What's changed in CAST Imaging v3?

Overview

CAST Imaging v3 is a unification of two distinct existing systems, CAST Console v2 and CAST Imaging Viewer v2. As part of this “unification process” some features and behaviour that exist in the “v2” products has changed. This page provides a non-exhaustive list of these changes.

Changes

UI

There is now one single “unified” UI interface for end-users and administrators. This interface allows users to:

  • onboard applications
  • configure analyses
  • access results in “Viewer” and “Engineering Dashboard”
  • administer and configure global settings

CAST Imaging Core (ex. AIP Core)

CAST Imaging v3 requires CAST Imaging Core 8.4: com.castsoftware.imaging.core. This component is provided as follows:

  • For Microsoft Windows deployments: as a “standalone” installation - see Install CAST Imaging Core.
  • For Docker/Linux deployments: in an image that includes the Node service (this image is automatically installed as part of the global install).

Technology coverage with CAST Imaging Core 8.4

The following technologies are not supported by CAST Imaging Core 8.4 although they are supported by CAST AIP Core (com.castsoftware.aip) 8.3:

  • C/C++ (will be supported in a future release)
  • SAP ABAP (will be supported in a future release)
  • EGL
  • FLEX
  • Microsoft VisualBasic
  • Oracle Forms/Reports
  • PeopleSoft
  • SAP BusinessObjects
  • SAP PowerBuilder
  • Siebel
  • Swift (Objective-C)
  • TIBCO

Hardware - RAM

  • For standalone mode deployments (all components on one machine), 32GB RAM is the absolute minimum requirement.
  • For enterprise/distributed mode deployments, 16GB RAM absolute minimum, 32GB RAM highly recommended. On a machine configured as a node where the com.castsoftware.securityforjava extension is used for JEE Security Dataflow analyses, 32GB RAM is required.

See What hardware do I need?.

Features

Security Dataflow

The Security Dataflow feature is now enabled by default for supported technologies (JEE and .NET) and will be triggered automatically during the initial analysis for a new application (in CAST Console v2 this feature is always disabled and must be manually enabled). This change may impact analysis performance for large applications and will likely increase the number of violations identified during the analysis for all applications. You can manually disable the Security Data flow feature after the intial analysis has completed, however, this will likely change the number of identified violations for your application. Finally you should also take note of the RAM requirement (see above) for node machines when the application contains JEE source code which will trigger the installation of the com.castsoftware.securityforjava extension.