Summary: This page explains how to configure various advanced options that affect the entire Engineering Dashboard. Note that this page does not deal with Tiles (see Engineering Dashboard tile management).

Above and beyond the configuration possibilities that are available for Tiles, there are additional advanced configuration options as listed below:

  • Configure the ability to request access when not able to log in
  • Configure log out dialog box
  • Configure the display of all Business Criteria or just Health Factors
  • Define the number of violations displayed when "Show All" is clicked
  • Choose a default language
  • Define custom Action Plan priorities
  • Configure session timeout interval
  • Add a drop down tag filter list

How to configure the options

The options listed above are governed by a .json file located here (this is the same file that is used to configure Tiles (see Engineering Dashboard tile management).

WAR 1.x

WAR ≥ 2.x

ZIP ≥ 2.x

The options are available at the very start of the file in the "configuration" section:

  "configuration": {
    "defaultLanguage": "English",
    "description": "To configure new language for application, define customLanguages as [{'label': 'languageName', 'value': 'localeFolderName'}]",
    "customLanguages": [],
    "requestAccess": false,
    "confirmLogout": true,
    "filterHealthFactor": false,
    "violationsCount" : 5000,
    "navigation": {
      "pages": [
    "tag": {
      "shift": true,
      "description": "used to configure tag-list, ActionsOverview column(tagType) and placeholder",
      "placeholder" : "Select a Priority",
      "placeHolderEducation": "Select a Tag for future violations",
      "tagType": "Priority",
      "tag": [
        { "label": "Low" },
        { "label": "Moderate" },
        { "label": "High" },
        { "label": "Extreme" }

To modify the options, edit the ed.json file with a text editor (Notepad or other similar application). CAST recommends creating a copy of the default ed.json file that can be used as a replacement if an error occurs during editing.

Viewing the changes in your browser

There is no need to restart the application server or application itself if you edit and save the ced.json file: changes are immediate on saving the file. However, you may find that the changes are not immediately visible in the Engineering Dashboard. This is because the .json file is loaded into the browser's cache, therefore CAST recommends that you empty your browser cache to force the changes to become visible.

If you are using Google Chrome the following tip can be used to automatically empty the browser cache:

  • Tap F12 to open the Developer Tools window at the bottom of the page.
  • Click the Settings icon (a cog) to the right of the Developer Tools window
  • Tick the Disable cache (while DevTools is open) option and close the Settings window.
  • In this state, when you then tap F12 followed by F5 to refresh the page, the browser cache will be automatically emptied.

Option descriptions

Choose a default languagedefaultLanguage

By default, the dashboard language is set to English. Other languages will be available in the Change Language drop down list when a locale is added (see Dashboard localization for more information). When the Change Language option is used, the new language is configuration is stored in the local browser cache, therefore, if the cache is emptied, then the language will reset to the default (which is set to English out of the box). 

If you would prefer to have a different language as the default for all users, then change this parameter to match the official name of the locale you have added. You need to ensure that the locale exists as described in Dashboard localization).

Configure the ability to request access when not able to log inrequestAccess

Used to determine whether a "Can't access" link is displayed on the login screen. By default this is set to "false" and the link is not displayed. Change this value to "true" to enable the link. This link enables a user who is not able to log in (for example because they have forgotten their login credentials or if they have not yet been granted access) to send an email to the dashboard administrator requesting access:

See Lost password and request access configuration for more information about how to modify the template emails that are sent out when a user uses this option.

Configure log out dialog boxconfirmLogout

When set to true (default position), this option will force a log out warning dialog box to be displayed when a user selects the log out button:

If you would like to deactivate this confirmation message, simply change:

"confirmLogout": true,


"confirmLogout": false,
Configure the display of all Business Criteria or just Health FactorsfilterHealthFactor

When set to true only Business Criteria that are categorised as Health Measures will be displayed in the dashboard. All other Business Criteria that are NOT Health Factors will not be displayed:

When in false position (default position), it will force the display of ALL Business Criteria whether they are categorised as Health Factors or not:

Define the number of violations displayed when "Show More > All" is clickedviolationsCount

The violationsCount parameter is taken into account when listing violations in various parts of the dashboard. The default value of 5000 is the upper maximum  number of violations that can be displayed. If the number of violations exceeds this value then the "All" option (shown below) is deactivated - this is to prevent a performance hit in the dashboard when a large number of violations exist.


Changing the value will change the upper maximum - i.e. if you are experiencing performance issues when you have many violations to list via the "All" button, then you should reduce the default value.

Note that the value must ALWAYS be above 100.
Defines how long the session timeout will operatealertTimeoutInterval

By default the dashboard will listen for GET or POST requests and when none are detected a timeout will occur. When the timeout occurs a dialog box will be displayed - this indicates (in the upper right corner) how many seconds are remaining before a re-login will be required - the default remaining seconds is set to 10. Clicking Continue will return to the session without requiring a login.

To change the remaining seconds, add the following parameter to the file, where xx = the number of seconds:


For example, 30 seconds has been defined:

  "configuration": {
    "defaultLanguage": "English",
    "description": "To configure new language for application, define customLanguages as [{'label': 'languageName', 'value': 'localeFolderName'}]",
    "customLanguages": [],
    "requestAccess": false,
    "confirmLogout": true,
    "filterHealthFactor": false,
    "violationsCount" : 5000,
Define custom Action Plan prioritiestag

The "tag" section governs the"priorities" used when adding a violation to the Action Plan (see Engineering Dashboard - Action Plan). By default, when adding a violation to the Action Plan, the following dialog box is displayed:

It enables you to select one of four default "priorities" for the violations (Extreme, High, Moderate, Low). These priorities, the "Select a priority" text "placeholder" and the "tagType" can all be customized, for example:

"tag": {
   "shift": true,
   "description": "used to configure tag-list, ActionsOverview column(tagType) and placeholder",
   "placeholder" : "Select a Rank",
   "tagType": "Rank",
   "tag": [
      { "label": "1" },
      { "label": "2" },
      { "label": "3" },
      { "label": "4" }
Note that the "tagType" parameter governs the name of the column displayed in the Action Plan listing the Priority. By default tagType is seto to "Priority".
Add drop down tag filter listruleTag

Use the ruleTag option to configure a list of tags (custom tags or tags provided by the Quality Standards Mapping extension) that can be displayed in a drop down filter in the Risk Investigation view:

Click to enlarge

Use the following configuration:

"ruleTag": ["tag","tag"],

For example, the following configuration adds two tags (OWASP and CWE):

	"description": "used as a placeholder for as much as possible relevant default application parameters, please do not edit manually",
	"configuration": {
		"defaultLanguage": "English",
		"description": "To configure new language for application, define customLanguages as [{'label': 'languageName', 'value': 'localeFolderName'}]",
		"customLanguages": [],
		"requestAccess": false,
		"confirmLogout": true,
		"filterHealthFactor": false,
		"violationsCount": 5000,
		"ruleTag": ["OWASP", "CWE"],
  • The extension Quality Standards Mapping must be installed prior to generating the snapshot, otherwise no tag data is available and no results will be returned.
  • When drilling down from the Risk Investigation tile, the drop down tag list is not displayed when a Health Measure is selected, instead, you will need to select a child Technical Criteria or the All Rules option.