|Version||Summary of content|
Adaptation of Compliance Reports for the new "index" extensions.
|CAST RestAPI||≥ 1.12.x||Mandatory|
|MIPS Reduction Index||≥ 20200518|
These extensions are required for Compliance Report generation. Depending on what "standard" you are targeting in your Compliance Report, you can install a combination of extensions:
If you are using CAST AIP Console ≥ 1.14.0, the Quality Standards Mapping extension is installed with all new source code versions, however, you should ensure that the correct release of the extensions is used.
|CISQ Index||≥ 20200518|
|OWASP Index||≥ 20200518|
|Quality Standards Mapping extension||≥ 20200518|
|.NET Core SDK||3.1.x|
No customer bugs reported for fix in this release.
Table component updates
The changes below have been made so that data can be taken from either the CISQ, OMG-ASCQM and OWASP extensions or the Quality Standards Mapping extension for Compliance Reports. If both the CISQ, OMG-ASCQM and OWASP extensions and the Quality Standards Mapping extension are installed, data is automatically taken from the CISQ, OMG-ASCQM and OWASP extensions at all times. There is no need to make any changes to the templates themselves.
The table component listed below will now function with a Business Criterion Name, shortName or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0. Results will be searched for a Business Criterion by the Name, then by shortName, then by the ID, but if not found, it will search instead for a standard.
If the option MORE=true is set with a Business Criterion shortName (for example CISQ), the direct Technical Criterion of CISQ will not be listed, but instead the Business Criterion associated to CISQ will be displayed (CISQ-Security, CISQ-Reliability, CISQ-Maintainability, CISQ-Performance-Efficiency) with their associated Technical Criterion. I.e. the list of Technical Criteria will be dispatched in the various Business Criteria instead of in a big list. This presentation will therefore be similar to the presentation provided when a "standard" is used in the Compliance Report.
The table component listed below will now function with a Business Criterion Name or an ID (for CISQ, OMG-ASCQM and OWASP extensions) or a standard (for the Quality Standards Mapping extension) - see also Table components for Report Generator 1.16.0. Results will be searched for a Business Criterion by the Name or ID, but if not found, it will search instead for a standard.
RULES_LIST_STATISTICS_RATIO, LIST_RULES_VIOLATIONS_BOOKMARKS, LIST_RULES_VIOLATIONS_BOOKMARKS_TABLE
The table components listed below will now accept a Name (for a Business Criterion) or shortName (for a Technical Criterion) in the METRICS parameter - see also Table components for Report Generator 1.16.0.
These Compliance Report templates have been updated to take data from CISQ, OMG-ASCQM and OWASP standards extensions if they are installed:
CISQ Detailed Report.docx
CISQ Full Detailed Report.xlsx
CISQ Security Compliance Report.docx
CISQ Security Detailed Report.docx
CISQ Security Full Detailed Report.xlsx
- CWE (2011) Top 25 Full Detailed Report.xlsx
- CWE (2019) Top 25 Full Detailed Report.xlsx
- CWE Full Detailed Report.xlsx
- OMG-ASCQM Compliance Report.docx
- OMG-ASCQM Detailed Report.docx
- OMG-ASCQM Full Detailed Report.xlsx
- OMG-ASCQM Security Compliance Report.docx
- OMG-ASCQM Security Detailed Report.docx
- OMG-ASCQM Security Full Detailed Report.xlsx
- OWASP-2013 Compliance Report.docx
- OWASP-2013 Detailed Report.docx
- OWASP-2013 Full Detailed Report.xlsx
- OWASP-2017 Compliance Report.docx
- OWASP-2017 Detailed Report.docx
- OWASP-2017 Full Detailed Report.xlsx
- MIPS Reduction Compliance Report.docx
- MIPS Reduction Detailed Report.docx
- MIPS Reduction Full Detailed Report.xlsx