How to run local code analyses in offline mode

Overview

The standard CAST Imaging Analyzer tool (whether being used via the UI or via the CLI) functions in “online” mode: i.e. an internet connection is required during the analysis on the local machine to download any required analysis resources (such as CAST extensions) and to upload the results to CAST Imaging on Cloud automatically.

However, where no internet connection is available on the local machine (for example in a secure air gapped environment), CAST provides a dedicated “offline” CAST Imaging Analyzer tool, which contains all required analysis resources. Results generated by this tool will need to be manually transferred to an environment where internet access is available so that they can be uploaded to and consulted in the CAST Imaging on Cloud Saas environment.

In summary, the differences between online and offline mode are:

Online:

A lightweight CAST analyzer setup file to minimize server space usage.
Runs an initial fast scan to detect the detect technologies and application composition.
Automatically fetches discovered technology extensions required for the analysis.
Performs the analysis and securely uploads only the analysis results to the CAST Imaging SaaS instance.
No source code is transferred under any circumstances.
All analysis results uploaded to theCAST Imaging on Cloud SaaS instance are encrypted via AES-256/RSA-2048.

Offline:

A comprehensive dedicated offline setup containing all the required packages (requires more storage space on your local machine).
No internet access is required during installation and analysis.
Conducts a fastscan and detailed analysis locally.
Requires the analysis results to be manually uploaded to the CAST Imaging on Cloud Saas instance.
No source code is transferred, even during manual uploads.
All manual uploads to the CAST Imaging on Cloud SaaS instance are encrypted via AES-256/RSA-2048.

How do I obtain the dedicated offline tool?

When logged in to your CAST Imaging on Cloud Saas account, click the download option in the bottom left corner of the screen:

Then click the following link:

And finally click to download:

When downloaded, double-click the tool to install it on your local machine. This tool can co-exist with the standard “online” CAST Imaging Analyzer tool on the same machine.

Note

The download is approx. 1.3GB.

How do I run an offline analysis?

UI mode

Run the tool from the desktop shortcut created during the installation, or run the CAST-Imaging-Offline-Analyzer.exe file from the following location:

%PROGRAMFILES%\CAST\CAST-Imaging-Offline-Analyzer

Follow the on screen prompts to complete your source code analysis.

CLI mode

The dedicated “offline” tool contains a command line utility available here:

%PROGRAMFILES%\CAST\CAST-Imaging-Offline-Analyzer\CAST-Imaging-CLI.exe

Note

You must use the CAST-Imaging-CLI.exe file provided with the offline tool. The command line flags are identical to the flags provided in the “online” CLI tool.

Use the following flag in your command line to enable offline mode:

-of, --offline

For example, to run a fastscan and an analysis, and then store the analysis results in a dedicated folder, use the following command line:

"C:\Program Files\CAST\CAST-Imaging-Offline-Analyzer\CAST-Imaging-CLI.exe" run -n "application1" -o "C:\CAST\offline\application1\results1" -s "C:\CAST\source_code\application1" -of -sp "C:\CAST-Imaging-Offline-Analyzer\extensions"

Where:

-n: is the name of the application
-o: is the location on disk in which to store the results (if you omit this flag, results are stored in a date stamped folder in C:\CAST-Imaging-Offline-Analyzer\results\<application-name>)
-s: is the location on disk of the source code to analyze
-of: enables offline mode (upload to CAST Imaging on Cloud is also disabled)
sp: the location of the CAST extensions on disk (if you omit this flag, the tool will use the default location C:\CAST-Imaging-Offline-Analyzer\extensions)

Logs are automatically stored in a file called <application-name>.log alongside the results, i.e. in a date stamped folder within the folder defined by the option -o or the default result storage location C:\CAST-Imaging-Offline-Analyzer\results\<application-name>\.

What should I do with the analysis results?

When the offline analysis is complete, results are stored in the following location within the default result storage location: C:\CAST-Imaging-Offline-Analyzer\results\<application-name>\date\carl\ (if you are using the command line tool with the -o option, results will be stored in the folder you define).

You will need to transfer the results file <application-name>.casticr to an environment where internet access is available so that it can be uploaded to and consulted in the CAST Imaging on Cloud Saas environment using the Upload option in the upper right corner of the screen: