApplication

If selected « previous snapshot » in Report Generator interface is not the n-1 version, results will sum the Technical Debt Added and removed

CAST-RestAPI 1.8.0

  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;TECHNICAL_DEBTTechnical debt, with added and removed

TECHNICAL_SIZING


Technical size informationApplicationCAST-RestAPI 1.8.0

Option added in 1.13.0 :

  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed
TABLE;TECHNICAL_SIZINGTechnical information about application : lines of code, by files and classes; number of sql artifacts and tables

TECHNICAL_SIZING_EVOLUTIONTechnical size evolution informationApplicationCAST-RestAPI 1.8.0NoneTABLE;TECHNICAL_SIZING_EVOLUTIONTechnical information about evolution of application : lines of code, by files and classes; number of sql artifacts and tables

TECHNO_LOC


Top technologies by sizeApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
  • NOSIZE to hide the “LoC” column (default)

Option added in 1.13.0:

  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed
TABLE;TECHNO_LOCLines of codes by technologies

TECHNO_LOC_EVOLUTIONTop technologies evolution by sizeApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
TABLE;TECHNO_LOC_EVOLUTIONEvolution of lines of code by technologies

TECHNO_LOC_BY_MODULETechnologies - Lines of code by modulesApplicationCAST-RestAPI 1.8.0NoneTABLE;TECHNO_LOC_BY_MODULELines of code in modules by technologies

TOP_COMPONENTS_BY_PROPERTIES



List of top components by properties

Can be used to replace CED reports :

  • Top cyclomatic complexity x High Fan Out
  • Top cyclomatic complexity x Low documentation
Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0



  • PROP1 = name of first property, cyclomaticComplexity if not exists
  • PROP2 = name of second property, fanOut if not exists
  • ORDER1 = asc or desc for PROP1, desc by default (optional)
  • ORDER2 = asc or desc for PROP2, desc by default (optional)
  • COUNT = the number of lines to display, 50 by default (-1 or all is not allowed, it will take too much time and paper) (optional)
  • LOWER1 = components should have prop1 value lower than this value (optional)
  • GREATER1 = components should have prop1 value greater than this value (optional)
  • LOWER2 = components should have prop2 value lower than this value (optional)
  • GREATER2 = components should have prop2 value greater than this value (optional)
  • NBSET=500 (number of the initial set of object before filtering) (optional)

For PROP1 and PROP2, the available values are :

  • codeLines,
  • commentedCodeLines,
  • commentLines,
  • coupling,
  • fanIn,
  • fanOut,
  • cyclomaticComplexity,
  • ratioCommentLinesCodeLines,
  • halsteadProgramLength,
  • halsteadProgramVocabulary,
  • halsteadVolume,
  • distinctOperators,
  • distinctOperands,
  • integrationComplexity,
  • essentialComplexity

If PROP1 and/or PROP2 is not correctly set,list of available values is displayed

When using LOWER and GREATER parameters, the ORDER parameter can be overridden to get the most accurate components corresponding to the request.
As the filter can be done only after requesting data from the RestAPI, the list can be truncated. So the option NBSET define the number of objects returns from the rest api before the filtering and the limitation of display (COUNT), this option is set to 500 by default, to avoid too long server response time.

TABLE;TOP_COMPONENTS_BY_PROPERTIES;
PROP1=cyclomaticComplexity,
PROP2=ratioCommentLinesCodeLines,
ORDER1=desc,ORDER2=asc,COUNT=10


In the following example, we will ask for 10000 rows to the CAST-RestAPI order by PROP1 desc and PROP2 asc (because of lower), then we filter this list to take only those that have the ratioComment lower than 0.10, then we display only the 100 first in the list. (the more the set is, the longer it takes to get values from the rest api) :

TABLE;TOP_COMPONENTS_BY_PROPERTIES;
PROP1=cyclomaticComplexity,PROP2=ratioCommentLinesCodeLines,
ORDER1=desc,LOWER2=0.10,COUNT=100,NBSET=10000

List of top objects regarding 2 properties

TOP_CRITICAL_VIOLATIONSTop Critical ViolationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the id of the business criterion
TABLE;TOP_CRITICAL_VIOLATIONS;
BC-ID=60017,COUNT=5
List of critical rules with their numbers of violations

TOP_CRITICAL_VIOLATIONS_EVOLUTIONEvolution of top critical violationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the id of the business criterion
TABLE;TOP_CRITICAL_VIOLATIONS_EVOLUTION;
BC-ID=60017,COUNT=10
Evolution of the number of violations by critical rules

TOP_NON_CRITICAL_VIOLATIONSTop Non Critical ViolationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N
TABLE;TOP_NON_CRITICAL_VIOLATIONS;
BC-ID=60017,COUNT=10
List of non critical rules with their numbers of violations

TOP_NON_CRITICAL_VIOLATIONS_EVOLUTIONEvolution of top non critical violationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N
TABLE;TOP_NON_CRITICAL_VIOLATIONS_EVOLUTION;
BC-ID=60017,COUNT=10
Evolution of the number of violations by non critical rules

TOP_RISKIEST_COMPONENTSTop riskiest componentsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • SRC= PERF| ROB|SEC : indicates the searched business criterion type
  • MOD=N where N indicates the searched result will be applied on the module identified by this Id, and on the entire snapshot if this value isn’t indicated
  • COUNT=N where N indicates the top N number ; default value = 10
TABLE;TOP_RISKIEST_COMPONENTS;
SRC=PERF,COUNT=14
List of objects belonging to a module with their PRI

TOP_RISKIEST_TRANSACTIONSTop riskiest transactionsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • SRC=PERF|ROB|SEC : indicates the transaction type where top riskiest transactions will be searched
  • COUNT=N where N indicates the top N number ; default value = 10
TABLE;TOP_RISKIEST_TRANSACTIONS;
SRC=PERF,COUNT=14
List of transactions with their TRI

TQITechnical Quality Index scoresApplicationCAST-RestAPI 1.8.0NoneTABLE;TQITQI score for current and previous snapshots

TQI_BY_MODULETechnical Quality Index scores by modulesApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;TQI_BY_MODULETQI current and previous scores with variation by modules

BC_BY_TECHNOBC score by technologiesApplicationCAST-RestAPI 1.8.0
  • ID=BC ID (by default ID is 60017)
TABLE;BC_BY_TECHNO;ID=60017BC score by technologies

VIOLATIONS_LISTList of violations by health factorApplication

This component is only relevant on an engineering database. It is empty on an analytics database

CAST-RestAPI 1.8.0

  • BCID= list of ids of business criterion, separated by | : 60011|60012|60013|60014|60016|60017 one or several ; default value = 60016 (Security)
  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • FILTER=ADDED|UNCHANGED|UPDATED|ALL to filter the list by the violation status; default is ALL
  • VIOLATIONS=CRITICAL|ALL by default, only CRITICAL violations are listed
  • MODULE=ModuleName, parameter used to restrict the list for one module, by default violation are listed for the application
  • TECHNOLOGIES=techno1|techno2, parameter used to restrict the list of violations, by default all technologies
TABLE;VIOLATIONS_LIST;
BCID=60016,COUNT=10,
NAME=SHORT,FILTER=ALL
Detailed list of violations with status, PRI, exclusion and action status, rule name, BC name, object name, object status

VIOLATION_STATISTICSStatistics on violationsApplicationCAST-RestAPI 1.8.0NoneTABLE;VIOLATION_STATISTICSNumber of critical violations, per file and per kloc, number of complex objects and number of complex objects with violations

VIOLATION_STATISTICS_EVOLUTIONEvolution of statistics on violationsApplicationCAST-RestAPI 1.8.0NoneTABLE;VIOLATION_STATISTICS_EVOLUTIONEvolution of the number of critical violations, per file and per kloc, number of complex objects and number of complex objects with violations

VIOLATION_SUMMARYViolation Summary per application or modules, provides violation information (grades, counts, compliance ratios…) for critical and/or non-critical rules, for the whole application or per moduleApplicationCAST-RestAPI 1.8.0
  • MODULES=1|0 to display violations for the whole application (=0 by default) or per modules (=1)
  • CRITICAL=1|0 to include critical violations (=1 by default) or not (=0)
  • NONCRITICAL=1|0 to include the non-critical violations (=1) or not (=0 by default)
  • GRADE=1|0 to show (=1 by default) or hide (=0) the “Grade” column - TOTAL=1|0 to show (=1 by default) or hide (=0) the “Total Checks” column
  • FAILED=1|0 to show (=1) or hide (=0 by default) the “Failed Checks” column
  • SUCCESSFUL=1|0 to show (=1) or hide (=0 by default) the “Successful Checks” column
  • ADDEDREMOVED=1|0 to show (=1) or hide (=0 by default) the “Added” and “Removed” columns
  • COMPLIANCE=1|0 to show (=1) or hide (=0 by default) the “Compliance Ratio” column
  • COUNT=-1|N to display only N results, or all results if -1 (5 by default)
TABLE;VIOLATION_SUMMARY;
MODULES=0,CRITICAL=1,NONCRITICAL=0,
GRADE=1,TOTAL=0,FAILED=1,
SUCCESSFUL=0,ADDEDREMOVED=1,
COMPLIANCE=0,COUNT=5
List of rules with scores, number of violations, added and removed violations with criticity

  • The Constraint column shows whether the component will retrieve data for an "engineering" (AED) or "analytics" domain (AAD), and whether an extension needs to be installed in order to generate results (and if we need a specific version or RestAPI). The CAST-RestAPI version indicated is the minimal version of the RESTAPI needed by this component.
  • Due to backward compatibility, some components can have two different IDs, but the result will be the same.
  • The Mode column shows whether the component is targeted at an Application or a Portfolio or an Application - the relevant option should be chosen in Report Generator (see image below). CAST recommends always selecting an Application when the target domain is "engineering" and when using Application mode, as it will avoid empty results (this is because in an "analytics" domain, violations and components does not exist for an application).


Component IdDescriptionModeConstraintsParametersConfiguration sampleOutputResult sample
ACTION_PLANSDisplay the action plan summaryApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for word document. The results would not be readable on powerpoint or excel.

CAST-RestAPI 1.8.0

NoneTABLE;ACTION_PLANSDisplay the number of new and old items in action plans by rules

ACTION_PLAN_BOOKMARKS



Display the action plan details with the bookmark's codeApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for excel document. The results would not be readable on powerpoint or word.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL
  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)

To see added violations in action plan :
TABLE;ACTION_PLAN_BOOKMARKS;COUNT=ALL,FILTER=ADDED


To see all violations in action plan:
TABLE;ACTION_PLAN_BOOKMARKS;COUNT=ALL

List the violations in action plan with code bookmarks

ACTION_PLAN_BOOKMARKS_TABLE



Display the action plan details with the bookmark's start and end line numberApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL
  • HEADER=YES|NO to display or not the headers
  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)
To see the list of violations with their bookmark's positions:
TABLE;ACTION_PLAN_BOOKMARKS_TABLE;COUNT=ALL
List the violations in action plan with bookmarks' positions

ACTION_PLAN_VIOLATIONS



Display the action plan detailsApplication

Having populated the action plan from the Engineering Dashboard.

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  •  NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • FILTER=ADDED|SOLVED|PENDING|ALL to filter the list by the remedial action status; default is ALL

Option added in  1.19.0 :

  • TAG=YES|NO, to display the priority using tag or priority (tag by default as this is this value that is set in ED)
TABLE;ACTION_PLAN_VIOLATIONS;
COUNT=10,NAME=SHORT
List the violations in action plan

AEFP_LIST



Display the list of AEFP


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • TYPE = type of the function to display, DF for data function, TF for transactions, by default both are listed
  • STATUS = status of the function to display, ADDED, MODIFIED or DELETED, all statuses by default
  • COUNT = the number of lines to display, 10 by default (-1 for all functions)

New option added in 1.19.0 :

  • PREVIOUS=YES|NO to display the AEP value for previous snapshot (no by default)

List all the modified data function :

TABLE;AEFP_LIST;TYPE=DF,STATUS=MODIFIED,COUNT=-1

List the top 10 functions (data functions and transactional, added, modified and deleted)

TABLE;AEFP_LIST


List the modified transactions withe their previous value of AEP:
TABLE;AEFP_LIST;TYPE=TF,STATUS=MODIFIED,COUNT=-1,PREVIOUS=YES


List the added, modified, deleted data functions and transactions

AETP_LIST

Display the list of AETP


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • COUNT = the number of lines to display, 10 by default (-1 for all functions)

List all the technical AEP :
TABLE;AETP_LIST;COUNT=-1

List the top 10 technical AEP :
TABLE;AETP_LIST

List the objects with technical AEP

CAST_COMPLEXITYCast ComplexityApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

NoneTABLE;CAST_COMPLEXITYEvolution of the distribution of objects regarding cast complexity

CAST_COMPLEXITY_WITH_VIOLComplexity with violations: Statistics about Artifacts – CAST Complexity & ViolationsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;CAST_COMPLEXITY_WITH_VIOLNumber of artifacts and artifacts with violations by cast complexity distribution

CAST_DISTRIBUTION



Evolution of a specific distribution of objectsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • PAR=ID where ID is the distribution ID

List of distributions :

  • 65105 : Size Distribution
  • 65350 : Coupling distribution
  • 65501 : Cyclomatic complexity distribution
  • 65601 : 4GL complexity distribution
  • 65701 : OO complexity distribution
  • 65801 : SQL complexity distribution
  • 66010 : Reuse by call distribution
  • 66015 : Class complexity distribution (WMC)
  • 66020 : Class Fan-Out distribution
  • 66021 : Class Fan-In distribution
  • 67001 : Cost complexity distribution
  • 67020 : distribution of violations to critical diagnostic-based metrics per cost complexity
  • 67030 : distribution of defects to critical diagnostic-based metrics per cost complexity

New parameters :

  • MODULES=Y or N to display the results by modules
  • TECHNOLOGIES=Y or N to display the results by technologies

Display the results for the application :
TABLE;CAST_DISTRIBUTION;PAR=65501

Display the results by modules:
TABLE;CAST_DISTRIBUTION;PAR=65501,MODULES=Y

Display the results by technologies:
TABLE;CAST_DISTRIBUTION;PAR=65501,TECHNOLOGIES=Y

Display the results by modules and technologies:
TABLE;CAST_DISTRIBUTION;PAR=65501,MODULES=Y,TECHNOLOGIES=Y

Evolution of the distribution of objects regarding specified distribution

CAST_HIGH_COMPLEXITYEvolution of high and very high categories of cast complexityApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

NoneTABLE;CAST_HIGH_COMPLEXITYEvolution of high and very high complex objects regarding cast complexity

CAST_HIGH_DISTRIBUTIONEvolution of high and very high categories of a specific distributionApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • PAR=ID where ID is the distribution ID

cf CAST_DISTRIBUTION for list of distribution

TABLE;CAST_HIGH_DISTRIBUTIONEvolution of high and very high complex objects regarding the specified distribution

COMPLIANCECompliance grades and evolutionApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;COMPLIANCE;HEADER=SHORTScore of compliance BC for previous and current snapshot with % variation

COMPLIANCE_TO_OBJ_TABLE

Compliance to objectives.  This component is based on:

  • Objectives – list of critical rules
  • Achievement : if there is 0 violation for a critical rule
  • Achievement ratio: # critical rules with 0 viol. / # critical rules
ApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;COMPLIANCE_TO_OBJ_TABLEComparison between objectives and achievment

CRITERIA_GRADEFor a business criteria, List of technical criteria with gradeApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicates the business criterion Id
  • COUNT= number of results, if omitted, all results are returned
TABLE;CRITERIA_GRADE;PAR=60017,COUNT=10Top technical criteria with scores and evolution for the specified BC

CRITICAL_VIOL_BY_APPLICATIONCritical violations in the application by health factors for current and previous snapshotsApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (by default HEADER=SHORT)
  • SHOW_PREVIOUS=1 (by default SHOW_PREVIOUS=0)
TABLE;CRITICAL_VIOL_BY_APPLICATIONHealth Factors number of total critical violations, added and removed

CRITICAL_VIOL_BY_MODULECritical violations in the modules by health factors for current snapshotApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;CRITICAL_VIOL_BY_MODULEHealth Factors number of total critical violations, added and removed for modules

DELTA_COMPONENTS_LIST_BY_STATUS

List of added, deleted or updated components in application, module or technology


Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.9.0

  • STATUS = status of the components to display, “added”, “deleted” or “updated”, “added” by default
  • COUNT = the number of lines to display, 10 by default (-1 for all components)
  • MODULE = <module_name> if you want to filter components by module
  • TECHNOLOGY = <technology_name> if you want to filter components by technology
  • COMPLEXITY = to choose between “low”, “moderate”,”high” or “very high” if you want to filter by complexity (all by default)
  • CURRENT = first snapshot name for the comparison if different from the current selected snapshot
  • PREVIOUS = second snapshot name for the comparison if different from the previous selected snapshot

By default (without options), the list displayed the top ten added components for the application, between current and previous snapshots.
If module and technology are set in the same time, they will not be taken into account and list will be displayed for entire application

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS
No options => list top 10 added artifacts for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,COUNT=-1
List all updated artifacts for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=deleted,COMPLEXITY=very high
List top 10 deleted artifacts with very high complexity for application between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,MODULE=MyModule
List top 10 updated artifacts for module MyModule between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;STATUS=updated,TECHNOLOGY=.NET
List top 10 updated artifacts for technology .NET between selected current and previous snapshots

TABLE;DELTA_COMPONENTS_LIST_BY_STATUS;CURRENT=S2,PREVIOUS=S1
List top 10 added artifacts between snapshot S1 and snapshot S2

List of components with Object name, Complexity, SQL complexity, granularity, Lack of comments, coupling, number of object updates and object full name

screenshot-1.png

FUNCTIONAL_WEIGHTFunctional weight informationApplicationCAST-RestAPI 1.8.0NoneTABLE;FUNCTIONAL_WEIGHTValues of Automated Function points (10202), Decision Points (10506) and Backfired Function Points (10201) metrics for application

FUNCTIONAL_WEIGHT_EVOLUTIONFunctional weight evolution informationApplicationCAST-RestAPI 1.8.0NoneTABLE;FUNCTIONAL_WEIGHT_EVOLUTIONValues of previous metrics (Automated Function points (10202), Decision Points (10506) and Backfired Function Points (10201) ) for current and previous snapshots with variation

GENERIC_TABLE



A Generic table component is built based on a table structure. The idea is to fill data into the table to populate it automatically


Application

The selection of metrics by standard quality tag name should only be used for an application where the extension “Quality Standards Support” is installed. If not, no metrics will be selected and graph will be empty

CAST-RestAPI 1.8.0

Quality Standards Mapping extension

COL1=A,COL11=B,ROW1=C,ROW11=D,A=a,B=b,C=c|d,D=e|f|g

where A,B,C and D are axis

and a, b, c, d, e, f, g is one or multiple tags of the axis

See more information in section about Generic components (Generic components in Report Generator 1.21)

TABLE;GENERIC_TABLE;
COL1=METRICS,ROW1=CRITICAL_VIOLATIONS,
METRICS=HEALTH_FACTOR,
CRITICAL_VIOLATIONS =ALL,
SNAPSHOTS=CURRENT

Depends on the selection.

