On this page:


Summary: This page provides instructions for configuring and using the Report Generation feature.

Introduction

The Report Generation feature allows you to generate reports on the fly direct from the CAST Security Dashboard interface. Various reports can be generated, however, some require some configuration before they will work. 

Accessing the Report Generation feature

From the Side Menu bar, click the following icon:

Available report categories

Various report categories are available:

CategoryEnabled by default?CAST Report Generator for Dashboards required?Additional configuration required?Output formatAvailable reports
Security Reports(tick)(tick)(tick) See section below.Same format as the associated CAST Report Generator templates.

Available reports include:

Note that the default list of reports can be customized.


Industry Compliance Reports(tick)(tick)(tick) See section belowSame format as the associated CAST Report Generator templates.

Available reports include:

Note that the default list of reports can be customized.


Miscellaneous Reports 

(tick)(error)(error)

Inline in the browser

Can be downloaded in Excel format.

Available reports include:

Custom Reports 

(error)(tick)(tick) See section below.Same format as the associated CAST Report Generator templates.This category enables you to define your own custom reports via CAST Report Generator templates.

Security and Industry Compliance Reports

This category provides reports on various industry recognized standards such as:

Configuration process

These reports are based on templates provided with CAST Report Generator and therefore CAST Report Generator for Dashboards (v. ≥ 1.9.0) must be present on the server running Apache Tomcat hosting your Security Dashboard in order for the reports to function. In addition the report.properties file in your deployed Dashboard must be modfied.

See CAST Report Generator - CAST Report Generator for Dashboards for more detailed instructions about the configuration process.

Generation process

Choose a report type from the  Security Reports or Industry Compliance Reports category and click the Generate Report button:

The report will be generated and auto downloaded to the default "downloads" folder used by your browser. Reports are generated using the same format as the associated CAST Report Generator templates. The report file name should contain the:

For example: MEUDON-Computed on 201903061327-OWASP-2017-Top10 - Summary.docx (MEUDON is an Application name).

A notification message is displayed when the report is generated:

If the report fails to generate, a notification is also displayed with the error message. Please refer this page about error messages handling: Report Service - 1.9.0.

This example shows that CAST Report Generator for Dashboards has not been configured:


Miscellaneous Reports

This category provides reports that can easily show where the biggest changes in violations between snapshots have occurred:

These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration. Reports can be downloaded in Excel format:

Drill down to violation source code is also possible for some reports:

Custom Reports

This category enables you to define your own custom reports via CAST Report Generator templates. The category is disabled by default (i.e. it does not contain any report templates). The templates you want to generate must be present on the server hosting Apache Tomcat in the "Templates" sub folder of your CAST Report Generator for Dashboards deployment location.

Adding custom reports

To enable and define the reports for the category, edit the following file:

%CATALINA_HOME%\webapps\CAST-Security\security\resources\ced.json
For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Security\security\resources\ed.json

Find the following configuration section:

{
	"id": "custom",
	"label": "Custom Reports",
	"reportTemplates":[]
}

To add your report for a custom template called Executive summary PPT.pptxAEP Sample Report.xlsx and My Custom Template 2019.docx change it as follows. Save the file and restart the host Apache Tomcat server for the changes to be applied:

{
	"id": "custom",
	"label": "Custom Reports",
	"reportTemplates":[
		{
            "templateLabel": "Executive summary PPT",
            "templateId": "Executive+summary+PPT",
            "fileType":"pptx"
		},
		{
            "templateLabel": "AEP Sample Report",
            "templateId": "AEP+Sample+Report",
            "fileType":"xlsx"
		},
		{
			"templateLabel": "My Custom Template 2019",
			"templateId": "My+Custom+Template+2019",
			"fileType":"docx"
		}   
	]
}


  • Custom templates should be available in the Templates folder within the CAST Report Generator for Dashboards deployment folder, for example: ReportGeneratorCLIforAllOS\Templates.
  • templateLabel is a free text, this is used in the drop down list in the dashboard.

  • templateId should be the file name of the custom template name without the file extension and "+" signs in place of white space. For example, if your custom template name is My Custom Template.docx the templateId should be configured as "templateId": "My+Custom+Template+2019".

Adding custom report categories

Note that custom report categories are available in version ≥ 1.11.0.

Multiple Custom Report categories can be added, alongside the existing default "Custom Report" category. These custom categories can then be populated with custom reports in exactly the same way as the default "Custom Reports" category (see Adding custom reports above):

To add a custom report category, edit the following file:

%CATALINA_HOME%\webapps\CAST-Security\engineering\resources\ced.json
For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Engineering\engineering\resources\ed.json

Find the following configuration section:

{
	"id": "custom",
	"label": "Custom Reports",
	"reportTemplates":[]
}

First add a comma immediately at the end of the preceding section:

{
	"id": "custom",
	"label": "Custom Reports",
	"reportTemplates":[]
},

Now add a new section for your category and give it a unique "label" (example shown below). Populate it with your custom templates - the custom report category and custom templates will then be available for generation.

{
	"id": "custom",
	"label": "Custom Reports",
	"reportTemplates":[]
},
{
	"id": "CustomReport",
	"label": "Custom Reports_Category1",
	"reportTemplates":[
		{
			"templateLabel": "Custom report type1",
			"templateId": "CISQ+-+custom-+Summary",
			"fileType":"docx"
		},
		{
			"templateLabel": "Custom report type2",
			"templateId": "OWASP+-+custom-+Summary" ,
			"fileType":"docx"
		}
	]
}

Generation process

Choose a custom report type from the Custom Reports category and click the Generate Report button: