Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents
maxLevel4


Info
Summary: this page describes the new features and bugs that have been fixed in the CAST Report Generator 1.12.x.

Content matrix

VersionSummary of contentComments
1.12.0
  • Template reorganization
  • New templates for quality standards
  • New and updated template components.

Can be used with:

  • CAST-RESTAPI ≥ 1.12.x

Component documentation

Children Display
depth2

Resolved issues

No customer bugs reported for fix in this release.

Template updates

Info
See also Components documentation for Report Generator 1.12.0 for more information about template changes.

New templates

Info
All new templates require Quality Standards Mapping extension v. 20190916, and CAST-RESTAPI ≥ 1.12.0.
  • CWE (2019) Top 25 Compliance Report.docx
  • CWE Compliance Report.docx (Contains latest CWE_LATEST_VERSION)
  • OMG-ASCQM Compliance Report.docx
  • OMG-ASCQM Security Compliance Report.docx
  • OWASP-Mobile-2016 Compliance Report.docx

Removed templates

The following templates have been removed in 1.12.0:

  • CISQ - Top 22 - Summary.docx
  • CISQ Compliance Report.docx
  • CWE - Top 25 - Summary.docx
  • NIST-SP800-53R4-Summary Report.docx
  • PCI-DSS-V3.1-Summary Report.docx
  • STIG V4R8 Standards- Summary Report.docx
  • STIG V4R8 Standards-DetailedReport.docx

Renamed templates 

The following templates have been renamed:

Previous name

Name in 1.12.0Notes
CISQ Compliance Report v2.docxCISQ Compliance Report.docx-
CWE Compliance Report.docxCWE (2011) Top 25 Compliance Report.docxRequires Quality Standards Mapping extension v. 20190916, and CAST-RESTAPI ≥ 1.12.0.
OWASP-2013-Top10 - Summary.docxOWASP-2013 Compliance Report.docx-
OWASP-2017-Top10 - Summary.docxOWASP-2017 Compliance Report.docx-
OWASP-2013-Top10 - Detailed.docxOWASP-2013 Detailed Report.docx-
OWASP-2017-Top10 - Detailed.docxOWASP-2017 Detailed Report.docx-
STIG V4R8 Standards Compliance Report.docxSTIG V4R8 Compliance Report.docxUpdated with new components.
STIG V4R8 Standards Detailed Report.docxSTIG V4R8 Detailed Report.docxUpdated with new components.

Template re-organization

Templates provided with Report Generator have been re-organized and categorized so that it is easier to find the required template. Templates are stored in the same location (%PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates) as in previous releases, but the folder structure has changed as follows:

This change is also reflected in the GUI:

Info
Note that templates are taken from %PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates\zh_CN\... when Chinese (Simplified, PRC) is selected in Settings > Language in the GUI.

Adding custom templates

As in previous releases of Report Generator, you can add your own custom templates to the default storage location (see CAST Report Generator - Templates and output options) however, you must ensure that these are stored in any of the following locations so that they can be found by Report Generator:

Code Block
languagetext
Any default or custom folder/subfolder of:

%PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates\Application
%PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates\Portfolio
%PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates\zh_CN\Application
%PROGRAMDATA%\CAST\ReportGenerator\<version>\Templates\zh_CN\Portfolio

If you update the location where templates are stored (see CAST Report Generator - Templates and output options), please ensure that you store the templates in a folder hierarchy starting with Application or Portfolio - if not, the Report Generator will not be able to find the custom templates. For example, if the new template storage location is set to:

Code Block
languagetext
D:\CAST\Templates

Then you should ensure that you create a folder hierarchy starting with Application or Portfolio. Templates can then be stored in any subsequent folder/subfolder, for example:

Code Block
languagetext
D:\CAST\Templates\Application\My Compliance Templates
D:\CAST\Templates\Portfolio\My Other templates
D:\CAST\Templates\zh_CN\Application
D:\CAST\Templates\zh_CN\Portfolio

New components for templates

LIST_TAGS_DOC_BYCAT - new table component

This new table component displays a list of quality tags "applicability" by quality standard category. See Table components for Report Generator 1.12.0 for full details of the component. For example:

CUSTOM_EXPRESSIONS

Note
Note that CUSTOM_EXPRESSIONS currently only function when the language is set to English or Chinese in the GUI using Settings > Language. Selecting a different language will cause the table to display empty.

CUSTOM_EXPRESSIONS have been added for various components types based on axis:

  • Generic
    • TABLE
    • GENERIC_TABLE
  • Table
    • GENERIC_TABLE
    • PF_GENERIC_TABLE
  • Graph
    • GENERIC_GRAPH
    • PF_GENERIC_GRAPH

Configuration:

  • CUSTOM_EXPRESSIONS=a/b|c/d=a/b|(c+d)/2, (operators can be +, -, *, / , (, ) ), list of custom expressions separated by |
  • PARAMS=SZ a SZ b QR c QR d, (SZ for sizing measure, QR for quality rule, BF for background fact)
  • a=MetricId, (sample 67211 – all violations)
  • b=MetricId, (sample 10151 – number of code lines)
  • c = MetricId, 60013 for Robustness
  • d = MetricId, 60014 for Efficiency
  • FORMAT=N0 | N2 (N2 by default, if nothing or erroneous format is set), the first format is associated to the first custom expression, etc.

For example, a table to monitor custom expressions. The following configuration will give for each module the average grade of two business criteria and a ratio between sizing metrics:

Code Block
languagetext
TABLE;GENERIC_TABLE;COL1=CUSTOM_EXPRESSIONS,ROW1=MODULES,SNAPSHOTS=CURRENT,CUSTOM_EXPRESSIONS=(a+b)/2|c/d,PARAMS=QR a QR b SZ c SZ d,a=60013,b=60014,c=67211,d=10151,MODULES=ALL

Changes to existing components for templates

TOP_COMPONENTS_BY_PROPERTIES - table component update

Four new parameters have been added to this table component:

  • LOWER1=value : result or prop1 should be lower than value
  • LOWER2=value : result or prop2 should be lower than value
  • GREATER1=value : result or prop1 should be greater than value
  • GREATER2=value : result or prop2 should be greater than value

When using LOWER and GREATER parameters, the ORDER parameter can be overridden to get the most accurate components corresponding to the request.

As the filter can only be executed after requesting data from the RestAPI, the list may be truncated. So using the option NBSET defines the number of objects returned from the RestAPI before the filtering and the limitation of display (COUNT) is set to 500 by default, to avoid long response times.