See more information in section about Generic Components (Generic components in Report Generator 1.21)

HEALTH_FACTORHealth factors scores and evolution between previous and current snapshotsApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long
  • SHOW_EVOL=1 (displays a row indicating evolution as absolute values (delta), by default this row IS NOT displayed)
  • SHOW_EVOL_PERCENT=0 (displays a row indicating evolution as relative values (percent), by default this row IS displayed)
TABLE;HEALTH_FACTOR;HEADER=SHORTCurrent and previous health factors scores with evolution

HF_BY_MODULEHealth factors scores and evolution between previous and current snapshots for modulesApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (indicates that short headers will be shown, obviously long header will be shown)
TABLE;HF_BY_MODULE;HEADER=SHORTCurrent and previous health factors scores by modules with evolution

ID_NAME_INDICATOR_MAPPINGProvides numbers to use for ID values (for BC and distribution)ApplicationCAST-RestAPI 1.8.0NoneTABLE;ID_NAME_INDICATOR_MAPPINGList of BC and distributions ids

IFPUG_FUNCTIONS



List of IFPUG functionsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • COUNT=N where N indicate the number of the top N (default value is all rows)
  • TYPE=T where T is ‘TF’ for transactional functions, or ‘DF’ for data functions. If TYPE is not present (default), both types will be displayed

New options added in 1.19.0 :

  • PREVIOUS=YES|NO to display the AFP value for previous snapshot (no by default)
  • ZERO=YES|NO to display the functions that have 0 AFP (yes by default)

TABLE;IFPUG_FUNCTIONS;COUNT=5


For displaying the previous version of AFP for data functions when you give the previous snapshot to RG:
TABLE;IFPUG_FUNCTIONS;TYPE=DF,PREVIOUS=YES


To not display transactions with 0 FP :
TABLE;IFPUG_FUNCTIONS;TYPE=TF,ZERO=NO

List of IFPUG functions with FP details, module name and technology

LIST_OF_ALL_VERSIONSList all version of applicationApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N (no limit by default: all versions will be shown)
TABLE;LIST_OF_ALL_VERSIONSList all version of application with name and functional date

LIST_TAGS_DOC_BYCAT



List the quality tags applicability by quality standard categoryApplication

CAST-RestAPI 1.12.0

Quality Standards Mapping Extension 20190909

  • CAT = Id of the standard quality category, for example, STIG-V4R8-CAT1, or a list separated by ‘|’

TABLE;LIST_TAGS_DOC_BYCAT;CAT=STIG-V4R8-CAT1
List all the tags from the category STIG-V4R8-CAT1 with definition and applicability


TABLE;LIST_TAGS_DOC_BYCAT;CAT=STIG-V4R8-CAT1|STIG-V4R8-CAT2|STIG-V4R8-CAT3

List all the tags for each category STIG-V4R8-CAT1, STIG-V4R8-CAT2 and STIG-V4R8-CAT3 with definitions and applicability

List all the tags from category with definition and applicability

LOC_BY_MODULEList of modules with number of code linesApplicationCAST-RestAPI 1.8.0
  • FORMAT=LOC|KLOC, by default or if omitted, format is LOC
TABLE;LOC_BY_MODULEList of all modules with their number of code lines

METRIC_TOP_ARTEFACTList of artefacts with violations to business criteriaApplication

This component is only relevant on an engineering database. It is empty on an analytics database

CAST-RestAPI 1.8.0

  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the ID of the business criterion. PAR also supports several business criteria. Multiple business criteria are indicated as a list of BCID separated by “|”, for instance PAR=60011|60012
  • IDX=i where i indicates the index of the specific rule wanted, for instance i=0 1st rule, i=1 2nd rule, i=3 3rd rule…
TABLE;METRIC_TOP_ARTEFACT;
COUNT=10,PAR=60016,IDX=0
List of objets in violation for the idx-ème rule of the specified BC

MODULE_LISTList of modules in applicationApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;MODULE_LISTList of all modules names

PF_IGNORED_APPLICATIONSProvides list of application ignored during computation.PortfolioCAST-RestAPI 1.8.0NoneTABLE;PF_IGNORED_APPLICATIONSIf not empty, investigation should be done to find corruption

PF_IGNORED_SNAPSHOTSProvides list of snapshots ignored during computation.PortfolioCAST-RestAPI 1.8.0NoneTABLE;PF_IGNORED_SNAPSHOTSIf not empty, investigation should be done to find corruption

PF_GENERIC_TABLE



A Generic table component is built based on a table structure. The idea is to fill data into the table to populate it automaticallyPortfolio

CAST-RestAPI 1.8.0


COL1=A,COL11=B,ROW1=C,ROW11=D,A=a,B=b,C=c|d,D=e|f|g

  • where A,B,C and D are one of the axis above
  • and a, b, c, d, e, f, g is one or multiple tags of the axis
  • AGGREGATORS

See more information in section about Generic components (Generic components in Report Generator 1.21)

TABLE;PF_GENERIC_TABLE;
ROW1=APPLICATIONS, COL1=CRITICAL_VIOLATIONS,
CRITICAL_VIOLATIONS =ALL,APPLICATIONS=EACH

Depends on the selection.

See more information in section about Generic Components (Generic components in Report Generator 1.21)

PF_BC_RELEASE_PERFORMANCESLA viewPortfolioCAST-RestAPI 1.8.0
  • BF=T1 T2 T3 T4 T5 T6 T7 T8 where Tx is a target to fix regarding each line
  • SLA=X Y where X is corresponding to the 2% and Y is corresponding to the 5% in the formula below

SLA Assessment thresholds :

  • Good if % difference between Target and Actual is less than 2%
  • Acceptable if & difference between Target and Actual is between 2% and 5%
  • Poor if % difference between Target and Actual is greater than 5%

Actual score : average score using latest snapshot data (even if snapshot date is before current quarter

Target score: score to reach, to be configured as an option of the component

Score from previous quarter: average score using snapshot from previous quarter. If last snapshot date is old and previous current quarter, last snapshot date will be used also for previous quarter calculation

TABLE;PF_BC_RELEASE_PERFORMANCE;
BF=2.90 2.90 2.90 2.90 2.90 2.90 2.90 2.90,
SLA=2 5
SLA view for Business Criterion : previous score, target score, current score and SLA

PF_TABLE_RELEASE_PERFORMANCE



Generic SLA viewPortfolioCAST-RestAPI 1.8.0
  • ID=ID1|ID2|ID3… where Idx is the metric id of the quality indicator (BC, TC or QR) to assess

  • TARGETS=T1|T2|T3… where Tx is a target to fix regarding each line, if only one target, it will be used for all metrics

  • SLA : 2 values a|b corresponding to SLA Assessment thresholds :

    • Good if % difference between Target and Actual is less than a%
    • Acceptable if & difference between Target and Actual is between a% and b%
    • Poor if % difference between Target and Actual is greater than b%

Actual score : average score using latest snapshot data (even if snapshot date is before current quarter

Target score: score to reach, to be configured as an option of the component

Score from previous quarter: average score using snapshot from previous quarter. If last snapshot date is old and previous current quarter, last snapshot date will be used also for previous quarter calculation

SLA Assessmennt for TQI, Efficiency - Expensive Calls in Loops and Avoid Classes with a very low comment/code ratio (7780) with the same target :
TABLE;PF_TABLE_RELEASE_PERFORMANCE;ID=60017|66068|7780,TARGETS=3.00,SLA=2|5


SLA Assessmennt for TQI, Efficiency - Expensive Calls in Loops and Avoid Classes with a very low comment/code ratio (7780) with each one its own target :
TABLE;PF_TABLE_RELEASE_PERFORMANCE;ID=60017|66068|7780,TARGETS=2.90|3.00|3.50,SLA=2|5

SLA view for chosen metrics (BC, TC or QR) : previous score, target score, current score and SLA

PF_TOP_RISKIEST_APPSTop riskiest applications regarding specific health factorPortfolioCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
  • ALT=N (where N is an health factor id - eg. 60017)
TABLE;PF_TOP_RISKIEST_APPS;
COUNT=5,ALT=60017
List of applications with number of critical violations, BC score and last snapshot date

QUALITY_RULE_VIOLATIONSList of violations for a quality ruleApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • BCID= The Id of the business criterion. If this id correspond to efficiency (60014), robustness (60013), or security (60016), the propagatedRiskIndex is displayed. By default, BCID = 60013
  • ID= The Id of the quality rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
  • COUNT=N where N indicates the top N number ; default value = 10
  • NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • SNAPSHOT=CURRENT|PREVIOUS to select from which snapshot we take results; default is Current

If there is no previous snapshot, column Status is not displayed

TABLE;QUALITY_RULE_VIOLATIONS;
BCID=60013,ID=7788,COUNT=10
List of objects in violation for the rule with their PRI and status

QUALITY_RULE_VIOLATIONS_BOOKMARKS


List of violations for a rule with associated bookmarks


Updated in 1.11.0 : when there is an associated value of integer type, this value is also displayed

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component exists only for word document. The results would not be readable on powerpoint.

CAST-RestAPI 1.8.0

  • ID= The Id of the quality rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks from a violation are displayed.

If there is no previous snapshot, status is not displayed

Option added in 1.18.0 :

  • DESC=no|simple|full to display or not the description of the rule. No to not display, simple for only rationale, description and remediation; full for all description fields (rationale, description, remediation, reference, sample, remediation sample, output, associated value, total). No description by default for this component.
TABLE;QUALITY_RULE_VIOLATIONS_BOOKMARKS;
ID=7788,COUNT=5

List of violations with object name, type, status, file path and bookmark

QUALITY_STANDARDS_EVOLUTION



Evolution of category or tag for a quality standard

Updated in 1.13.0 : option added for not displaying added and removed columns, if there is no previous snapshot added and removed columns are not displayed except if EVOLUTION option is set to true

Application

To use this component, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624

CAST-RestAPI 1.11.0

  • STD= Name of the parent quality standard you want the details, for example, CWE-2011-Top25 will list total, added and removed violations for standards CWE-22, CWE-78, CWE-79, CWE-89, CWE-134, CWE-327, CWE-434 and CWE-798.
    From 1.16.0 it can also take the name, shortName or ID of a Business Criterion
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations

Option added in 1.11.0

  • MORE=true : add this one if you have specified a category in STD and want the evolution of the tags associated to this category (not specified by default). This option is valuable only when STD is a category (for example category = STIG-V4R8, tag = STIG-V4R8-CAT1). For a tag, there is no more data and the display is worse (for example tag = OWASP-2017 for which category=OWASP).

Options added in 1.13.0

  • EVOLUTION=true|false to display added and removed violations columns. By default or if not exists, is true if there is a previous snapshot.
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;QUALITY_STANDARDS_EVOLUTION;STD=CWE-2011-Top25
will list the tags associated with category CWE-2011-Top25 with total, added and removed number of violations


TABLE;QUALITY_STANDARDS_EVOLUTION;STD=STIG-V4R8,MORE=true
will list the categories and their associated tags with total, added and removed number of violations

List the sub standards with total, added and removed violations (row is highlighted if total or added violations are more than 0)

QUALITY_TAGS_RULES_EVOLUTION



Evolution of CAST rules associated to a quality standard categoryApplication

To use this component, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624

CAST-RestAPI 1.11.0

  • STD= Name of the quality standard category for which you want the details per tag, for example, STIG-V4R8-CAT1 will list total, added and removed violations for cast rules associated to all tags belonged to category STIG-V4R8-CAT1.
    From 1.16.0, the STD can also be a BC name or a BC id. This is to support the new way to calculate standard as BC with new index extensions.
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations

Options added in 1.13.0:

  • DESC=true|false. For display rationale, description and remediation of the rule. By default if not present, it is false
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;QUALITY_TAGS_RULES_EVOLUTION;STD=CISQ-Security
will list each quality standard tag associated to the quality standard category CISQ-Security (with its number of total, added and removed violations), and for each tag, the list of associated CAST rules with numbers of total, added and removed violations


