|Version||Summary of content|
Adaptation of Compliance Reports for the new "index" extensions.
|CAST RestAPI||≥ 1.12.x||Mandatory|
|MIPS Reduction Index||≥ 20200518|
These extensions are required for Compliance Report generation. Depending on what "standard" you are targeting in your Compliance Report, you can install a combination of extensions:
If you are using CAST AIP Console ≥ 1.14.0, the Quality Standards Mapping extension is installed with all new source code versions, however, you should ensure that the correct release of the extensions is used.
|CISQ Index||≥ 20200518|
|OWASP Index||≥ 20200518|
|Quality Standards Mapping extension||≥ 20200220|
|.NET Core SDK||3.1.x|
- Components documentation for Report Generator 1.16.0
No customer bugs reported for fix in this release.
Table component updates
The changes below have been made so that data can be taken from either the CISQ, OMG-ASCQM and OWASP extensions or the Quality Standards Mapping extension for Compliance Reports. If both the CISQ, OMG-ASCQM and OWASP extensions and the Quality Standards Mapping extension are installed, data is automatically taken from the CISQ, OMG-ASCQM and OWASP extensions at all times. There is no need to make any changes to the templates themselves.
The table component listed below will now function with a Business Criterion Name, shortName or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0. Results will be searched for a Business Criterion by the Name, then by shortName, then by the ID, but if not found, it will search instead for a standard.
If the option MORE=true is set with a Business Criterion shortName (for example CISQ), the direct Technical Criterion of CISQ will not be listed, but instead the Business Criterion associated to CISQ will be displayed (CISQ-Security, CISQ-Reliability, CISQ-Maintainability, CISQ-Performance-Efficiency) with their associated Technical Criterion. I.e. the list of Technical Criteria will be dispatched in the various Business Criteria instead of in a big list. This presentation will therefore be similar to the presentation provided when a "standard" is used in the Compliance Report.
The table component listed below will now function with a Business Criterion Name or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0. Results will be searched for a Business Criterion by the Name or ID, but if not found, it will search instead for a standard.
RULES_LIST_STATISTICS_RATIO, LIST_RULES_VIOLATIONS_BOOKMARKS, LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE
The table components listed below will now accept a Name (for a Business Criterion) or shortName (for a Technical Criterion) in the METRICS parameter - see also Table components for Report Generator 1.16.0.
These Compliance Report templates have been updated to take data from CISQ, OMG-ASCQM and OWASP standards extensions if they are installed:
CISQ Detailed Report.docx
CISQ Full Detailed Report.xlsx
CISQ Security Compliance Report.docx
CISQ Security Detailed Report.docx
CISQ Security Full Detailed Report.xlsx
- CWE (2011) Top 25 Full Detailed Report.xlsx
- CWE (2019) Top 25 Full Detailed Report.xlsx
- CWE Full Detailed Report.xlsx
- OMG-ASCQM Compliance Report.docx
- OMG-ASCQM Detailed Report.docx
- OMG-ASCQM Full Detailed Report.xlsx
- OMG-ASCQM Security Compliance Report.docx
- OMG-ASCQM Security Detailed Report.docx
- OMG-ASCQM Security Full Detailed Report.xlsx
- OWASP-2013 Compliance Report.docx
- OWASP-2013 Detailed Report.docx
- OWASP-2013 Full Detailed Report.xlsx
- OWASP-2017 Compliance Report.docx
- OWASP-2017 Detailed Report.docx
- OWASP-2017 Full Detailed Report.xlsx
- MIPS Reduction Compliance Report.docx
- MIPS Reduction Detailed Report.docx
- MIPS Reduction Full Detailed Report.xlsx