Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

Table of Contents
maxLevel4


Info
Summary: this page describes the new features and bugs that have been fixed in CAST Report Generator 1.13.x.

Content matrix

VersionSummary of contentComments
1.13.0
  • .NET Core 3.0.x required
  • New report templates for security standards to display more violations

Can be used with:

  • CAST-RESTAPI ≥ 1.12.x

Component documentation

Children Display
depth2

1.13.0-funcrel

Resolved issues

No customer bugs reported for fix in this release.

Updates

Report Generator CLI tool updates

Info
See CAST Report Generator for more information.

CLI tool name change

The Report Generator CLI tool has been renamed in ≥ 1.13.0 as follows, therefore you should update any batch files that you routinely use:

Previous nameNew name
CastReporting.Console.exeCastReporting.Console.Core.exe

Return codes updated

CLI tool return codes have been updated in ≥ 1.13.0 to show positive numbers instead of negative:

Previous codeNew code
00Report successfully generated
-11Bad arguments given to the Report Generator
-22Web service cannot be accessed or is badly configured
-33Report failed

1.13.0-beta2

Resolved issues

No customer bugs reported for fix in this release.

Updates

Microsoft Excel compliance report improvements

Microsoft Excel compliance reports have been improved in comparison to the same reports provided in beta1.

Custom Expressions

The CUSTOM_EXPRESSIONS parameter added for various components types in 1.12.0 have been updated and now function correctly when any language is selected in the GUI using Settings > Language.

Table component updates

  • QUALITY_STANDARDS_EVOLUTION, options added:
    • EVOLUTION=true|false to display added and removed violations columns. By default or if it does not exist, this is set to true if there is a previous snapshot.
    • HEADER=NO to not display headers (useful for Excel reports when you want to define your own customized headers). By default if the option is not present or set to something other than NO, headers are displayed.
  • LIST_RULES_VIOLATIONS_BOOKMARKS, options added:
    • WITHCODELINES = Y|N, by default (or option not present) source code is displayed, if you don’t want to see it, set this option to N.
    • HEADER=NO to not display headers (useful for Excel reports when you want to define your own customized headers). By default if the option is not present or set to something other than NO, headers are displayed to not display source content.
  • QUALITY_TAGS_RULES_EVOLUTION, options added:
    • DESC=true|false. For display rationale, description and remediation of the rule. By default or if it does not exist, it is set to false.
    • HEADER=NO to not display headers (useful for Excel reports when you want to define your own customized headers). By default if the option is not present or set to something other than NO, headers are displayed.
  • RULE_IMPROVEMENT_OPPORTUNITY, options added:
    • CRITICAL=Y|N - add this option to add a column displaying whether the rule is flagged as critical or not
  • RULES_LIST_STATISTICS_RATIO, options added:
    • DESC=true|false. For display rationale, description and remediation of the rule. By default or if it does not exist, it is set to false.
    • HEADER=NO to not display headers (useful for Excel reports when you want to define your own customized headers). By default if the option is not present or set to something other than NO, headers are displayed.
    • EVOLUTION=true|false to display added and removed violations columns. By default or if it does not exist, this is set to true if there is a previous snapshot.

New table components

  • LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE for Excel reports to list violations with bookmarks without source code for a list of rules by Business Criteria/Technical Criteria/Rule/Quality Standards tags.
    • METRICS=List of metrics id (Business Criteria, Technical Criteria or Rule) or quality standards tags separated by ‘|’.
    • CRITICAL=true : add this option if you have selected a Business Criteria or a Technical Criteria and want only critical rules to be selected (by default this is set to false). This option has no effect on selection by rule or quality standard tag.
    • COUNT=N where N indicates the top number of violations ; by default 5 (-1 correspond to all violations). All bookmarks of a violation are displayed.
    • HEADER=NO to not display headers (useful for Excel reports when you want to define your own customized headers). By default if the option is not present or set to something other than NO, headers are displayed.

1.13.0-beta1

Resolved issues

No customer bugs reported for fix in this release.

Updates

.NET Core 3.0.x required

This release of Report Generator and Report Generator for Dashboards require a manual installation of .NET Core 3.0.x (minimum)

ApplicationMinimum SDK or runtime required?Notes
Report Generator.NET Core 3.0.x SDK

The .NET Core 3.0.x SDK should be manually installed BEFORE or AFTER running the Report Generator setup installer (the setup installer will not install this for you). See CAST Report Generator - Installation process for more details.

Report Generator for Dashboards.NET Core 3.0.x runtime

Previous releases of Report Generator for Dashboards already required the .NET Core 2.0.x runtime, therefore if the .NET Core 3.0.x runtime is not already present on the machine, this new release of .NET Core must be installed before using Report Generator for Dashboards. See CAST Report Generator - CAST Report Generator for Dashboards for more details.


Info

Future releases of CAST Report Generator / Report Generator for Dashboards will require .NET Core 3.1.x due to the end-of-life of .NET Core 3.0.x scheduled for 3rd March 2020, therefore CAST recommends installing .NET Core 3.1.x to avoid the need to re-install .NET Core in the future.

Note that if Report Generator GUI does not launch, or a .NET error message is displayed when attempting to launch it, this usually means that the required release of .NET Core is not installed on the machine (either nothing is installed at all, or the wrong type is installed e.g. runtime vs SDK).

