Summary: This page provides instructions for configuring and using the Report Generation feature.

Introduction

The Report Generation feature allows you to generate reports on the fly direct from the CAST Engineering Dashboard interface. Various reports can be generated, however, some require some configuration before they will work.

Accessing the Report Generation feature

From the Side Menu bar, click the following icon:

Available report categories

Three types of report categories are available:

Standard Compliance Reports

This category provides reports on various industry recognized standards such as:

CWE
OWASP
C-CPP
STIG (Security Technical Implementation Guide)
PCI (Payment Card Industry)
NIST (National Institute of Standards and Technology)
ISO-5055

CISQ reports are removed (in versions ≥ 2.4.0) from the default report list.

Configuration process

See CAST Report Generator - CAST Report Generator for Dashboards for more detailed instructions about the configuration process.

Generation process

Choose a report type from the Standard Compliance Reports category and click the Generate Report button:

The report will be generated and auto downloaded to the default "downloads" folder used by your browser. Reports are generated using the same format as the associated CAST Report Generator templates. The report file name should contain the:

application name
snapshot version
report type

For example: MEUDON-Snapshot-2021-10-04T11-50-22-ISO-5055 Compliance Report.docx (MEUDON is an Application name). A notification message is displayed when the report is generated:

If the report fails to generate, a notification is also displayed with the error message. Please refer this page about error messages handling: Report Service.

This example shows that CAST Report Generator for Dashboards has not been configured:

Miscellaneous Reports

This category provides reports that can easily show where the biggest changes in violations between snapshots have occurred:

These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration.

The formula used to define the value for Improvement Gap in the report Top rules with the highest improvement opportunities is as follows:

Improvement Gap = (Quality_rule_weight * technical_criteria_weight) * (4 - Grade)

Report options

The following options are available for Miscellaneous Reports:

Filter on Health Measure	For some reports it is possible to filter results on a specific Health Measure. By default, the TQI measure will be active, but it is possible to choose a different measure if necessary: Note that not all reports can be filtered in this way.
Download reports	Report results can be downloaded in Excel format:
Critical flag	Indicates whether the related rule is critical or not:
	Click to drill down to violation's source code (not available in all reports).
	Click to drill down to the selected object and view it in the Application Investigation view.

Custom Reports

This category enables you to define your own custom reports via CAST Report Generator templates. The category is disabled by default (i.e. it does not contain any report templates). The templates you want to use to generate a report must be present on the server hosting Apache Tomcat in the "Templates" sub folder of your CAST Report Generator for Dashboards deployment location.

Configuration process

See Report Generation configuration.

Generation process

Choose a custom report type from the Custom Reports category and click the Generate Report button:

Page tree

Engineering Dashboard - Report Generation

Introduction

Accessing the Report Generation feature

Available report categories

Standard Compliance Reports

Configuration process

Generation process

Miscellaneous Reports

Report options

Custom Reports

Configuration process

Generation process