Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In addition, the CWE Top-25 Rules Compliance, or any standard ruleset such as CISQ or OWASP, can also be displayed in a tile - note that this configuration is not available out of the box in CAST AIP and requires a custom Assessment Model configuration:

Image RemovedImage Added

Info
Note that the default behaviour in the dashboard is to display ONLY Critical Violations (see Data filtering on Critical Violations) - therefore the display in this tile will reflect this and only Critical Violations (with a red dot) will be displayed. If the default filter is disabled to show ALL violations, then the tile will display Critical and non-Critical Violations.

...

Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:

...

  • the object in violation
  • or the violation details when available (e.g. bookmarks, paths).
  • Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).

    The Quality Rule name is also highlighted using colour (yellow for a standard quality rule (as shown below), and red for critical):

    ...

    If a "copy/pasted" Quality Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:

    ...