New report templates

New report templates for specific security standards such as CISQ and CWE have been introduced in this beta release for Microsoft Word and Excel specifically to display more violations:

  • Microsoft Word templates - violations limited to 50 in this beta. These reports are typically named "Detailed Report", e.g.: CISQ Detailed Report.docx
  • Microsoft Excel templates - all violations displayed. These reports are typically named "Full Detailed Report" e.g.: CISQ Security Full Detailed Report.xlsx.
Info

With regard to the Microsoft Excel report templates listed in this release:

  • these templates are not the final version that will be delivered in 1.13.0-funcrel - they will undergo further work and improvement.
  • when using these Microsoft Excel templates on Applications containing a significant number of violations, processing time may also be significant. In some cases, you may need to increase:

The following table lists all the templates available in this release. The column Comments provides information about the changes applied:

LocationReport NameCAST-RestApi minimum versionQuality Standard Mapping extension minimum versionComment
Portfolio\Portfolio component library1- Portfolio-Powerpoint-components-library.pptx1.8.0N/A
Portfolio\Portfolio component library2- Porftolio-Word-components-library.docx1.8.0N/A
Portfolio\Portfolio component libraryPortfolio Generic Graph Definition.docx1.10.020181030
Portfolio\Portfolio component libraryPortfolio Generic Table Definition.pptx1.10.020181030
Application\Component library1- Powerpoint-components-library.pptx1.12.020190909
Application\Component library2- Word-components-library.docx1.12.020190909
Application\Component library3- Excel-components-library.xlsx1.12.020190909
Application\Component libraryGeneric Graph Definition.docx1.10.020181030
Application\Component libraryGeneric Graph Definition.pptx1.10.020181030
Application\Component libraryGeneric Table Definition.docx1.10.020181030
Application\Component libraryGeneric Table Definition.pptx1.10.020181030
Application\Compliance reportsCISQ Compliance Report.docx1.12.020190916
Application\Compliance reportsCISQ Detailed Report.docx1.12.020190916New
Application\Compliance reportsCISQ Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsCISQ Security Compliance Report.docx1.12.020190916
Application\Compliance reportsCISQ Security Detailed Report.docx1.12.020190916New
Application\Compliance reportsCISQ Security Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsCWE (2011) Top 25 Compliance Report.docx1.12.020190916
Application\Compliance reportsCWE (2011) Top 25 Detailed Report.docx1.12.020190916New
Application\Compliance reportsCWE (2011) Top 25 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsCWE (2019) Top 25 Compliance Report.docx1.12.020190916
Application\Compliance reportsCWE (2019) Top 25 Detailed Report.docx1.12.020190916New
Application\Compliance reportsCWE (2019) Top 25 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsCWE Compliance Report.docx1.12.020190916
Application\Compliance reportsCWE Detailed Report.docx1.12.020190916New
Application\Compliance reportsCWE Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsNIST-SP800-53R4 Compliance Report.docx1.12.020190909
Application\Compliance reportsNIST-SP800-53R4 Detailed Report.docx1.12.020190909New
Application\Compliance reportsNIST-SP800-53R4 Full Detailed Report.xlsx1.12.020190909New
Application\Compliance reportsOMG-ASCQM Compliance Report.docx1.12.020190916
Application\Compliance reportsOMG-ASCQM Detailed Report.docx1.12.020190916New
Application\Compliance reportsOMG-ASCQM Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsOMG-ASCQM Security Compliance Report.docx1.12.020190916
Application\Compliance reportsOMG-ASCQM Security Detailed Report.docx1.12.020190916New
Application\Compliance reportsOMG-ASCQM Security Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsOWASP-2013 Compliance Report.docx1.12.020190916
Application\Compliance reportsOWASP-2013 Detailed Report.docx1.12.020190916Updated
Application\Compliance reportsOWASP-2013 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsOWASP-2017 Compliance Report.docx1.12.020190916
Application\Compliance reportsOWASP-2017 Detailed Report.docx1.12.020190916Updated
Application\Compliance reportsOWASP-2017 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsPCI-DSS-V3.1 ComplianceReport.docx1.12.020190916
Application\Compliance reportsPCI-DSS-V3.1 Detailed Report.docx1.12.020190916New
Application\Compliance reportsPCI-DSS-V3.1 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsOWASP-Mobile-2016 Compliance Report.docx1.12.020190916
Application\Compliance reportsOWASP-Mobile-2016 Detailed Report.docx1.12.020190916New
Application\Compliance reportsOWASP-Mobile-2016 Full Detailed Report.xlsx1.12.020190916New
Application\Compliance reportsSTIG V4R8 Compliance Report.docx1.12.020190916
Application\Compliance reportsSTIG V4R8 Detailed Report.docx1.12.020190916Updated
Application\Compliance reportsSTIG V4R8 Full Detailed Report.xlsx1.12.020190916New
Application\Legacy reportsAssessment-sample1.docx1.8.0N/A
Application\Legacy reportsAssessment-sample2.docx1.8.0N/A
Application\Legacy reportsAssessment-Security1.docx1.8.0N/A
Application\Legacy reportsAssessment-Security2.docx1.8.0N/A
Application\Legacy reportsExecutive-summary.docx1.8.0N/A
Application\Legacy reportsExecutive-summary-sample1.pptx1.8.0N/A
Application\Legacy reportsExecutive-summary-sample2.pptx1.8.0N/A
Application\Sizing reportsAEP-sample-Template.xlsx1.9.0N/A
Application\Sizing reportsFunction-points-sample.xlsx1.8.0N/A
Application\Legacy reportsResult-presentation-fr-sample2.pptx1.8.0N/A
Application\Legacy reportsResult-presentation-sample1.pptx1.8.0N/A