...
In addition, the CWE Top-25 Rules Compliance, or any standard ruleset such as CISQ or OWASP, can also be displayed in a tile - note that this configuration is not available out of the box in CAST AIP and requires a custom Assessment Model configuration:
| Info |
|---|
| Note that the default behaviour in the dashboard is to display ONLY Critical Violations (see Data filtering on Critical Violations) - therefore the display in this tile will reflect this and only Critical Violations (with a red dot) will be displayed. If the default filter is disabled to show ALL violations, then the tile will display Critical and non-Critical Violations. |
...
Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:
...
Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).
The Quality Rule name is also highlighted using colour (yellow for a standard quality rule (as shown below), and red for critical):
...
If a "copy/pasted" Quality Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:
...
When you export to Excel from the Violation level, a column entitled containing a Quality Rule's Associated Value may may also be available in the resulting Excel file - in the example below, "JSP Page name" is the Associated Value for the Quality Rule "Action Artifacts should not directly call a JSP page":
The Associated Value refers to a a specific output for for the Quality Rule in question. For the Quality Rule shown above "Close the outermost stream ASAPAction Artifacts should not directly call a JSP page", the Associated Value is defined simply as the the number of methods found to be violating the rule in the object as the JSP Page name - in other words, for this Quality Rule, the JSP file listed in the column highlighted above violates the Quality Rule in question. You can view the Associated Value configuration in the CAST Management Studio by opening the Assessment Model and locating the Quality Rule:
