On this page:
Target Audience:
- Consumers of the information (i.e. those that will be using the CAST Application Engineering Dashboard)
- CAST AI Administrators
On this page: Target Audience:
|
| Summary: This page provides instructions for using the CAST Application Engineering Dashboard, i.e. how to login, what information is available etc. |
This documentation section provides the following information:
If you need to know more about:
|
To connect to the CAST Application Engineering Dashboard, browse to the URL provided to you by your CAST Administrator. This will usually be in the following format:
http://<server>:[<port>]/CAST-AED |
The login page will then be displayed:
To login to the CAST Application Engineering Dashboard, you need to enter a username and password and then click the Log In button.
Depending on the authentication mode configured by the CAST AI Administrator (see Installing and configuring the CAST Application Engineering Dashboard for more information) you need to login with a presupplied username and password, or your corporate username and password. If in doubt, contact your CAST AI Administrator.
This section describes some of the reasons why you may not be able to login to the dashboard:
If you are not authorized to view any data in the CAST Application Engineering Dashboard, then upon login a message will be displayed as follows and no further use of the dashboard is allowed:
Note that:
|
If you attempt to login to the CAST Application Engineering Dashboard when no license key has been configured, the following message will be displayed:
If you need to access the CAST Application Engineering Dashboard but:
then you can use the Can't access link to contact the CAST AI Administrator:
You will then be prompted to choose an option - each is explained below.
| Note that the email address and text for both options can be modified. Please see: CAST-AAD-AED - Lost password and request access configuration. |
If you choose this option:
A new email will be created in your default email client requesting the password for the username you specified. Send this to your CAST AI Administrator.
If you choose this option, simply click the Send button.
A new email will be created in your default email client requesting access. Send this to your CAST AI Administrator.
On login, depending on the number of Applications available, behavior is slightly different:
| Number of Applications | Behavior |
|---|---|
| Single Application | You are taken direct to the Application landing page:
|
| Multiple Applications | You are offered a choice of which Application to access:
When the Application is selected, you will be taken direct to the selected Application's landing page (as shown above). If you are not authorized to access the selected Application, a "You are not authorized to access any applications" message will be displayed. If you would like to choose different Application, you can do so using the dropdown list box located on the menu bar:
If you cannot locate the Application you require, you can use the search field to search for the Application - the search is instant - entering a single character will start the search mechanism:
|
| Whenever relevant, loading icons will display when data could take some time to fetch/process and/or display. |
If, on login, you are presented with the following message on each page in the CAST Application Engineering Dashboard, you should contact your CAST Administrator to request that the license is updated:
You can click the link on the "CAST Project Manager" text (underlined in the image above) to contact the administrator. Doing so will open an email in your default email client requesting that the license is updated. |
This section provides a brief explanation of the interface display options that are available to you.
| Note that the tiles displayed out of the box are fully configurable by the CAST AI Administrator. Please see CAST-AED - Tile management for more information. |
The Application landing or "home" page is displayed after a successful login:
It consists of multiple tiles (tiles are used extensively in the CAST Application Analytics Dashboard - CAST AAD) used to display data and information from the most recent snapshot of the selected Application:
This default tile displays "at a glance" information about the current Application status:
Clicking this tile will take you directly to the Quality investigation view (this can also be accessed by clicking the 
button available in the sidebar).
This default tile displays "at a glance" information about the Violation status for the current Application:
Clicking this tile will take you directly to the Application investigation view (this can also be accessed by clicking the 
button available in the sidebar).
A "Top Riskiest Transactions tile" is provided "out-of-the-box" for the Security Health Factor:
This tile provides a clickable "cloud" of transaction names - the larger and bolder the font used to display the transaction name, the higher the TRI value (TRI or Transaction Risk Index is an indicator of the risk for transaction) has within the specified Health Factor (i.e. Robustness, Efficiency and Security for example). Robustness is set as the default Health Factor but can be changed in the tile itself using the drop down arrow.
Clicking a transaction name in the tile will take you directly to the selected transaction in the Transaction Investigation view (this can also be accessed by clicking the 
button available in the sidebar).
A "Top Riskiest Components tile" is provided "out-of-the-box" for the Security Health Factor:
This tile provide a clickable "cloud" of object names - the larger and bolder the font used to display the name, the higher the Risk (previously known as PRI: Propagated Risk Index) value the object has within the specified Health Factor (i.e. Security or Efficiency for example). See this table for more information about how Risk is calculated.
Clicking an object name in the tile will take you directly to the object in the Application Investigation view - for example clicking the Load object will show this:
One "Top Modules with Violations" tile is provided "out-of-the-box" for the TQI (Total Quality Index) Health Factor (this Health Factor can be changed by clicking the drop down arrow next to the Health Factor name):
This tile provides a listing of the modules sorted by the number of critical violations present in each module. Tile can be resized to display more or less modules. Clicking a module in the tile will take you directly to the module in the Application Investigation view. In the Application Investigation view, violated Quality Rules are listed by their number of violations, with critical rules first (by default: ordered by number of violations):
Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly. |
Two tiles listing the Strength and Weakness of a given Health Factor, listed by Technical Criteria:
Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly. |
These tiles provide
By default, the Robustness Health Factor is displayed, however, you can change to a different Health Factor using the drop down list in each tile:
Clicking a Technical Criterion in the tile will take you directly to the Technical Criterion in the Quality Investigation view:
A default Action Plan tile is displayed showing, initially, the total number of objects that have been added to the Action Plan list since the last snapshot was generated. Clicking the tile will take you directly to the Action Plan).
This tile can be manually re-sized (drag and drop the corners or sides of the tile) to include more information about Pending and Solved items (see the Action Plan for more information about the Pending and Solved statistics):
One "Top Rules with increasing violations" tile and one "Top rules with decreasing violations" are provided "out-of-the-box" for the TQI (Total Quality Index) Health Factor:
These tiles display a list of Quality Rules and a value as follows:
Violation count difference is displayed on the right of a rule and a red dot is added when the rule is critical. Rules are clickable and will take you direct to the Quality Rule in the Quality Investigation view.
In addition, the CWE Top-25 Rules Compliance, or any standard ruleset such as CISQ or OWASP, can also be displayed in a tile - note that this configuration is not available out of the box in CAST AIP and requires a custom Assessment Model configuration:
| Note that the default behaviour in the dashboard is to display ONLY Critical Violations (see Data filtering on Critical Violations) - therefore the display in this tile will reflect this and only Critical Violations (with a red dot) will be displayed. If the default filter is disabled to show ALL violations, then the tile will display Critical and non-Critical Violations. |
By default, this tile shows two values for the Total Quality Index (TQI) Health Factor:
Values are a comparison between the previous and current snapshot, therefore if this is the first snapshot then there will be Added Critical Violations or Violations but no Removed Critical Violations or Violations. It is also possible to change the Health Factor by clicking the drop down arrow next to the Health Factor name.
Clicking the tile will take you directly to the Health Factor in the Quality Investigation view (see CAST Application Engineering Dashboard - CAST AED for more information).
The risk introduced can be viewed at the violation level for an Application to see which new issues were introduced since the last snapshot and which issues have been fixed since the last snapshot (click to enlarge):
Note that depending on whether Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations), the content will reflect the filter that is currently active, displaying only Critical Violations or ALL Violations accordingly. |
As explained previously the landing page or home page contains a set number of "default" tiles that are delivered "out of the box". Your dashboard Administrator may chose to configure additional tiles or custom locations for the default set of tiles (see CAST-AED - Tile management) but you have a certain amount of freedom to set up the home page as you require:
Changes you make to the location or size of tiles is saved via a cookie, therefore the positions and sizes of tiles will be retained over successive sessions using the same browser. Using a different browser on the same workstation will not retain the changes to the tiles.
If you would like to reset the position and size of the tiles as they are provided to you "out of the box", you can use the Reset homepage option located in the top right hand corner:
If you would like to monitor a specific Quality Rule (perhaps a critical Quality Rule with multiple violations) in your Application via a tile in the landing/home page you can do so by adding a "bookmark" or "favorite" tile which links to the item in question. To do so:
Tips:
|
Each tile displayed in the landing or home page will be configured with a predefined colour as defined in the .JSON (see CAST-AED - Tile management). However, you can change this from your browser:
|
A description of each numbered item is provided below:
| Item | Name | Description | |
|---|---|---|---|
| 1 | Application selector | This option enables you to select the Application you wish to view. A drop down list box will be displayed enabling you to pick the Application you require. Note that only the Applications you are authorized to view will be available for selection. | |
| 2 | Snapshot description | Displays information about the current snapshot data you are viewing: Name, Version, Date. | |
| 3 | Snapshot selector | This option enables you to select a specific snapshot to investigate - if multiple snapshots are available for the current Application. This allows you to "go back in time" and investigate data from a previous snapshot. Note that not all data is available for previous snapshots. See snapshots for more information. | |
| 4 | Share data | Clicking this icon will open a new email in your default email client, together with a link to the current location in the dashboard. You can therefore use option to share a link with colleagues. Example email shown below:
| |
| 5 | Data filtering | This icon activates/deactivates data filtering on Critical Violations. See Data filtering on Critical Violations for more information. | |
| 6 | Search | Activates a search field enabling you to search for names of items in the quality model:
Note that the search is contextual. Therefore if you are investigating at a specific Business Criterion/Technical Criterion/Quality Rule/Distribution/Measure level, only the items based on this context will be made available: e.g.: if the user is investigating a technical criteria, only the rules associated to the technical criterion will be available):
The search field also indicates that the search will take place in the current context:
| |
| 7 | Current user | Indicates the name of the current user that is logged in to the CAST Application Engineering Dashboard. A drop down list box is also available:
This contains two options:
|
| Side menu bar | Item | Name | Description |
|---|---|---|---|
 | 1 | Home | This button will take you back to the initial "home" or landing page from wherever you are located in the CAST Application Engineering Dashboard. |
| 2 | Quality investigation | This option focuses on application risk level from the Assessment Model perspective - moving through Business Criteria, Technical Criteria, Quality Rules/Measures/Distributions right down to the objects in violation. See Quality Investigation view for more information. | |
| 3 | Application investigation | This option focuses on the application's technical components (i.e. its objects) and provides violation details on those objects and their related dependencies. See Application Investigation view for more information. | |
| 4 | Transaction investigation | This option focuses on the application's transactions and provides violation details on the riskiest transactions and their related dependencies. See Transaction Investigation view for more information. | |
| 5 | Action Plan | This option will display the Action Plan - an Action Plan is simply a list of objects (i.e. "violations") that have been selected for action in the next snapshot generation process with a priority level assigned to them. Users can then use the list to focus their re-mediation work. Think of it as a "to do list" - i.e. objects that require work to remove the violation flagged by CAST AIP. See the section Using the Action Plan below for more information. | |
| 6 | Contextual help | This option provides basic help for various items in the CAST Application Engineering Dashboard. To use it:
|
| Note that the CAST Application Engineering Dashboard features a server cache to improve the speed of data display. This does mean, however, that very recent changes in data (i.e. a new snapshot generation) may not instantly appear in the dashboard. If this is the case, the server cache needs to be manually reloaded. See CAST-AAD-AED - Reload the cache. |
The information displayed in the CAST Application Engineering Dashboard is derived from snapshots generated by the CAST AI Administrator and provides a detailed "engineering" level view of your set of Applications - this includes specific information about Quality Rules and Violations.
All data that is displayed is taken from the most recent snapshot that has been generated for the selected Application. However, it is possible to view data from a previous snapshot if required by using the snapshot selector in the top menu:
Clicking this option will display a drop down menu where you can select the snapshot you require:
To view a previous snapshot, select it on the timeline and then click the Select Snapshot option:
The display will then update to show the data from the selected snapshot.
Note that when viewing data from a previous snapshot, some information/tiles are not available:
|
To return to the current snapshot data use the snapshot selector button on the top menu bar to select the most recent snapshot:
By default, the CAST Application Engineering Dashboard only shows information about Critical Violations, rather than showing data for ALL violations - this allows you to instantly see the most important flaws in the analyzed application.This data filter is controlled by the following icon in the Top Menu bar:
When in the default position showing only information about Critical Violations, the icon is colored red as shown above. When in this position, the dashboard only shows information about Critical Violations and other non-Critical Violations are ignored. For example, the Quality Model tile will display data only about Critical Violations (as specified in the black circle):
Note that:
|
If you would prefer to view all data about ALL Violations (not just Critical Violations) in your application, you can disable the filter by clicking the filter icon on the top menu and then toggling the Only critical violations button:
Once the filter is disabled, ALL data is now displayed. For example the Quality Models tile now displays data about ALL violations:
The data available is displayed using various different "views":
Accessible from the sidebar menu or by clicking the Quality Model tile, this view enables investigation of the application risk from the Assessment Model perspective - moving through Health Factors/Business Criteria, Technical Criteria, Quality Rules/Measures/Distributions right down to the objects in violation.
By default, only Business Criteria that are categorised as Health Factors will be displayed in the dashboard. All other Business Criteria that are NOT Health Factors will not be displayed. You can override this behaviour, to display ALL top-level Business Criteria if required - see CAST-AED - Dashboard wide configuration options in json.
Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Health Factor to an individual object that is in violation. Take for example the top level list of Health Factor Business Criteria:
Selecting a Business Criteria in this table will display all of the contributing Technical Criteria in the right hand section:
When a Health Factor/Business Criterion is selected, the first row in the Technical Criteria list will be titled "All quality rules...". Selecting this item will display a list of all the Quality Rules that contribute to the selected Health Factor/Business Criterion:
|
Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Quality Rules, Distributions and Measures in the right hand section:
Selecting a contributing Quality Rule, Distribution or Measure will move the item to the left hand side of the page and display details about it (including the list of objects in violation, computing details, and rule/distribution/measure documentation) in the right hand section:
Finally, depending on the item (Quality Rule, Distribution, Measure), you can do as follows:
For a Quality Rule the following sections are available:
Expand the list of Violations
...to view the objects violating the selected Quality Rule:
| Note that Source Code is not available when viewing data from a previous snapshot. |
Select an object in the list of violations to view its source code. In order to focus investigation, source code displayed presents either:
Whenever a piece of code is made available, the View File button (seen in the example below) provides the ability to open the entire source code file to get the entire context. The file is opened in a separate browser window. The entire source code is presented plus some context (application name, snapshot reference, file name).
The Quality Rule name is also highlighted using colour (yellow for a standard quality rule (as shown below), and red for critical):
Please note that in the current release of CAST AIP, the display of source code is limited in functionality:
|
When a Quality Rule involves "cyclical calls" such as the rule "Avoid cyclical calls and inheritances between packages", then the source code display is altered slightly as follows. A cyclical call means two packages refer to each other through a call and therefore, the result of this could be a circular dependency. So in this case, the dashboard does not show the detailed source code but the list of packages involved so that we can show where these cyclical calls are located.
If a "copy/pasted" Quality Rule has been selected (for example Avoid Too Many Copy/Pasted Artifacts), a list of objects that have a high level of similarity with the selected objects will be listed:
After clicking on the object in the Violation details table, a separate page will be opened to show the comparable code fragments (see image below - click to enlarge):
When results include violation bookmarks in the source code, the dashboard can access more details about the actual defects in the object for the current Quality Rule. The violation bookmarks are displayed per defects found; the display follows the same pattern as the object source code viewer: each code fragment is associated to its related file and the violation bookmark is highlighted using colour (yellow for a standard quality rule, red for critical (as shown below). Multiple bookmarks may be associated to a single defect (as shown below):
A More defects button will appear when there are more than five defects in the object for the current Quality Rule:
If a defect contains multiple bookmarks, then the Primary/Secondary bookmark will appear to show the main bookmark and additional bookmarks as shown below. The display follows the same pattern as the object source code viewer, except that the secondary bookmark will be highlighted as blue:
A More bookmarks button will appear when there are more than five bookmarks in one defect for the current Quality Rule. The color depends on whether the Quality Rule is critical (red) or not (yellow). If you click "View File" button, the lines numbers are highlighted:
Bookmarks for defects in source code violating OWASP Quality Rules (such as Avoid SQL injection vulnerabilities ( CWE-89 ) ) are displayed slightly differently to help you follow the violation trail within the Application:
You can use the "eye" icon to the right of the list to view the source code file in which the bookmark is located:
You can use the Why is that an issue? option underneath the Source Code display to view the Rationale section of the Quality Rule that has been violated. Clicking the Learn More button will take you directly to a full description of the violated Quality Rule:
This section displays:
| Column | Explanation |
|---|---|
| Module | Shows the name of each module that has objects as defined during the snapshot configuration and generation. |
| Total Check | The total number of objects in the module that were checked against the current Quality Rule. |
| Viol. | The number of objects in the module violating the current Quality Rule. |
| Compliance | The compliance rate for the module - i.e. the percentage of objects in the module that are compliant with the Quality Rule. |
| Note that the row containing the module name "Total" contains cumulative data for all modules displayed in the section. |
Clicking the following icon will take you directly to the object in the Application Investigation view:
For a Distribution, you can view how objects in the current Application are distributed: objects are placed into categories depending on the criteria of the Distribution itself. Sections indicate which category the objects fall into: Low/Small (Green), Average, High/Large and Very High/Very Large (Red). A Status column displays the status of the object between the current and previous snapshot (unchanged, added, deleted etc.). So to take the example of the Size Distribution distribution:
Quality Measures are listed in the CAST Application Engineering Dashboard, however, since Measures are never "violated" in the same way a Quality Rule is violated, little information can be displayed other than the documentation. If you require more information about a Measure, please use the CAST Application Analytics Dashboard instead:
All tables that display data in the Quality Investigation mode contain various columns. The table below lists all possible column names and provides an explanation for each:
| Column | Explanation |
|---|---|
 | Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
 | Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Previous | Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot. |
| Baseline | Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the very first snapshot. |
| Health Factor | Name of the Health Factor/Business Criterion |
| Column | Explanation |
|---|---|
| Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
| Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Previous | Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot. |
| Technical Criterion | Name of the Technical Criterion. |
Weight | Displays the weight of the Technical Criterion in its parent Health Factor/Business Criterion. The higher the value, the more weight the item carries. |
| Column | Explanation |
|---|---|
| Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
| Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Evolution | Displays a % variation of the number of Violations or Critical Violations in the current snapshot for the currently selected item compared with those in the previous snapshot. |
| Quality Rules... | Name of the Quality Rule/Distribution/Measure. |
Weight | Displays the weight of the Quality Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries. |
| Critical Rule | A red dot in this column indicates that the Quality Rule has been set as critical in the Assessment Model. |
| Column | Explanation | ||
|---|---|---|---|
| - | Option to add/remove the object from the Action Plan (see below). Note that to interact with the Action Plan, your user login must have the role QUALITY_MANAGER. This can be assigned at user level (when using Static List authentication) or via user or group (when using Active Directory authentication). Please see CAST-AED - Configuring user authentication for more information. | ||
| Action Plan Priority | Displays the priority given to the object when it was added to the Action Plan, ranging from:
| ||
| Object Name Location | Displays the object name, and in the case of file based objects (as oppose to Database objects), the location on disk of the object. | ||
| Risk | This value was previously (in the CAST Engineering Dashboard) known as Propagated Risk Index (PRI): it identifies the violations that can impact the largest number of components, involving objects with the largest number of violations pertaining to the Health Factor involved. The formula used to calculate this value is as follows:
Where RPF and VI equal: RPF Risk Propagation Factor (RPF): identifies violations that can impact the largest number of components in the Application. The impact area is computed as follows:
VI Violation Index (VI): identifies objects with the largest number of violations, taking into account the weight of the Rules and of the Technical Criteria, for the Health Factor involved. The formula used to calculate this value is as follows For each object, identify Rules it violates that contribute to a given Health Factor through Technical Criteria. Multiply aggregate weight of the Rule within the Technical Criterion by the aggregate weight of the Technical Criterion within the Health Factor. In other words:
| ||
| Status | Displays the status of the object in comparison to the previous snapshot - e.g.:
You can also filter on a status by selecting the column header and choosing the status you want to view:
|
| Column | Explanation |
|---|---|
| Object Name Location | Displays the object name. |
| Status | Displays the status of the object in comparison to the previous snapshot - e.g.:
You can also filter on a status by selecting the column header and choosing the status you want to view:
|
Measures only display the documentation.
Each table displays Business Criteria, Technical Criteria and Quality Rules/Distributions/Measures based on the following specific criteria:
For Quality Rules only:
By default when using the Quality Investigation view, the entire Application content is displayed. However, you may be interested in investigating a subset of the Application (a specific module or a specific technology). Two filters are available for that purpose in the breadcrumb area,to the top right.
By default the filters are inactive (red text) and are only active when specifically selected (white text):
Please note that some filtering may not be relevant as you drill down. If you are investigating a JEE specific Quality Rule and try to filter on PL/SQL technology, we would get no data, hence, to make things clearer, the PL/SQL technology filter option is be disabled (lighter grey colour) in this context. This can apply at technical criteria or quality rule level and in some rare cases, even from the business criteria level:
Furthermore, if investigating a specific object, the filters are disabled (coloured red) as they are no longer relevant:
| For numerous reasons (confusion, bookmarks or tiles leading to rules/objects in contexts), the filters are always reset when leaving the Quality Model Investigation pages. |
Note that the Application Investigation view is not available when viewing data from a previous snapshot. |
Accessible from the sidebar menu or by clicking the Application Components tile tile, this view enables investigation of the objects in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from an Application right down to an individual object within that Application, and view the Quality Rules that those objects have violated.
The default Health Factor used for this view is Total Quality Index, but you can change this using the drop down list box in the top right corner:
The Application Browser provides a hierarchical tree view of the Application, its modules and the individual projects and objects that make up the Application:
Selecting an item in the tree will do two things:
When applications are large and flat (flat project structure), the number of items can be large, leading to slow loading and page rendering. A pagination mechanism has been designed in order to improving the usability: only a subset of items are loaded (~100 by default) and, upon scroll in the browser, more content will load in a lazy fashion with the message "Loading Next Items":
Selecting a an item (Application, Module, Project, Object) in the left hand section will update the right hand section. This section lists Quality Rules that the selected item is violating. Quality Rules are listed by the number of times they have been violated by the selected item (and all its constituent items in the case of an Application, Module or Project) and whether the Quality Rule is critical (flagged with a red dot):
| Column | Explanation | |
|---|---|---|
| Name | Name of the Quality Rule that the selected item is violating. | |
| #Violations / #Critical Violations | The number of Critical Violations or Violations that the selected Quality Rule has (the display depends on whether only Critical Violations or ALL Violations are being displayed (see Data Filtering on Critical Violations)). | |
| Weight | Displays the weight of the Quality Rule in the parent Technical Criterion. The higher the value, the more weight the Quality Rule carries. Clicking the Weight column header will sort the Quality Rules as follows:
Rolling your mouse over the grey gauge will display a value - this is the compounded weight, which is calculated as follows:
| |
| Critical Rule | A red dot in this column indicates that the Quality Rule has been set as critical in the Assessment Model. |
Clicking a Quality Rule in the right hand section will move the right hand panel over to the left hand side, and display a new panel containing:
Please see Violation table from the Quality Investigation view for an an explanation of the column headings Plan, Object Name Location, Risk and Status. |
Selecting an object in the Violations and Rule Documentation section will move the right hand panel over to the left hand side, and display a new panel containing the source code of the selected object:
Accessible from the sidebar menu or by clicking an object in the Top Riskiest Transactions tile, this view enables investigation of the transaction in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Transaction with a high level of risk (i.e. Violations) right down to the Violations themselves.
The view functions in a very similar way to the Quality Investigation view.
The default Health Factor used for this view is Security, but you can change this using the drop down list box in the top right corner:
The browser lists 50 Transactions per "page" sorted by the risk level (i.e. the Transaction Risk Index (TRI) value: TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.)
Selecting a transaction will display information in the right hand panel about the status of each Health Factor:
| Column | Explanation |
|---|---|
| Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
| Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Health Factor | Name of the Health Factor/Business Criterion |
Selecting a Business Criteria in this table will display all of the contributing Technical Criteria in the right hand section:
| Column | Explanation |
|---|---|
| Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
| Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Technical Criterion | Name of the Technical Criterion. |
Weight | Displays the weight of the Technical Criterion in its parent Health Factor/Business Criterion. The higher the value, the more weight the item carries. |
| Column | Explanation |
|---|---|
| Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. |
| Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. |
| #Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
| Quality Rules... | Name of the Quality Rule/Distribution/Measure. |
Weight | Displays the weight of the Quality Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries. |
| Critical Rule | A red dot in this column indicates that the Quality Rule has been set as critical in the Assessment Model. |
Like its predecessor the legacy CAST Engineering Dashboard, the CAST Application Engineering Dashboard features the ability to add and remove objects (violations) to and from an "Action Plan" - an Action Plan is simply a list of objects (i.e. "violations") that have been selected for action in the next snapshot generation process with a priority level assigned to them. Users can then use the list to focus their re-mediation work. Think of it as a "to do list" - i.e. objects that require work to remove the violation flagged by CAST AIP.
See CAST-AED - Action Plan for more information.
You can export data to an Excel file format if required. The export feature is only available when browsing the dashboard via Quality investigation option or when using the Action Plan:
To export to Microsoft Excel file format, use the following icon which is available at the following levels:
When you click this icon, depending on your browser you will be prompted whether you would like to Save or Open the Excel file. The Excel file will contain the data you requested in column format:
Notes about the Excel file data:
|
When you export to Excel from the Violation level, a column containing a Quality Rule's Associated Value may also be available in the resulting Excel file - in the example below, "JSP Page name" is the Associated Value for the Quality Rule "Action Artifacts should not directly call a JSP page":
The Associated Value refers to a specific output for the Quality Rule in question. For the Quality Rule shown above "Action Artifacts should not directly call a JSP page", the Associated Value is defined as the JSP Page name - in other words, for this Quality Rule, the JSP file listed in the column highlighted above violates the Quality Rule in question. You can view the Associated Value configuration in the CAST Management Studio by opening the Assessment Model and locating the Quality Rule:
