On this page:
Summary: This page provides instructions for configuring and using the Report Generation feature.
Introduction
The Report Generation feature allows you to generate reports on the fly direct from the CAST Security Dashboard interface. Various reports can be generated, however, some require some configuration before they will work.
Accessing the Report Generation feature
| From the Side Menu bar, click the following icon: |
|
Available report categories
Various report categories are available:
| Category | Enabled by default? | CAST Report Generator for Dashboards required? | Additional configuration required? | Output format | Available reports |
|---|---|---|---|---|---|
| Security Reports |  | | See section below. | Same format as the associated CAST Report Generator templates. | Available reports include:
Note that the default list of reports can be customized. |
| Industry Compliance Reports | | | See section below | Same format as the associated CAST Report Generator templates. | Available reports include:
Note that the default list of reports can be customized. |
Miscellaneous Reports | |  | | Inline in the browser Can be downloaded in Excel format. | Available reports include:
|
Custom Reports | | | See section below. | Same format as the associated CAST Report Generator templates. | This category enables you to define your own custom reports via CAST Report Generator templates. |
Security and Industry Compliance Reports
This category provides reports on various industry recognized standards such as:
- CISQ
- CWE
- OWASP
- STIG (Security Technical Implementation Guide)
- PCI (Payment Card Industry)
- NIST (National Institute of Standards and Technology)
- OMG (Object Management Group)
Configuration process
Configuration process
These reports are based on templates provided with CAST Report Generator and therefore CAST Report Generator for Dashboards (v. ≥ 1.10.0) must be present on the server hosting Apache Tomcat in order for the reports to function. Some additional configuration is also required as explained below.
Assuming CAST Report Generator for Dashboards is present on the host machine, the next step is to configure the dashboard. Edit the following file with a text editor:
%CATALINA_HOME%\webapps\CAST-Security\WEB-INF\report.properties
Find the following options and modify as explained below:
# Set the Report Generator path # If this variable is not set then the document generation is considered as disabled. # The path is probably something such as (Linux/Windows): #report.reportGenerator=dotnet /opt/report-generator/CastReporting.Console.Core.dll #report.reportGenerator=dotnet c:\\ReportGenerator\\CastReporting.Console.Core.dll # Set the directory of reports #report.directory=/tmp/reports #report.directory=c:\\temp\\reports # Set the current Web Service URL. The current REST API called back by the Report Generator. report.webServiceURL=http://localhost:8888/CAST-RESTAPI/rest
report.reportGenerator=dotnet | Add a new line pointing to the location of the CastReporting.Console.Core.dll (part of CAST Report Generator for Dashboards) on the server hosting Apache Tomcat. You can also uncomment and modify an example line. For example: report.reportGenerator=dotnet c:\\ReportGeneratorforDashboards\\CastReporting.Console.Core.dll Note that the path to CastReporting.Console.Core.dll when using Microsoft Windows must always use double back slashes (\\) or single forward slashes (/) - the single back slash (\) is not valid. |
|---|---|
report.directory= | Add a new line pointing to the temporary folder where the reports will be generated on the server hosting Apache Tomcat. You can also uncomment and modify an example line. For example: report.directory=c:\\temp\\reports Note that:
|
report.webServiceURL= | Modify the existing line to point to the RestAPI in your CAST Security Dashboard deployment. This is used by the CAST Report Generator for Dashboards. For example: report.webServiceURL=http://<server>:<port>/<dashboard>/rest |
Generation process
Choose a report type from the Security Reports or Industry Compliance Reports category and click the Generate Report button:
The report will be generated and auto downloaded with your browser. Reports are generated using the same format as the associated CAST Report Generator templates. The report file name should contain the:
- application name
- snapshot version
- report type
For example: MEUDON-Computed on 201903061327-OWASP-2017-Top10 - Summary.docx (MEUDON is an Application name).
A notification message is displayed when the report is generated:
If the report fails to generate, a notification is also displayed with the error message. Please refer this page about error messages handling: Report Service - 1.9.0.
This example shows that CAST Report Generator for Dashboards has not been configured:
Miscellaneous Reports
This category provides reports that can easily show where the biggest changes in violations between snapshots have occurred:
These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration. Reports can be downloaded in Excel format:
Drill down to violation source code is also possible for some reports:
Custom Reports
This category enables you to define your own custom reports via CAST Report Generator templates. The category is disabled by default (i.e. it does not contain any report templates). The templates you want to generate must be present on the server hosting Apache Tomcat in the "Templates" sub folder of your CAST Report Generator for Dashboards deployment location.
Adding custom reports
To enable and define the reports for the category, edit the following file:
%CATALINA_HOME%\webapps\CAST-Security\security\resources\ced.json For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Security\security\resources\ed.json
Find the following configuration section:
{
"id": "custom",
"label": "Custom Reports",
"reportTemplates":[]
}
To add your report for a custom template called Executive summary PPT.pptx, AEP Sample Report.xlsx and My Custom Template 2019.docx change it as follows. Save the file and restart the host Apache Tomcat server for the changes to be applied:
{
"id": "custom",
"label": "Custom Reports",
"reportTemplates":[
{
"templateLabel": "Executive summary PPT",
"templateId": "Executive+summary+PPT",
"fileType":"pptx"
},
{
"templateLabel": "AEP Sample Report",
"templateId": "AEP+Sample+Report",
"fileType":"xlsx"
},
{
"templateLabel": "My Custom Template 2019",
"templateId": "My+Custom+Template+2019",
"fileType":"docx"
}
]
}
- Custom templates should be available in the Templates folder within the CAST Report Generator for Dashboards deployment folder, for example: ReportGeneratorCLIforAllOS\Templates.
templateLabel is a free text, this is used in the drop down list in the dashboard.
templateId should be the file name of the custom template name without the file extension and "+" signs in place of white space. For example, if your custom template name is My Custom Template.docx the templateId should be configured as "templateId": "My+Custom+Template+2019".
Adding custom report categories
Multiple Custom Report categories can be added, alongside the existing default "Custom Report" category. These custom categories can then be populated with custom reports in exactly the same way as the default "Custom Reports" category (see Adding custom reports above):
To add a custom report category, edit the following file:
%CATALINA_HOME%\webapps\CAST-Security\engineering\resources\ced.json For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Engineering\engineering\resources\ed.json
Find the following configuration section:
{
"id": "custom",
"label": "Custom Reports",
"reportTemplates":[]
}
First add a comma immediately at the end of the preceding section:
{
"id": "custom",
"label": "Custom Reports",
"reportTemplates":[]
},
Now add a new section for your category and give it a unique "label" (example shown below). Populate it with your custom templates - the custom report category and custom templates will then be available for generation.
{
"id": "custom",
"label": "Custom Reports",
"reportTemplates":[]
},
{
"id": "CustomReport",
"label": "Custom Reports_Category1",
"reportTemplates":[
{
"templateLabel": "Custom report type1",
"templateId": "CISQ+-+custom-+Summary",
"fileType":"docx"
},
{
"templateLabel": "Custom report type2",
"templateId": "OWASP+-+custom-+Summary" ,
"fileType":"docx"
}
]
}
Generation process
Choose a custom report type from the Custom Reports category and click the Generate Report button:
