Please note that releases 20201106.0.0-funcrel (6 November 2020) to 20210118.0.0-funcrel (18 January 2021) contain an issue: some tag to rule associations will be duplicated during the installation process if a previous release of the extension has already been installed for the given application. This issue will lead to an incorrect number of violations calculated for a tag that is duplicated.
To correct this issue, ensure that ≥ 20210119.0.0-funcrel (19 January 2021) is installed and a new analysis/snapshot generated.
If results of an analysis using one of the releases containing the issue have been published in the Health Dashboard, a script is available to remove the duplicated results. Please contact CAST Support for more information.
In what situation should you install this extension?
This extension is required in the following situations:
- If you would like to view CISQ, OWASP, CWE and other quality standards data in the CAST dashboards (Health, Engineering and Security) in dedicated custom tiles, you should install this extension.
- If you would like to use the official CISQ, OWASP and CWE templates provided with the CAST Report Generator.
- If you would like to create custom templates that uses CISQ, OWASP, CWE and other quality standards data in the CAST Report Generator.
How does it work?
The extension provides a set of tags that identify the relevant quality standards data in the CAST AIP snapshot data:
- When using the CAST Report Generator, these tags can be used in report templates (supported templates are delivered with tags pre-defined, however you can also use the tags in your own custom templates)
- When using the CAST dashboards, custom tiles can be configured using these tags - note that some tiles using some tags are provided "out-of-the-box" in the CAST Security Dashboard.
Tags provided by this extension are listed in the Standards section of https://technologies.castsoftware.com/.
|CAST AIP||≥ 8.3.x||-|
CAST AIP for Security
|CAST Dashboards||≥ 1.6.0|
|CAST Report Generator||≥ 1.7.0||-|
Download and installation instructions
Each step is detailed below.
Step 1 - Download and installation
Step 2 - Add the tile configuration to your deployed Dashboard
- This step is not required when using the extension with CAST Report Generator templates.
- Some tiles using some tags are provided "out-of-the-box" in the CAST Security Dashboard.
CAST Health Dashboard
See Health Dashboard tile management - specifically the section Custom Tiles.
CAST Engineering / Security Dashboard
See Engineering Dashboard tile management - specifically the section Custom Tiles.
Step 3 - Upload snapshot to Measurement schema
If you are configuring custom tiles using Quality Standards tags in the Health Dashboard, you will need to upload the most recent snapshot to the Measurement schema in order that the new tags are transferred (the Quality Standards Mapping extension (i.e. extensions in general) are only installed to the Analysis and Dashboard schemas). To do so you can use one of these methods:
Run the Consolidate Snapshot action on the most recent snapshot:
Click to enlarge
|CAST Management Studio|
Use the Upload action on the most recent snapshot (Application editor > Execute tab):
|AAD-consolidate tool||Use the AAD-consolidate tool to perform an upload. See Using the GUI and CLI tools for Health Dashboard.|
Step 4 - Reload the cache or log out / log in
To ensure that the most up-to-date information is available in the dashboards, ensure you either reload the cache or alternatively, log out and log back in.
What results can you expect?
To view the new tiles, refresh your browser. If you do not see the tiles, you may need to empty your browser cache. The tiles will be displayed as follows (example for the CISQ-Reliability tag in the CAST Health Dashboard):
Clicking the tile will drill down as follows:
Application level (click to enlarge):
Portfolio level (click to enlarge):
CAST Report Generator
You can use any predefined standards templates requiring the Quality Mapping extension to generate reports or use any of the available tags in your own custom templates.