Introduction
This document explains how to configure the Engineering Dashboard to generate your own custom Standard Compliance report, alongside the Standard Compliance reports provided by CAST. This procedure is advanced configuration and is only recommended for those that have good prior knowledge of report generation.
How it works
- Custom report templates are defined in a .json file.
- Each custom report template .json file is stored in
<data>\config\ed\reportswithin your Engineering Dashboard installation folder. - Each custom report template must be declared in
<data>\config\ed\ed.jsonwithin your Engineering Dashboard installation folder. - The Dashboard is restarted to ensure the changes are taken into account.
- Custom report templates will be available in the report generation interface in the Engineering Dashboard, under the Standard Compliance category - see Engineering Dashboard - Report Generation.
Step by step instructions
Step 1 - define your custom report
Create a blank .json file (you can name it however you want, but CAST recommends keeping the file name short where possible) and then start building the template with a text editor. Store the .json file in <data>\config\ed\reports.
Define the reportDetail section
Paste in the following at the very start of the blank file:
{
"reportDetail": {
"reportName": "<full_name>",
"firstName": "<first_part_name>",
"lastName": "<second_part_name>",
"qualityStandard": "<quality_standard>",
"reportId": [
"<business_id_category1>",
"<business_id_category2>"
],
},
Where:
| Entry | Description |
|---|---|
| reportName | The full name of your report. This will be used in the PDF file name. For example "Custom ISO-5055 compliance report". |
| firstName | First part of the name of your report, for example: "Custom ISO-5055". This is displayed on the first page of your report. |
| lastName | Last part of the name of your report, for example: "compliance report". This is displayed on the first page of your report. |
| qualityStandard | Enter the name of your overall required quality standard, for example:
|
| reportId | Enter all the business IDs that will be referenced in the report, i.e. referenced in a section in the
|
Define the content section
Under the reportDetail section, the content of the report is defined in the contents section:
{
"reportDetail": {
"reportName": "<full_name>",
"firstName": "<first_part_name>",
"lastName": "<second_part_name>",
"qualityStandard": "<quality_standard>",
"reportId": [
"<business_id_category1>",
"<business_id_category2>"
],
},
"contents": [
Each chapter in the resulting PDF is equal to one entry in the contents section. Chapters are numbered sequentially in the report in the order they appear in the template. For example for an initial "introduction" section in the report:
"contents": [
{
"name": "Introduction",
"key": "introduction",
"values": [
"This assessment is an effort to determine the overall quality of the said applications against ISO-5055 rules and measure the overall health of the application. This assessment uses the CAST Application Intelligence Platform (AIP) to automatically scan the implementation of these applications to review the architecture, design, and code against current industry best practices and known design flaws that may impact performance.",
"CAST AIP adapts the quality rules from best-in-class industry standards (OWASP, CWE, CISQ, STIG, PCI, NIST, ISO-5055). With its unique ability to perform dataflow and system-level analysis (From Presentation layer to Database layer), CAST provides the most accurate security findings, reducing a lot of false positives."
],
"url": "https://some.url.com"
},
Where:
| Entry | Description |
|---|---|
| name | Enter the name of the chapter in the report. |
| key | An identifier. CAST recommends using the same entry as "name". |
| values | A free text field. |
| url | Used to create a clickable link when the words "Click here" are entered in the values field. If "Click here" is entered multiple times, only the first entry will become a link. |
For a subsequent chapter containing data:
{
"name": "My Summary",
"key": "summary",
"values": [
"This section provides a summary of the ISO-5055 specified vulnerability identified in the structural quality analysis and measurement by CAST AIP. Click here to get more details about ISO-5055 Standard.",
"Findings summary for CAST under ISO-5055 Standards."
],
"url": "https://some.url.com",
"isSummary": true,
"hasTableInfo": true,
"id": "ISO-5055",
"businessId": "1061000"
},
Where:
| Entry | Description |
|---|---|
| name | Enter the name of the chapter in the report. |
| key | An identifier. CAST recommends using the same entry as "name". |
| values | A free text field. |
| url | Used to create a clickable link when the words "Click here" are entered in the values field. If "Click here" is entered multiple times, only the first entry will become a link. |
| isSummary | Set to true for summary sections. |
| hasTableInfo | Set to true for sections that will contain a table |
| id | The name of your overall required quality standard, for example:
|
| businessId | Enter the business ID that this section is reporting on. For example for the ISO-5055 qualityStandard, you could enter:
|
Sections can also contain one or multiple subInfo sections, and in which you must declare "isSubInfo": true,:
{
"name": "Appendix",
"key": "appendix",
"values": [],
"subInfo": [
{
"name": "About CAST Software Intelligence",
"key": "aboutCastIntelligence",
"isSubInfo": true,
"url": "https://www.castsoftware.com/software-intelligence",
"values": [
"Software Intelligence creates understanding into software architecture, end to end transaction flows, data access patterns and more, helping teams work confidently and faster. Hundreds of companies rely on CAST Software Intelligence to improve end-user satisfaction and time-to-market, prevent business disruption and reduce cost, enabling them to move past today’s obstacles and to tackle the next wave of innovation.",
"Click here for more information about CAST Software Intelligence."
]
},
{
"name": "About ISO-5055",
"key": "aboutISO",
"isSubInfo": true,
"url": "https://www.iso.org/standard/80623.html",
"values": [
"ISO-5055 is a standard that is published ISO: https://www.iso.org/standard/80623.html.",
"These measures were developed from coding rules covering some of the most serious violations of good architectural and coding practices that should be avoided and can be detected through static code analysis. Each measure counts the number of violations of the architectural and coding rules related to that quality characteristic, and then can be used in creating metrics for defect density, etc."
]
}
]
}
Example functioning template:
{
"reportDetail": {
"reportName": "Green IT Index Report",
"type": "ISO",
"firstName": "Green IT Index",
"lastName": "Compliance Report",
"reportId": [
"20140522"
],
"qualityStandard": "ISO-5055"
},
"contents": [
{
"name": "Introduction",
"key": "introduction",
"values": [
"This assessment is an effort to determine the overall quality of the said applications against ISO-5055 rules and measure the overall health of the application. This assessment uses the CAST Application Intelligence Platform (AIP) to automatically scan the implementation of these applications to review the architecture, design, and code against current industry best practices and known design flaws that may impact performance.",
"CAST AIP adapts the quality rules from best-in-class industry standards (OWASP, CWE, CISQ, STIG, PCI, NIST, ISO-5055). With its unique ability to perform dataflow and system-level analysis (From Presentation layer to Database layer), CAST provides the most accurate security findings, reducing a lot of false positives."
],
"subInfo": [
{
"name": "Application Characteristics",
"key": "characteristics",
"isSubInfo": true,
"hasTableInfo": true,
"values": [
"This assessment is focused solely on the technical implementation of the said application (user interface to database), with no investigation of the functionality."
]
}
]
},
{
"name": "Green IT Index Summary",
"key": "summary",
"isSummary": true,
"hasTableInfo": true,
"id": "ISO-5055",
"businessId": "20140522",
"url": "https://www.omg.org/spec/ASCQM/",
"values": [
"This section provides a summary of the ISO-5055 specified vulnerability identified in the structural quality analysis and measurement by CAST AIP. Click here to get more details about ISO-5055 Standard.",
"Findings summary for CAST under ISO-5055 Standards."
]
},
{
"name": "CAST Findings For Green IT Index Security",
"key": "Green IT Index",
"id": "Green IT Index ",
"businessId": "20140522",
"hasTableInfo": true,
"values": [
"List of ISO Technical Debt regarding ISO-5055 Security."
]
},
{
"name": "Appendix",
"key": "appendix",
"values": [],
"subInfo": [
{
"name": "About CAST Software Intelligence",
"key": "aboutCastIntelligence",
"isSubInfo": true,
"url": "https://www.castsoftware.com/software-intelligence",
"values": [
"Software Intelligence creates understanding into software architecture, end to end transaction flows, data access patterns and more, helping teams work confidently and faster. Hundreds of companies rely on CAST Software Intelligence to improve end-user satisfaction and time-to-market, prevent business disruption and reduce cost, enabling them to move past today’s obstacles and to tackle the next wave of innovation.",
"Click here for more information about CAST Software Intelligence."
]
},
{
"name": "About ISO-5055",
"key": "aboutISO",
"isSubInfo": true,
"url": "https://www.iso.org/standard/80623.html",
"values": [
"ISO-5055 is a standard that is published ISO: https://www.iso.org/standard/80623.html.",
"These measures were developed from coding rules covering some of the most serious violations of good architectural and coding practices that should be avoided and can be detected through static code analysis. Each measure counts the number of violations of the architectural and coding rules related to that quality characteristic, and then can be used in creating metrics for defect density, etc."
]
}
]
}
]
}
Step 2 - declare your custom report
Each custom report template must be declared in <data>\config\ed\ed.json within your Engineering Dashboard installation folder. Edit this file with a text editor, and locate the "reportTemplates":[ section under "id":"industryCompliance",:
"reportCategory":[
{
"id": "industryCompliance",
"label": "Standard Compliance Reports",
"reportTemplates":[
Enter two new lines to declare your template .json file:
"reportCategory":[
{
"id": "industryCompliance",
"label": "Standard Compliance Reports",
"reportTemplates":[
{
"templateLabel": "Custom Report",
"templateId": "custom-report"
},
Where:
| Entry | Description |
|---|---|
| templateLabel | The name that will be used to display the report in the Engineering Dashboard interface. |
| templateId | The name of the corresponding .json file. For example if your .json file is called "custom-report.json", enter "custom-report". |
Step 3 - Restart the dashboard
Restart the dashboard, either by restarting the Microsoft Windows service, or by relaunching the batch file if you are using it, to ensure the changes are taken into account.
Step 4 - Generate report from your template
Custom report templates will be available in the report generation interface in the Engineering Dashboard, under the Standard Compliance category - see Engineering Dashboard - Report Generation:
