Choose objectives

Objectives is an optional feature that is designed to pre-configure an analysis (install specific extensions, set specific settings etc.) based on the results you require:

  • When enabling any of the Objectives, it is recommended to allow Alpha and Beta extensions to be installed via the Extension Strategy option - see Administration Center - Extensions Strategy or Administration Center - Extensions Strategy, because some of the extensions that are installed automatically via the Objectives feature are currently only in Alpha/Beta release. If Alpha/Beta extensions are not permitted to be installed, the results of the selected objectives will not be produced.
  • When an extension whitelist is in use via the Extension Strategy option, any extensions that are automatically installed by a selected Objective and which are not present in the white list will cause the analysis to stop.
  • If you do not wish to use any of the objectives offered, untick all options. This will ensure that no additional extensions (over and above what you have defined and what has been automatically discovered) will be installed and no additional options will be enabled automatically.
  • If you are adding a version N+1 (i.e. you have already created a version and generated a snapshot and are now working on the next version) and you tick the option Same as previous configuration in Step 1, the same objectives will be applied as in the previous version.
  • If you have generated a snapshot and enabled various objectives, and you then edit the version and generate a new snapshot, the same objectives will be applied.

Options available

OptionDefault settingsDescription
Global risk assessmentActive

This option focuses on risk assessments by adding additional structural rules to the analysis. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

Security assessmentInactive

This option focuses on user input security assessments for JEE/NET technologies. Selecting this option will currently:

Functional points measurementActive

This option focuses on function points measurement. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

If you are using a CAST global license that does not include EFP, then this option will not produce any results.

Blueprint designActive

This option focuses on architecture identification and links between layersSelecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

Data safety investigationInactive

This option focuses on flow of data identification and will deliver associated resultsSelecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

GDPR / PCI DSS

Two additional options are available (in AIP Console ≥ 1.26) specifically enabling a check of a set of predefined sensitive key words related to GDPR (General Data Protection Regulation) and/or PCI-DSS (Payment Card Industry Data Security Standards) data:

 

In other words, enabling the GDPR option (for example) will force the check using the predefined keywords. When the analysis runs, the predefined keywords defined will be checked and if any are found in the source code a flag will be added in the analysis results on the object in question. This can be seen as below in CAST Imaging:

Click to enlarge

What next?

When you have made your option choices (see below), click PROCEED. All actions will be processed - see Application onboarding without Fast Scan - Standard onboarding - check results.