List the tags and their CAST rules with numbers of total, added and removed violations

REMOVED_VIOLATIONS_LIST



List of removed violations by Business Criterion


Updated in 1.11.0 with a filter on criticity

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.11.0

  • BCID = name of the BCID to get the rule’s compounded weight and to filter results (60017 by default)
  • COUNT = the number of lines to display, 50 by default (-1 for all removed violations)
  • CRITICITY = c for only critical violations, nc for only non critical violations, all for critical and non critical violations (all by default if not configured)

TABLE;REMOVED_VIOLATIONS_LIST;BCID=60017,COUNT=10

All deleted critical violations for Robustness :
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60013,COUNT=-1,CRITICITY=c

50 first non critical violations deleted for TQI :
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60017,COUNT=50,CRITICITY=nc

50 deleted violations for BC Changeability (critical and non critical)
TABLE;REMOVED_VIOLATIONS_LIST;BCID=60012,COUNT=50,CRITICITY=all

List the violations that have been deleted, either fixed or disappeared (because of exclusion or deletion of object) with rule name, object name, compounded weight of the rule, and action and exclusion status.

RULE_IMPROVEMENT_OPPORTUNITY



For a Business Criterion, list of rules sorted by highest improvement opportunityApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicate the Business Criterion Id
  • CRITICAL=Y|N - add this option to add a column displaying whether the rule is flagged as critical or not
  • COUNT=N where N is the number of the top N
  • C=N where N represents the order of the result :
    • C=0 or nothing indicates a descending Improvement gap order
    • C=1 indicates a descending Improvement variation order
    • C=2 indicates a descending Degradation variation order

Formula is: (quality rule weight x technical criterion weight) * (4 – quality rule grade)

TABLE;RULE_IMPROVEMENT_OPPORTUNITY;PAR=60017,
COUNT=10

List of rules wit violations and scores evolutions

Criticity is added in 1.13.0 (Y for critical, N for non critical)

RULE_NAME_DESCRIPTIONRule name details and violations countApplicationCAST-RestAPI 1.8.0
  • RULID=N where N indicates the rule Id
TABLE;RULE_NAME_DESCRIPTION;RULID=4670Descriptions of the rule with count of violations in current snapshot

RULE_NAME_DESCRIPTION_TOPCRITVIOL

or METRIC_NAME_DESCRIPTION

Rule Name Details & Violation Count For Top Critical Violations RulesApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the ID of the business criterion. PAR also supports several business criteria. Multiple business criteria are indicated as a list of BCID separated by “|”, for instance PAR=60011|60012
  • IDX=i where i indicates the index of the specific rule wanted, for instance i=0 1st rule, i=1 2nd rule, i=3 3rd rule…
TABLE;RULE_NAME_DESCRIPTION_TOPCRITVIOL;
COUNT=3,PAR=60016
Descriptions of the top rules for a BC with count of violations in current snapshot

RULES_LIST


List of rules for list of criterionApplicationCAST-RestAPI 1.8.0
  • PAR=N[|N]* where each submitted N indicate a business criterion ID
TABLE;RULES_LIST;PAR=60014|60013|60012|60011|60016,
COUNT=7
List of rules with their compounded weight, criticity, score, technical criteria, number of violations, and total checks

RULES_LIST_LARGEST_VARIATIONList of rules with largest variationApplicationCAST-RestAPI 1.8.0
  • BCID = name of the BCID to get the rule’s compounded weight (60017 by default)
  • VARIATION = increase or decrease (decrease by default)
  • DATA = number or percent (number by default)
  • COUNT = the number of lines to display, 50 by default (-1 for all rules)

The formula are taken from the ones from CED :

  • Decrease number : previous failed checks - current failed checks
  • Decrease percent : current failed checks / current total checks - previous failed checks / previous total checks , display in percentage (*100)
  • Increase number : current failed checks - previous failed checks
  • Increase percent : previous failed checks / previous total checks - current failed checks / current total checks , display in percentage (*100)

TABLE;RULES_LIST_LARGEST_VARIATION;BCID=60017,

VARIATION=decrease,DATA=number,COUNT=50

List of rules with compounded weight and number of violations variation

RULES_LIST_STATISTICS_RATIO



List of violations statistics by BC, TC or Standard Quality Tag


Updated in 1.11.0 : option added for not displaying added and removed columns

Updated in 1.13.0 : if there is no previous snapshot added and removed columns are not displayed except if EVOLUTION option is set to true

Updated in 1.16.0 : METRICS parameter updated

Application

To use the quality standard tags selection, the Quality Standards Mapping extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’.
    From 1.16.0 It can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COMPLIANCE=true : add this option if you want to display the compliance score column ; by default this column is not displayed.
  • SORTED=COMPLIANCE : add this option if you want to sort the data by compliance score, from worse to better ; by default the sort of data is from the max number of total violations to the min.
  • LBL=violations or vulnerabilities (vulnerabilities if not set), this change the headers from Vulnerabilities to Violations
  • EVOLUTION=true|false to display added and removed violations columns. By default or if not exists, is true if there is a previous snapshot

Options added in 1.13.0:

  • DESC=true|false. For display rationale, description and remediation of the rule. By default if not present, it is false
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=CISQ-Security,COMPLIANCE=true,LBL=violations


List the rules associated to quality tag A7-2017, without added and removed columns :
TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=A7-2017,EVOLUTION=false


List of critical rules from Robustness with description of the rules :
TABLE;RULES_LIST_STATISTICS_RATIO;METRICS=60013,CRITICAL=true,DESC=true


List of selected rules with total, added and removed violations, and optionnally the compliance ratio



LIST_RULES_VIOLATIONS_BOOKMARKS



List of violations for a list of rules with bookmarks


Updated in 1.11.0 : when there is an associated value of integer type, this value is also displayed


Updated in 1.16.0 : METRICS parameter updated

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component exists only for word document. The results would not be readable on powerpoint.

To use the quality standard tags selection, the Quality Standards Support extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’.
    From 1.16.0, it can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks of a violation are displayed.

Options added in 1.13.0 :

  • WITHCODELINES = Y|N, by default (or option not present) source code is displayed, if you don’t want to see it, set this option to N
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

If there is no previous snapshot, status is not displayed

When we do not display the code lines, if there is bookmarks available, for bookmarks we display start line and end line numbers. 

Option added in 1.18.0 :

  • DESC=no|simple|full to display or not the description of the rule. No to not display, simple for only rationale, description and remediation; full for all description fields (rationale, description, remediation, reference, sample, remediation sample, output, associated value, total). Simple by default for this component.

with source code : TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS;
METRICS=CWE,COUNT=2


without source code : TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS;
METRICS=CWE,COUNT=2,WITHCODELINES=N

Selected rules with list of detailed violations (object name, type, status, file path, bookmarks,...)

LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE



List of violations for a list of rules with bookmarks without source code

Updated in 1.16.0 : METRICS parameter updated

Application

This component is only relevant on an engineering database. It is empty on an analytics database.

This component is only relevant for excel document. The results would not be readable on powerpoint or word.

To use the quality standard tags selection, the Quality Standards Support extension should be installed on the central where the application resides, with minimum version 20190624.

When you select the metric id for a BC or TC, all the QRs belonging to this BC or TC is added for displaying violations

CAST-RestAPI 1.11.0

  • METRICS=List of metrics id (BC, TC or QR) or quality standards tags separated by ‘|’. 
    From 1.16.0, it can also be the name for a BC or a shortName for a TC.
  • CRITICAL=true : add this option if you have selected a BC or a TC and want only critical rules to be selected (by default it is false). This option has no effect on selection by QR or quality standard tag.
  • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks of a violation are displayed.
  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed

If there is no previous snapshot, status is empty.



TABLE;LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE;
METRICS=CWE,COUNT=2


Selected rules with list of detailed violations (rule name, object name, type, status, file path, start line, end line)

TC_IMPROVEMENT_OPPORTUNITYFor a Business Criterion, list of technical criteria sorted by highest improvement opportunity ApplicationCAST-RestAPI 1.8.0
  • PAR=N where N indicate the Business Criterion Id
  • COUNT=N where N is the number of the top N

Formula is : Sum (rule weight x technical criterion weight) * (4 – technical criterion grade)

TABLE;TC_IMPROVEMENT_OPPORTUNITY;
PAR=60017
List of technical criterion with number of violations, total checks and scores

TECHNICAL_CRITERIA_RULESList of rules with new violations by technical criteriaApplication

Behavior : if no new violation  appeared on rule, rule description is not loaded

CAST-RestAPI 1.8.0

  • CNT=N where N indicates the shown rule number; if this item missed, no limitation will be applied
  • TCID=N where N indicates the technical criterion Id
  • BZID=N where N indicates the business criterion Id
TABLE;TECHNICAL_CRITERIA_RULES;
TCID=61001,BZID=60016,CNT=1
Rules with name, description and number of violations

TECHNICAL_DEBTTechnical debtApplication

If selected « previous snapshot » in Report Generator interface is not the n-1 version, results will sum the Technical Debt Added and removed

CAST-RestAPI 1.8.0

  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;TECHNICAL_DEBTTechnical debt, with added and removed

TECHNICAL_SIZING


Technical size informationApplicationCAST-RestAPI 1.8.0

Option added in 1.13.0 :

  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed
TABLE;TECHNICAL_SIZINGTechnical information about application : lines of code, by files and classes; number of sql artifacts and tables

TECHNICAL_SIZING_EVOLUTIONTechnical size evolution informationApplicationCAST-RestAPI 1.8.0NoneTABLE;TECHNICAL_SIZING_EVOLUTIONTechnical information about evolution of application : lines of code, by files and classes; number of sql artifacts and tables

TECHNO_LOC


Top technologies by sizeApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
  • NOSIZE to hide the “LoC” column (default)

Option added in 1.13.0:

  • HEADER=NO to not display headers (useful for excel report when you want to define your own customized headers). By default if option is not present or different from NO, headers are displayed
TABLE;TECHNO_LOCLines of codes by technologies

TECHNO_LOC_EVOLUTIONTop technologies evolution by sizeApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N is the shown technologies count (default value=5)
TABLE;TECHNO_LOC_EVOLUTIONEvolution of lines of code by technologies

TECHNO_LOC_BY_MODULETechnologies - Lines of code by modulesApplicationCAST-RestAPI 1.8.0NoneTABLE;TECHNO_LOC_BY_MODULELines of code in modules by technologies

TOP_COMPONENTS_BY_PROPERTIES



List of top components by properties

Can be used to replace CED reports :

  • Top cyclomatic complexity x High Fan Out
  • Top cyclomatic complexity x Low documentation
Application

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0



  • PROP1 = name of first property, cyclomaticComplexity if not exists
  • PROP2 = name of second property, fanOut if not exists
  • ORDER1 = asc or desc for PROP1, desc by default (optional)
  • ORDER2 = asc or desc for PROP2, desc by default (optional)
  • COUNT = the number of lines to display, 50 by default (-1 or all is not allowed, it will take too much time and paper) (optional)
  • LOWER1 = components should have prop1 value lower than this value (optional)
  • GREATER1 = components should have prop1 value greater than this value (optional)
  • LOWER2 = components should have prop2 value lower than this value (optional)
  • GREATER2 = components should have prop2 value greater than this value (optional)
  • NBSET=500 (number of the initial set of object before filtering) (optional)

For PROP1 and PROP2, the available values are :

  • codeLines,
  • commentedCodeLines,
  • commentLines,
  • coupling,
  • fanIn,
  • fanOut,
  • cyclomaticComplexity,
  • ratioCommentLinesCodeLines,
  • halsteadProgramLength,
  • halsteadProgramVocabulary,
  • halsteadVolume,
  • distinctOperators,
  • distinctOperands,
  • integrationComplexity,
  • essentialComplexity

If PROP1 and/or PROP2 is not correctly set,list of available values is displayed

When using LOWER and GREATER parameters, the ORDER parameter can be overridden to get the most accurate components corresponding to the request.
As the filter can be done only after requesting data from the RestAPI, the list can be truncated. So the option NBSET define the number of objects returns from the rest api before the filtering and the limitation of display (COUNT), this option is set to 500 by default, to avoid too long server response time.

TABLE;TOP_COMPONENTS_BY_PROPERTIES;
PROP1=cyclomaticComplexity,
PROP2=ratioCommentLinesCodeLines,
ORDER1=desc,ORDER2=asc,COUNT=10


In the following example, we will ask for 10000 rows to the CAST-RestAPI order by PROP1 desc and PROP2 asc (because of lower), then we filter this list to take only those that have the ratioComment lower than 0.10, then we display only the 100 first in the list. (the more the set is, the longer it takes to get values from the rest api) :

TABLE;TOP_COMPONENTS_BY_PROPERTIES;
PROP1=cyclomaticComplexity,PROP2=ratioCommentLinesCodeLines,
ORDER1=desc,LOWER2=0.10,COUNT=100,NBSET=10000

List of top objects regarding 2 properties

TOP_CRITICAL_VIOLATIONSTop Critical ViolationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the id of the business criterion
TABLE;TOP_CRITICAL_VIOLATIONS;
BC-ID=60017,COUNT=5
List of critical rules with their numbers of violations

TOP_CRITICAL_VIOLATIONS_EVOLUTIONEvolution of top critical violationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N,
  • PAR=BC-ID where BC-ID indicate the id of the business criterion
TABLE;TOP_CRITICAL_VIOLATIONS_EVOLUTION;
BC-ID=60017,COUNT=10
Evolution of the number of violations by critical rules

TOP_NON_CRITICAL_VIOLATIONSTop Non Critical ViolationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N
TABLE;TOP_NON_CRITICAL_VIOLATIONS;
BC-ID=60017,COUNT=10
List of non critical rules with their numbers of violations

TOP_NON_CRITICAL_VIOLATIONS_EVOLUTIONEvolution of top non critical violationsApplicationCAST-RestAPI 1.8.0
  • COUNT=N where N indicate the number of the top N
TABLE;TOP_NON_CRITICAL_VIOLATIONS_EVOLUTION;
BC-ID=60017,COUNT=10
Evolution of the number of violations by non critical rules

TOP_RISKIEST_COMPONENTSTop riskiest componentsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • SRC= PERF| ROB|SEC : indicates the searched business criterion type
  • MOD=N where N indicates the searched result will be applied on the module identified by this Id, and on the entire snapshot if this value isn’t indicated
  • COUNT=N where N indicates the top N number ; default value = 10
TABLE;TOP_RISKIEST_COMPONENTS;
SRC=PERF,COUNT=14
List of objects belonging to a module with their PRI

TOP_RISKIEST_TRANSACTIONSTop riskiest transactionsApplication

This component is only relevant on an engineering database. It is empty on an analytics database.

CAST-RestAPI 1.8.0

  • SRC=PERF|ROB|SEC : indicates the transaction type where top riskiest transactions will be searched
  • COUNT=N where N indicates the top N number ; default value = 10
TABLE;TOP_RISKIEST_TRANSACTIONS;
SRC=PERF,COUNT=14
List of transactions with their TRI

TQITechnical Quality Index scoresApplicationCAST-RestAPI 1.8.0NoneTABLE;TQITQI score for current and previous snapshots

TQI_BY_MODULETechnical Quality Index scores by modulesApplicationCAST-RestAPI 1.8.0
  • HEADER=SHORT (here HEADER=SHORT) Indicates that short headers will be shown, obviously long headers will be shown
TABLE;TQI_BY_MODULETQI current and previous scores with variation by modules

BC_BY_TECHNOBC score by technologiesApplicationCAST-RestAPI 1.8.0
  • ID=BC ID (by default ID is 60017)
TABLE;BC_BY_TECHNO;ID=60017BC score by technologies

VIOLATIONS_LISTList of violations by health factorApplication

This component is only relevant on an engineering database. It is empty on an analytics database

CAST-RestAPI 1.8.0

  • BCID= list of ids of business criterion, separated by | : 60011|60012|60013|60014|60016|60017 one or several ; default value = 60016 (Security)
  • COUNT=N|ALL where N indicates the top N number ; default value = 10 (ALL for all violations)
  • NAME=FULL|SHORT to display short name or full name of objects (full name by default)
  • FILTER=ADDED|UNCHANGED|UPDATED|ALL to filter the list by the violation status; default is ALL
  • VIOLATIONS=CRITICAL|ALL by default, only CRITICAL violations are listed
  • MODULE=ModuleName, parameter used to restrict the list for one module, by default violation are listed for the application
  • TECHNOLOGIES=techno1|techno2, parameter used to restrict the list of violations, by default all technologies
TABLE;VIOLATIONS_LIST;
BCID=60016,COUNT=10,
NAME=SHORT,FILTER=ALL
Detailed list of violations with status, PRI, exclusion and action status, rule name, BC name, object name, object status

VIOLATION_STATISTICSStatistics on violationsApplicationCAST-RestAPI 1.8.0NoneTABLE;VIOLATION_STATISTICSNumber of critical violations, per file and per kloc, number of complex objects and number of complex objects with violations

VIOLATION_STATISTICS_EVOLUTIONEvolution of statistics on violationsApplicationCAST-RestAPI 1.8.0NoneTABLE;VIOLATION_STATISTICS_EVOLUTIONEvolution of the number of critical violations, per file and per kloc, number of complex objects and number of complex objects with violations

VIOLATION_SUMMARYViolation Summary per application or modules, provides violation information (grades, counts, compliance ratios…) for critical and/or non-critical rules, for the whole application or per moduleApplicationCAST-RestAPI 1.8.0
  • MODULES=1|0 to display violations for the whole application (=0 by default) or per modules (=1)
  • CRITICAL=1|0 to include critical violations (=1 by default) or not (=0)
  • NONCRITICAL=1|0 to include the non-critical violations (=1) or not (=0 by default)
  • GRADE=1|0 to show (=1 by default) or hide (=0) the “Grade” column - TOTAL=1|0 to show (=1 by default) or hide (=0) the “Total Checks” column
  • FAILED=1|0 to show (=1) or hide (=0 by default) the “Failed Checks” column
  • SUCCESSFUL=1|0 to show (=1) or hide (=0 by default) the “Successful Checks” column
  • ADDEDREMOVED=1|0 to show (=1) or hide (=0 by default) the “Added” and “Removed” columns
  • COMPLIANCE=1|0 to show (=1) or hide (=0 by default) the “Compliance Ratio” column
  • COUNT=-1|N to display only N results, or all results if -1 (5 by default)
TABLE;VIOLATION_SUMMARY;
MODULES=0,CRITICAL=1,NONCRITICAL=0,
GRADE=1,TOTAL=0,FAILED=1,
SUCCESSFUL=0,ADDEDREMOVED=1,
COMPLIANCE=0,COUNT=5
List of rules with scores, number of violations, added and removed violations with criticity

  • No labels