- It is an internal encryption algorithm. If you wish to have extra security then you can use the LDAP.
- For more details please refer to the documentation under "Active Directory LDAP and Kerberos integration" at:
- CAST AIP 7.2 Documentation > Cookbooks > Platform Administration > Portal Administration > CAST Engineering Platform and CAST Discovery Portal > Advanced web.xml configuration
CE (also known as Outgoing Dependencies or the Number of Types outside a Package that Types of the Package Depend on) indicates the number of other packages that classes and interfaces in the analyzed package depend upon.
This would most easily be seen in Enlighten where you can see the relationship between the violated object and other packages that the violated object depends upon.
Artifacts depend on the specific languages being analyzed. They are low-level programming elements used to measure application size and complexity.
You can see a list of artifacts for each language in the documentation for the release.
As such, each rule contributing (indirectly) to the Security index must not be considered as a security hole. We rather have a global assessment of the app on a Technical aspect (here, how well architectured is the way the app accesses its data). We then estimate that this Technical assessment contributes with a given importance to the global Security score, together with the assessments done on other aspects. However,if in your particular application, this particular rule is not relevant or should not be considered so critical, it is always possible for you to customize the assessment model locally.
As explained in the below documentation, EFP is the evolution of function point compared to the baseline value. To get the EFP computed, you should first run analysis and snapshot on baselines source code and then run and generate a snapshot on the second release to get the EFP of this second release compared to baseline.
The EFP values will be then visible under the Size and evolution view of the CED dashboard
The LDAP implementation for AAD (Application Analytics Dashboard) is completely separate from the LDAP implementation for CED (CAST Engineering Dashboard).
You need completely different parameters so cannot use the same web.xml settings between AAD and CED for LDAP.
If CAST AIP finds any function which comes under or is a part of the snprintf() function family, then that would be raised as a violation for this rule. We consider the following functions as part of the "snprintf() family": sprintf, snprintf, _snprintf, _snprintf_l, _snwprintf, _snwprintf_l, vsnprintf.
And as sprintf() is part of the family, this is an expected behaviour.
High Fan-out is based on the number of references to other artifacts, so can't be computed based on examination of a single artifact. You need to look broader scope of all the analyzed artifacts to see the links to other artifacts. You can see this visually in Enlighten when looking at linked objects for a particular artifact.
You can also see the metric documentation and this TKB page for further reference: