Indicates the current state of the application:

• Fast scan done > The fast scan process is complete - i.e. the uploaded source code has been scanned to determine the contents: technologies/languages/frameworks. 
• Fully analyzed > The source code has been analyzed and that upload to CAST Imaging / CAST Dashboards has occurred. Note that if any missing dependencies are detected in your source code during the analysis (i.e. code that is calling another piece of code that cannot be found) a warning icon will be displayed. This should be fully investigated and corrected because it means that results may not be coherent. Clicking the warning triangle will direct you straight to the log file to see the missing dependencies alerts. See also Validate dependency configuration.

Total number of Line of Code (LoC) in the designated source code, as identified by Console during the fast scan process or during a Refresh (see below) - files that are not considered source code (i.e. image files for example) are not included in this value. In addition, an indicator shows the "size" of the application - clicking View Size Chart will show how Console defines the various different size categories:

The alert icon (available in ≥ 2.10) indicates that the most recent job actioned on the current application contains one or more alerts (the number of alerts is indicated) that need to be looked at. Clicking the icon will display the alerts as a slide in panel on the right:

These alerts are also displayed in the Job Progress panel.

Enables you to upload a new source code ZIP file or deliver new source code from a folder (see Administration Center - Settings - Source Folder Location). You can do this even if you have not yet run an analysis, i.e. when the previous fast scan has highlighted some deficiencies in the delivered code that you want to correct. 

• if you have already uploaded a source code ZIP, the button will display the following dialog box enabling you to choose a new ZIP file. A new fast scan will then be automatically actioned on the new source code:

• if you have already delivered source code from a source folder location, the button will display the following dialog box showing the location of the previous source folder. Ensure the source folder contains the new updated source code before clicking the Fast Scan button:

Technical information

Technically, the following things occur when a New Scan is triggered:

• any excluded files are deleted
• the current version is deleted and a new one is created with the same name, same title, same release date
• the new source code is scanned and data in the Overview panel is refreshed using the scan results
• no associated snapshots are deleted

This button will reveal the File Filter settings allowing you to:

• exclude specific files and/or folders using regular expression based exclusions
• enable/or disable various rules to exclude or include specific projects or components

Expressions

A set of exclusion expressions will be predefined via the "default" Exclusion Template which contains the most common items that should be excluded (see Administration Center - Settings - Exclusion templates for more information). Items excluded in this way are not sent for analysis. If you make any changes, use the Update button to apply them:

You can add new custom filters as required: the pattern matching system uses glob patterns (see https://docs.oracle.com/javase/tutorial/essential/io/fileOps.html#glob for examples of how this system works). Enter an expression to match the folders/files you want to exclude and then click Add to add the expression to the list of excluded items:

For example:

• *.txt will exclude all files with the extension .txt
• tests/ will exclude any folders named tests and everything inside them - e.g. root_folder/tests, root_folder/another_folder/tests
• *.Tests/ will exclude any folders whose name includes .Tests (for example C:\Support\Delivery\Sample.Tests\sample\)
• patterns starting with / will exclude starting only from the root folder. In other words, /tests/ will exclude everything in the specific folder root_folder/tests but not root_folder/another_folder/tests

Take the following hypothetical example where an application has been delivered that contains the same .SQL file in four locations - this is not correct and three of them need excluding:

To exclude the *.SQL files located under the parent folder "JSP", you could manually exclude them by unticking them in the UI, however (if you have multiple files to exclude) you can also define an expression to automatically do this for you e.g.:

[J]*/**/*.sql

Where:

• [J]*/ matches any folder in the root path starting with an uppercase "J" (in our case "JSP") - if you have multiple folders in the root path, you can use the pipe character, for example [J|e]*/ will match all folders starting with an uppercase "J" and all folders starting with a lower case "e".
• **/ traverses all nested sub folders of the matched folder beginning with "J"
• /*.sql matches any files named "<something>.sql"

Applying this expression automatically excludes the .SQL files located under the folder "JSP":

Rules

This section enables you to configure the "exclusion" rules for specific projects identified during the source code delivery. When an exclusion rule is matched, then the project in question will be ignored. The aim of these rules is to avoid a situation where multiple projects (and therefore Analysis Units) are generated for a given piece of source code when more than one is not needed. If you are unsure, you should leave the default settings as they are and review them as a post analysis action item:

• for an Application's first version, all options are selected except Exclude Maven Java projects when an Eclipse project also exists and Exclude Java Files project located inside other Java Files Project.
• for an Application's subsequent analyses, exclusion rules are pre-selected according to the options chosen in the previous analysis.
• the option Exclude all empty projects refers to projects that do not have associated source code.
• the option Exclude Test code will exclude all folders named "test" that are discovered during the source code delivery

The delivered source code is depicted in tree format. This is interactive and selecting an item in the tree will update the middle and right hand panels. In addition, a filter can be set to exclude an item from the subsequent analysis process by clicking the icon shown in the image below. When the icon is shown in red, the entire selected folder and all files, sub folders and files will be excluded from the analysis (i.e. these items will NOT be sent for analysis):

This panel depicts the content of an item selected in the left panel and divides them into categories as follows showing the total number of files:

• Files selected for deep analysis
• Files not selected for deep analysis

And then:

• Programming
• Documentation
• Data
• Prose
• Markup

Each item depicts, per technology type, the total number of files that will be sent for analysis and those that will not be sent for analysis - i.e. have been excluded through one of the exclusion methods:

Items in the categories themselves are interactive and when clicked, will update the content in the right hand panel.

The right panel displays the content of selections made in the left and middle panels and provides:

• a search mechanism
• a way to exclude individual files
• a way to view source code

All files that will be sent for analysis will be ticked, files that are NOT sent for analysis will be displayed with a strikethrough:

Search mechanism

The search mechanism is a simple filter on the file name itself. For example, entering "auth" shows the following files:

Exclusion mechanism

Files that have already been excluded via a specific filter, or because the parent folder has been excluded using the icons in the left panel, will be displayed with a strikethrough and a disabled unticked check box as shown below (these items are NOT send for analysis):

Click to enlarge

To exclude individual files, untick the files - the file text will use strikethrough:

Files that are excluded will contain roll over tooltip information (in ≥ 2.9) to explain which pattern has excluded the file. For example, the following file was excluded in the right hand panel using the tick box and the pattern listed in the roll over tooltip will be added as a filter:

This file was excluded by a filter called "bookdemo/":

Code viewer

Selecting a file in the list will display its source code:

A list of file extensions found in the delivered source code. Extensions are grouped by technology/language - and the extension that is displayed by default (the primary extension) is the extension with the largest number of files in the delivered source code. Other related file extensions that are found will also be displayed alongside:

The total number of files of this type that were analyzed during the most recent analysis process. This number is taken directly from the analysis schema in which the analysis results are stored, in other words this number reflects the number of files that were saved as part of the analysis process.

The total number of files of this type that were sent for analysis by CAST Console but were not analyzed during the most recent analysis process (e.g. they were not saved in the results):

Click to enlarge

Clicking the number will display the following dialog box, providing a list of all the unanalyzed files:

Click to enlarge

When the Node uses AIP Core ≥ 8.3.52, a reason (where possible) will be given in the Reason column:

These reasons correspond to Project Exclusion Rules set via the File Filter button (see above) for onboarding with Fast Scan:

...and via the Project Exclusion Rules screen when using onboarding without Fast Scan.

The search option allows you to filter for specific text. The search functions on the columns File Extensions, Technology/Language and CAST Extensions:

This drop down filters the Indicators in the list by category. By default, all categories are displayed in the list.

This banner is displayed when Console detects that a configuration change has been made and that your data should be updated. If the "Update" button is clicked, then a job will run to ensure that all Analysis Results Indicator data is correct. The triggers for this banner are identical to the triggers described in the section Update Banner in Application - Config.

By default this toggle switch is disabled, which means only Indicators that have a positive value (displayed in the Value column) will be displayed. All indicators which have "N/A" in the Value column will be hidden. Enable the option to show all Indicators regardless of their Value.

Choose the snapshot you would like to view indicators for. By default the most recent snapshot for the Application will be displayed.

Use this to search on the Indicator name.

This option enables you to download Microsoft Excel reports containing detailed information about the indicators in each category:

• If All Categories is selected (see option above) then a ZIP file will be downloaded containing the relevant XLSX files - one per category
• If a specific category is selected, then a XLSX file will be downloaded.

The file name used for the ZIP file and the XLSX files will contain a time stamp using the following format: <year><month><day>_<hour><minute><second>. The time stamp is generated when the Download button is clicked.

Excel file report contents

• The first sheet has information related to application name, snapshot name, snapshot date and category for which this report is generated. It also contains a summary for all the indicators belonging to that category i.e. name, description, thresholds, value, status, details, remedy action and justification.
• The indicator value is computed along with status which is a star rating based on the thresholds of that indicator.
• The details column contains the hyperlink to the details sheet of that indicator.

• The option is only available when the most recent analysis/snapshot is selected in the snapshot selector
• Justification entered for the indicators is retained after recomputation
• Any actions that modify analysis data will be reflected in the analysis/snapshot indicator results after recomputation.

Status of the indicator - the more stars the better the results. Rolling the mouse over the stars will show the thresholds required to improve:

A free text field enabling you to enter a justification for the result. Free text is saved and is retained for the next snapshot that is generated. For example:

• Do you agree?
• Is the coverage as expected?

≥ 2.9

Use the icon to add a new justification explanation:

And enter the justification in the pop-up:

The icon changes to indicate a justification has been added:

Older releases

Enter the justification in the field itself.

The Remedy Action provides a suggestion for how to improve the result in the next analysis/snapshot. Any links are clickable.

≥ 2.9

Remedies are displayed in line:

If they are larger than the available space, rolling the mouse over them will display the full text in a popup:

Older releases

Click the icon to display the full text of the remedy:

Some indicators store results in a CSV file - click this option to download the CSV file. This can help you work out why a poor result has been produced, for example. CSV files are generated and stored in the following locations:

≥ 2.2.0
\\share\aip-node-data\common-data\snapshot-indicator\{appGuid}\{snapshotGuid}

≤ 2.1.0 - on the Node
%PROGRAMDATA%\CAST\AipConsole\AipNode\snapshot-indicator\{appGuid}\{snapshotGuid}

Information about the readiness of the delivered source code for analysis is provided based on the initial fast scan:

All clear

If no "issues" are found then the "all clear" is given:

All clear but cannot access CAST Imaging/CAST Dashboards

If no "issues" are found, but CAST Imaging/CAST Dashboards are either not configured or not available, the upload to CAST Imaging/CAST Dashboards (snapshot) will not run:

Issues found

If issues are found, then a warning is given with an explanation. In this situation, a warning does not mean that the analysis cannot proceed, however, coherent results may not be produced. For example:

• Console is warning that the delivered source code has links from JSP to Java, however, no Java source has been delivered:

• Console is warning that the delivered source code contains files that are encoded in a format other than UTF-8. Files that do not use UTF-8 encoding can cause issues for some CAST analyzers and may even cause the analyzer to crash, as such this warning invites you to convert the non UTF-8 files into UTF-8. CAST also provides a breakdown of the technologies which contain non UTF-8 by clicking the link highlighted below (a popup is displayed containing the breakdown):

Analysis complete

When an analysis has been run, this panel will show:

• the previous analysis duration time
• whether any missing dependencies were detected in your source code during the analysis (i.e. code that is calling another piece of code that cannot be found): a yellow warning icon will be displayed if this is the case. This should be fully investigated and corrected because it means that results may not be coherent. Clicking the warning triangle will direct you straight to the log file to see the missing dependencies alerts. See also Validate dependency configuration.

• a failed analysis, suggesting log files are checked before clicking Resume Analysis:

Click the Run Analysis button to start the deep analysis process. A popup will then be displayed:

This option allows you to control what steps in the analysis process are actioned and should only be used if you know what you want to achieve:

• Upload to CAST Imaging will be actioned. 

• A snapshot is generated (for the Engineering Dashboard)
• Data is also uploaded to the Measure schema for the Health Dashboard

This option focuses on function points measurement. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

• com.castsoftware.automaticlinksvalidator

This option focuses on flow of data identification and will deliver associated results. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):

• com.castsoftware.automaticlinksvalidator
• com.castsoftware.datacolumnaccess
• com.castsoftware.mainframe.sensitivedata

GDPR / PCI DSS

Two additional options specifically enable a check of a set of predefined sensitive key words related to GDPR (General Data Protection Regulation) and/or PCI-DSS (Payment Card Industry Data Security Standards) data:

• These options are ONLY currently taken into account for Mainframe technologies (analyzed via the com.castsoftware.mainframe, SQL technologies (analyzed via the com.castsoftware.sqlanalyzer extension) and NoSQL technologies (analyzed via the com.castsoftware.nosqljava and com.castsoftware.nosqldotnet extensions).

• These options do not provide a certification for GDPR and PCI DSS. Their aim is to help identify sensitive data in particular contexts.

• It is still possible to provide your own custom key word indicators, see Data Sensitivity for more information.

Click to enlarge

Click to enlarge