Risk Investigation view

Accessible from the sidebar menu  or by clicking the Risk Model tile, this view enables investigation of the application risk from the Assessment Model perspective - moving through Health Measures/Business Criteria, Technical Criteria, Rules/Measures/Distributions right down to the objects in violation.

By default, only Business Criteria that are categorised as Health Measures will be displayed in the dashboard. All other Business Criteria that are NOT Health Measures will not be displayed. You can override this behaviour, to display ALL top-level Business Criteria if required - see Engineering Dashboard json configuration options from the CAST AIP documentation.

Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Health Measure to an individual object that is in violation. Take for example the top level list of Health Measures:

Selecting a Health Measure in this table will display all of the contributing Technical Criteria in the right hand section:

When a Health Measure is selected, the first row in the Technical Criteria list will be titled "All Rules...". Selecting this item will display a list of all the Rules that contribute to the selected Health Measure:

Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Rules in the right hand section:

Selecting a contributing Rule will move the item to the left hand side of the page and display details about it (including the list of objects in violation, computing details, and rule/distribution/measure documentation) in the right hand section:


Note that when there are many violations to display, a "Show More" button will be available:

By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Dashboard wide configuration options in json from the CAST AIP documentation).

Finally, depending on the item (Rule, Distribution, Measure), you can do as follows:

Technical Debt Tile

You may create Technical Debt tile, to display Total Added and Removed OMG Tech Debt, and the total number of days.

Tile can be configured as below in ed.json file (formerly ced.json). 


{
                       "type":"OMGTechnicalDebt",
                       "parameters":{
                          "business":"1062100"
                       },
                       "color":"pale-blue",
                       "col":6,
                       "row":1,
                       "sizex":2,
                       "sizey":1,
                       "min-sizex":1,
                       "min-sizey":1,
                       "max-sizey":1,
                       "max-sizex":2
                    }

Click on the AUTOMATED TECHNICAL DEBT tile. It will drill down to risk investigation page with CISQ assessment model selected, also the view will be selected as "Technical Debt (OMG)", as shown in the below screen.

You can switch to the CISQ Assessment Model violation view from the drop-down list.

In Rules Details, "Technical Debt (OMG)" section is added (as shown in the below screen), which shows the details about rules (Total, Added, Removed, and number of occurrences). 

In the source code view, a new section list is added with icons on left, which represents the sections "Source Code" and "Technical Debt (OMG)" respectively. Clicking on the "Technical Debt (OMG)" icon, the scroll focus will be in the "Technical Debt (OMG)" section, where the object level details of Adjustment Factor, UNADJUSTED EFFORT (IN MINS) and ADJUSTED EFFORTS (IN MINS) are displayed.

Rule

For a Rule the following sections are available:

Violations

Expand the list of Violations

...to view the objects violating the selected Rule:

Header icons

The following icons will be available:

EducateClick this icon to add the associated Rule to the Security Dashboard - Education list.
DownloadClick this icon to export the list of violations to Excel.
Source code
Note that Source Code is not available when viewing data from a previous snapshot.

Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:

Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).

The Rule name is also highlighted using colour (yellow for a standard Rule (as shown below), and red for critical):


Please note that in the current release of CAST AIP, the display of source code is limited in functionality:

  • The source code does not currently show all violations for Rules that reference User Input Security elements, such as:
    • The Rule "Avoid direct or indirect remote calls inside a loop"
Parameter values for last snapshots and when there are no violations

Clicking on Rule displays Parameter details section (along with other sections violations, computing details & Rule documentation) in the Risk Investigation view. This section displays the parameter name, technology, and value for the selected rule.

Parameter details will be displayed for the current snapshot as well as for the previous snapshot if the rule is "parameterized". The parameter detail section also displays the data for a selected rule when no violations exist. This section displays a message "No parameter details available" if the selected rule does not have parameter details:

When a Rule involves "cyclical calls" such as the rule "Avoid cyclical calls and inheritances between packages", then the source code display is altered slightly as follows. A cyclical call means two packages refer to each other through a call and therefore, the result of this could be a circular dependency. So in this case, the dashboard does not show the detailed source code but the list of packages involved so that we can show where these cyclical calls are located.

If a "copy/pasted" Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:

After clicking on the object in the Violation details table, a separate page will be opened to show the comparable code fragments (see image below - click to enlarge):

Bookmarks

When results include violation bookmarks in the source code, the dashboard can access more details about the actual defects in the object for the current Rule. The violation bookmarks are displayed per defects found; the display follows the same pattern as the object source code viewer: each code fragment is associated to its related file and the violation bookmark is highlighted using colour (yellow for a standard Rule, red for critical (as shown below). Multiple bookmarks may be associated to a single defect (as shown below):

A More defects button will appear when there are more than five defects in the object for the current Rule:

If a defect contains multiple bookmarks, then the Primary/Secondary bookmark will appear to show the main bookmark and additional bookmarks as shown below. The display follows the same pattern as the object source code viewer, except that the secondary bookmark will be highlighted as blue:

A More bookmarks button will appear when there are more than five bookmarks in one defect for the current Rule. The color depends on whether the Rule is critical (red) or not (yellow). If you click "View File" button, the lines numbers are highlighted:

OWASP bookmark display

Bookmarks for defects in source code violating OWASP Rules (such as Avoid SQL injection vulnerabilities ( CWE-89 ) ) are displayed slightly differently to help you follow the violation trail within the Application:

You can use the "eye" icon to the right of the list to view the source code file in which the bookmark is located:

Violation details

The Violation details section underneath the Source Code display shows the Violation Name along with the values of the Violation Details (i.e the "Associated Values"):

If the Rule does not have any violation details, the message "No violation details for this Rule" will be displayed instead.
Why is that an issue?

You can use the Why is that an issue? option underneath the Source Code display to view the Rationale section of the Rule that has been violated. Clicking the Learn More button will take you directly to a full description of the violated Rule: 

Computing Details

This section displays:

ColumnExplanation
ModuleShows the name of each module that has objects as defined during the snapshot configuration and generation.
Total CheckThe total number of objects in the module that were checked against the current Rule.
Viol.The number of objects in the module violating the current Rule.
ComplianceThe compliance rate for the module - i.e. the percentage of objects in the module that are compliant with the Rule.


Note that the row containing the module name "Total" contains cumulative data for all modules displayed in the section.
Rule Documentation

If there are no Tags associated with the Rule, there will a "No Tag" message in the "Tags" section:

Accessing an object in the Application Investigation view

Clicking the following icon will take you directly to the object in the Application Investigation view:

Distribution

For a Distribution, you can view how objects in the current Application are distributed: objects are placed into categories depending on the criteria of the Distribution itself. Sections indicate which category the objects fall into: Low/Small (Green), Average, High/Large and Very High/Very Large (Red). A Status column displays the status of the object between the current and previous snapshot (unchanged, added, deleted etc.). So to take the example of the Size Distribution distribution:

Measure

Quality Measures are listed in the Security Dashboard, however, since Measures are never "violated" in the same way a Rule is violated, little information can be displayed other than the documentation:

Table key

All tables that display data in the Risk Investigation mode contain various columns. The table below lists all possible column names and provides an explanation for each:

Health Measure
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Previous

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Health Measure
Name of the Health Measure
Technical Criterion
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Previous

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Technical Criterion
Name of the Technical Criterion.

Weight

Displays the weight of the Technical Criterion in its parent Health Measure. The higher the value, the more weight the item carries.

Rules, Distributions and Measures
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Evolution

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Rules...
Name of the Rule/Distribution/Measure.

Weight

Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries.

Critical Rule

A red dot in this column indicates that the Rule has been set as critical in the Assessment Model.

Violation
ColumnExplanation

Option to add/remove the violation from the Action Plan or the Scheduled Exclusion List (see Security Dashboard - Action Plan for more information). Note that to interact with the Action Plan/Scheduled List, your user login must have the role QUALITY_MANAGER/EXCLUSION_MANAGER roles. These can be assigned at user level (when using Default Authentication mode) or via user or group (when using Standard LDAP authentication). Please see User authentication for more information.
Action / Exclusions

Indicates whether the violation has been added to the Action Plan or the Scheduled Exclusion List (see Security Dashboard - Action Plan for more information):

Item has been added to the Action Plan.
Item has been added to the Scheduled Exclusion List.


Object Name LocationDisplays the object name, and in the case of file based objects (as oppose to Database objects), the location on disk of the object.
Risk

This value was previously known as Propagated Risk Index (PRI): it identifies the violations that can impact the largest number of components, involving objects with the largest number of violations pertaining to the Health Measure involved. The formula used to calculate this value is as follows:

PRI = (RPF + 1) x VI

Where RPF and VI equal:

RPF

Risk Propagation Factor (RPF): identifies violations that can impact the largest number of components in the Application. The impact area is computed as follows:

  • Risk Propagation Factor for a Robustness, Performance, or Security Violation is the size of its call path
  • Risk Propagation Factor for a Changeability Violation is its Fan-In
  • Risk Propagation Factor for a Transferability Violation is zero (0).

VI

Violation Index (VI): identifies objects with the largest number of violations, taking into account the weight of the Rules and of the Technical Criteria, for the Health Measure involved. The formula used to calculate this value is as follows

For each object, identify Rules it violates that contribute to a given Health Measure through Technical Criteria. Multiply aggregate weight of the Rule within the Technical Criterion by the aggregate weight of the Technical Criterion within the Health Factor. In other words:

VI = Sum_of_all_rules_violated_by_the_object (Quality_rule_weight * technical_criteria_weight)


Status

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Clicking this icon will take you direct to the object in the Application Investigation view.
Distribution
ColumnExplanation
Object Name LocationDisplays the object name.
Status

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Measure

Measures only display the documentation.

Display rules

Each table displays Business Criteria, Technical Criteria and Rules/Distributions/Measures based on the following specific criteria:

For Rules only:

Filtering

By default when using the Risk Investigation view, the entire Application content is displayed. However, you may be interested in investigating a subset of the Application (a specific module or a specific technology). Two filters are available for that purpose in the breadcrumb area, to the top right.

Technology filter > Same filtering applies to the Risk Investigation.
By default the filters are inactive (red text) and are only active when specifically selected (white text):

Some filtering may not be relevant as you drill down. If you are investigating a JEE specific Rule and try to filter on HTML5 technology (for example), we would get no data, hence, to make things clearer, the HTML5 technology filter option is be disabled (lighter grey color) in this context. This can apply at technical criteria or Rule level and in some rare cases, even from the Health Measure level:

  • When investigating a specific object, the filters are disabled as they are no longer relevant.
  • For numerous reasons (confusion, bookmarks or tiles leading to rules/objects in contexts), the filters are always reset when leaving the Risk Investigation pages. 




Risk Investigation view

Accessible from the sidebar menu  or by clicking the Risk Model tile, this view enables investigation of the application risk from the Assessment Model perspective - moving through Health Measures/Business Criteria, Technical Criteria, Rules/Measures/Distributions right down to the objects in violation.

By default, only Business Criteria that are categorised as Health Measures will be displayed in the dashboard. All other Business Criteria that are NOT Health Measures will not be displayed. You can override this behaviour, to display ALL top-level Business Criteria if required - see Engineering Dashboard json configuration options from the CAST AIP documentation.

Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Health Measure to an individual object that is in violation. Take for example the top level list of Health Measures:

Selecting a Health Measure in this table will display all of the contributing Technical Criteria in the right hand section:

When a Health Measure is selected, the first row in the Technical Criteria list will be titled "All Rules...". Selecting this item will display a list of all the Rules that contribute to the selected Health Measure:

Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Rules in the right hand section:

Selecting a contributing Rule will move the item to the left hand side of the page and display details about it (including the list of objects in violation, computing details, and rule/distribution/measure documentation) in the right hand section:


Note that when there are many violations to display, a "Show More" button will be available:

By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Engineering Dashboard json configuration options from the CAST AIP documentation).

Finally, depending on the item (Rule, Distribution, Measure), you can do as follows:

Technical Debt Tile

You may create Technical Debt tile, to display Total Added and Removed OMG Tech Debt, and the total number of days.

Tile can be configured as below in ed.json file (formerly ced.json). 


{
                       "type":"OMGTechnicalDebt",
                       "parameters":{
                          "business":"1062100"
                       },
                       "color":"pale-blue",
                       "col":6,
                       "row":1,
                       "sizex":2,
                       "sizey":1,
                       "min-sizex":1,
                       "min-sizey":1,
                       "max-sizey":1,
                       "max-sizex":2
                    }

Click on the AUTOMATED TECHNICAL DEBT tile. It will drill down to risk investigation page with CISQ assessment model selected, also the view will be selected as "Technical Debt (OMG)", as shown in the below screen.

You can switch to the CISQ Assessment Model violation view from the drop-down list.

In Rules Details, "Technical Debt (OMG)" section is added (as shown in the below screen), which shows the details about rules (Total, Added, Removed, and number of occurrences). 

In the source code view, a new section list is added with icons on left, which represents the sections "Source Code" and "Technical Debt (OMG)" respectively. Clicking on the "Technical Debt (OMG)" icon, the scroll focus will be in the "Technical Debt (OMG)" section, where the object level details of Adjustment Factor, UNADJUSTED EFFORT (IN MINS) and ADJUSTED EFFORTS (IN MINS) are displayed.

Rule

For a Rule the following sections are available:

Violations

Expand the list of Violations

...to view the objects violating the selected Rule:

Header icons

The following icons will be available:

EducateClick this icon to add the associated Rule to the Security Dashboard - Education list.
DownloadClick this icon to export the list of violations to Excel.
Source code
Note that Source Code is not available when viewing data from a previous snapshot.

Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:

Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).

The Rule name is also highlighted using colour (yellow for a standard Rule (as shown below), and red for critical):


Please note that in the current release of CAST AIP, the display of source code is limited in functionality:

  • The source code does not currently show all violations for Rules that reference User Input Security elements, such as:
    • The Rule "Avoid direct or indirect remote calls inside a loop"
Parameter values for last snapshots and when there are no violations

Clicking on Rule displays Parameter details section (along with other sections violations, computing details & Rule documentation) in the Risk Investigation view. This section displays the parameter name, technology, and value for the selected rule.

Parameter details will be displayed for the current snapshot as well as for the previous snapshot if the rule is "parameterized". The parameter detail section also displays the data for a selected rule when no violations exist. This section displays a message "No parameter details available" if the selected rule does not have parameter details:

When a Rule involves "cyclical calls" such as the rule "Avoid cyclical calls and inheritances between packages", then the source code display is altered slightly as follows. A cyclical call means two packages refer to each other through a call and therefore, the result of this could be a circular dependency. So in this case, the dashboard does not show the detailed source code but the list of packages involved so that we can show where these cyclical calls are located.

If a "copy/pasted" Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:

After clicking on the object in the Violation details table, a separate page will be opened to show the comparable code fragments (see image below - click to enlarge):

Bookmarks

When results include violation bookmarks in the source code, the dashboard can access more details about the actual defects in the object for the current Rule. The violation bookmarks are displayed per defects found; the display follows the same pattern as the object source code viewer: each code fragment is associated to its related file and the violation bookmark is highlighted using colour (yellow for a standard Rule, red for critical (as shown below). Multiple bookmarks may be associated to a single defect (as shown below):

A More defects button will appear when there are more than five defects in the object for the current Rule:

If a defect contains multiple bookmarks, then the Primary/Secondary bookmark will appear to show the main bookmark and additional bookmarks as shown below. The display follows the same pattern as the object source code viewer, except that the secondary bookmark will be highlighted as blue:

A More bookmarks button will appear when there are more than five bookmarks in one defect for the current Rule. The color depends on whether the Rule is critical (red) or not (yellow). If you click "View File" button, the lines numbers are highlighted:

OWASP bookmark display

Bookmarks for defects in source code violating OWASP Rules (such as Avoid SQL injection vulnerabilities ( CWE-89 ) ) are displayed slightly differently to help you follow the violation trail within the Application:

You can use the "eye" icon to the right of the list to view the source code file in which the bookmark is located:

Violation details

The Violation details section underneath the Source Code display shows the Violation Name along with the values of the Violation Details (i.e the "Associated Values"):

If the Rule does not have any violation details, the message "No violation details for this Rule" will be displayed instead.
Why is that an issue?

You can use the Why is that an issue? option underneath the Source Code display to view the Rationale section of the Rule that has been violated. Clicking the Learn More button will take you directly to a full description of the violated Rule: 

Computing Details

This section displays:

ColumnExplanation
ModuleShows the name of each module that has objects as defined during the snapshot configuration and generation.
Total CheckThe total number of objects in the module that were checked against the current Rule.
Viol.The number of objects in the module violating the current Rule.
ComplianceThe compliance rate for the module - i.e. the percentage of objects in the module that are compliant with the Rule.


Note that the row containing the module name "Total" contains cumulative data for all modules displayed in the section.
Rule Documentation

If there are no Tags associated with the Rule, there will a "No Tag" message in the "Tags" section:

Accessing an object in the Application Investigation view

Clicking the following icon will take you directly to the object in the Application Investigation view:

Distribution

For a Distribution, you can view how objects in the current Application are distributed: objects are placed into categories depending on the criteria of the Distribution itself. Sections indicate which category the objects fall into: Low/Small (Green), Average, High/Large and Very High/Very Large (Red). A Status column displays the status of the object between the current and previous snapshot (unchanged, added, deleted etc.). So to take the example of the Size Distribution distribution:

Measure

Quality Measures are listed in the Security Dashboard, however, since Measures are never "violated" in the same way a Rule is violated, little information can be displayed other than the documentation:

Table key

All tables that display data in the Risk Investigation mode contain various columns. The table below lists all possible column names and provides an explanation for each:

Health Measure
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Previous

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Health Measure
Name of the Health Measure
Technical Criterion
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Previous

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Technical Criterion
Name of the Technical Criterion.

Weight

Displays the weight of the Technical Criterion in its parent Health Measure. The higher the value, the more weight the item carries.

Rules, Distributions and Measures
ColumnExplanation
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.
#Critical / #Violations

Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.

Evolution

Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot.

Rules...
Name of the Rule/Distribution/Measure.

Weight

Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries.

Critical Rule

A red dot in this column indicates that the Rule has been set as critical in the Assessment Model.

Violation
ColumnExplanation

Option to add/remove the violation from the Action Plan or the Scheduled Exclusion List (see Security Dashboard - Action Plan for more information). Note that to interact with the Action Plan/Scheduled List, your user login must have the role QUALITY_MANAGER/EXCLUSION_MANAGER roles. These can be assigned at user level (when using Default Authentication mode) or via user or group (when using Standard LDAP authentication). Please see User authentication for more information.
Action / Exclusions

Indicates whether the violation has been added to the Action Plan or the Scheduled Exclusion List (see Security Dashboard - Action Plan for more information):

Item has been added to the Action Plan.
Item has been added to the Scheduled Exclusion List.


Object Name LocationDisplays the object name, and in the case of file based objects (as oppose to Database objects), the location on disk of the object.
Risk

This value was previously known as Propagated Risk Index (PRI): it identifies the violations that can impact the largest number of components, involving objects with the largest number of violations pertaining to the Health Measure involved. The formula used to calculate this value is as follows:

PRI = (RPF + 1) x VI

Where RPF and VI equal:

RPF

Risk Propagation Factor (RPF): identifies violations that can impact the largest number of components in the Application. The impact area is computed as follows:

  • Risk Propagation Factor for a Robustness, Performance, or Security Violation is the size of its call path
  • Risk Propagation Factor for a Changeability Violation is its Fan-In
  • Risk Propagation Factor for a Transferability Violation is zero (0).

VI

Violation Index (VI): identifies objects with the largest number of violations, taking into account the weight of the Rules and of the Technical Criteria, for the Health Measure involved. The formula used to calculate this value is as follows

For each object, identify Rules it violates that contribute to a given Health Measure through Technical Criteria. Multiply aggregate weight of the Rule within the Technical Criterion by the aggregate weight of the Technical Criterion within the Health Factor. In other words:

VI = Sum_of_all_rules_violated_by_the_object (Quality_rule_weight * technical_criteria_weight)


Status

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Clicking this icon will take you direct to the object in the Application Investigation view.
Distribution
ColumnExplanation
Object Name LocationDisplays the object name.
Status

Displays the status of the object in comparison to the previous snapshot - e.g.:

  • Added
  • Updated
  • Deleted
  • Unchanged

You can also filter on a status by selecting the column header and choosing the status you want to view:

Measure

Measures only display the documentation.

Display rules

Each table displays Business Criteria, Technical Criteria and Rules/Distributions/Measures based on the following specific criteria:

For Rules only:

Filtering

By default when using the Risk Investigation view, the entire Application content is displayed. However, you may be interested in investigating a subset of the Application (a specific module or a specific technology). Two filters are available for that purpose in the breadcrumb area, to the top right.

Technology filter > Same filtering applies to the Risk Investigation.
By default the filters are inactive (red text) and are only active when specifically selected (white text):

Some filtering may not be relevant as you drill down. If you are investigating a JEE specific Rule and try to filter on HTML5 technology (for example), we would get no data, hence, to make things clearer, the HTML5 technology filter option is be disabled (lighter grey color) in this context. This can apply at technical criteria or Rule level and in some rare cases, even from the Health Measure level:

  • When investigating a specific object, the filters are disabled as they are no longer relevant.
  • For numerous reasons (confusion, bookmarks or tiles leading to rules/objects in contexts), the filters are always reset when leaving the Risk Investigation pages.