ISO-5055 Index
Extension ID
com.castsoftware.omg-ascqm-index
Description
ISO-5055 is a standard that is published by ISO: https://www.iso.org/standard/80623.html .
This extension will compute Quality Software Characteristic Measures as Business Criteria and Quality Measure Elements as Technical Criteria. All CAST rules that are tagged with a ISO-50555 related tag will contribute to the various Quality Measure Elements / Quality Software Characteristic Measures thereby allowing specific compliance ratios, grades and rule violations to be reported.
Compatibility
| Product | Release | Supported |
|---|---|---|
| CAST Imaging Core | ≥ 8.3.24 | ✔️ |
| CAST Engineering Dashboard | ≥ 1.5 | ✔️ |
| CAST Health Dashboard | ≥ 1.17 | ✔️ |
| CAST Security Dashboard | ≥ 1.18 | ✔️ |
ISO-5055 version
| Version | Supported |
|---|---|
| April 2021 | ✔️ |
Download and installation instructions
The extension will not be automatically downloaded and installed in CAST Imaging Console. If you need to use it, should manually install the extension.
Configuration requirements
Generate a snapshot
A new snapshot must be generated (after the extension is installed) before results can be viewed. If you do not immediately see changes in the dashboard, please consider restarting Apache Tomcat/the web application and/or emptying your browser cache.
Optional Health Dashboard configuration options
It is possible to modify some of the default tiles provided out of the box and also add additional tiles in the CAST Health Dashboard for use with ISO-5055 data. See Manual configuration of Dashboard tiles using ISO-5055 data for more information.
These customizations can be used in the following Health Dashboard releases:
- ≥ 1.27.0-funcrel
- ≥ 2.1.0-funcrel
What results can you expect?
Once the analysis/snapshot generation has completed, you can view the results in the dashboards:
Assessment Model
Various Business and Technical Criteria will be added by the extension:
ISO-5055-Index
| ID | Name | Type |
|---|---|---|
| 1061000 | ISO-5055-Index | Business Criterion |
Note that the ISO-5055-Index Business Criterion has all Technical Criteria listed below as contributors.
ISO-5055-Maintainability
| ID | Name |
|---|---|
| 1061001 | ISO-5055-Maintainability |
| 1061046 | CWE-407 |
| 1061056 | CWE-478 |
| 1061057 | CWE-480 |
| 1061058 | CWE-484 |
| 1061061 | CWE-561 |
| 1061065 | CWE-570 |
| 1061066 | CWE-571 |
| 1061088 | CWE-783 |
| 1061105 | CWE-1041 |
| 1061108 | CWE-1045 |
| 1061110 | CWE-1047 |
| 1061111 | CWE-1048 |
| 1061114 | CWE-1051 |
| 1061115 | CWE-1052 |
| 1061116 | CWE-1054 |
| 1061117 | CWE-1055 |
| 1061121 | CWE-1062 |
| 1061122 | CWE-1064 |
| 1061128 | CWE-1074 |
| 1061129 | CWE-1075 |
| 1061131 | CWE-1079 |
| 1061132 | CWE-1080 |
| 1061135 | CWE-1084 |
| 1061136 | CWE-1085 |
| 1061137 | CWE-1086 |
| 1061138 | CWE-1087 |
| 1061141 | CWE-1090 |
| 1061143 | CWE-1093 |
| 1061145 | CWE-1095 |
ISO-5055-Performance-Efficiency
| ID | Name |
|---|---|
| 1061002 | ISO-5055-Performance-Efficiency |
| 1061044 | CWE-401 |
| 1061045 | CWE-404 |
| 1061049 | CWE-424 |
| 1061085 | CWE-772 |
| 1061086 | CWE-775 |
| 1061106 | CWE-1042 |
| 1061107 | CWE-1043 |
| 1061109 | CWE-1046 |
| 1061112 | CWE-1049 |
| 1061113 | CWE-1050 |
| 1061118 | CWE-1057 |
| 1061120 | CWE-1060 |
| 1061124 | CWE-1067 |
| 1061126 | CWE-1072 |
| 1061127 | CWE-1073 |
| 1061140 | CWE-1089 |
| 1061142 | CWE-1091 |
| 1061144 | CWE-1094 |
ISO-5055-Reliability
| ID | Name |
|---|---|
| 1061003 | ISO-5055-Reliability |
| 1061021 | CWE-119 |
| 1061022 | CWE-120 |
| 1061023 | CWE-123 |
| 1061024 | CWE-125 |
| 1061026 | CWE-130 |
| 1061027 | CWE-131 |
| 1061029 | CWE-170 |
| 1061030 | CWE-194 |
| 1061031 | CWE-195 |
| 1061032 | CWE-196 |
| 1061033 | CWE-197 |
| 1061034 | CWE-248 |
| 1061035 | CWE-252 |
| 1061038 | CWE-366 |
| 1061039 | CWE-369 |
| 1061040 | CWE-390 |
| 1061041 | CWE-391 |
| 1061042 | CWE-392 |
| 1061043 | CWE-394 |
| 1061044 | CWE-401 |
| 1061045 | CWE-404 |
| 1061047 | CWE-415 |
| 1061048 | CWE-416 |
| 1061049 | CWE-424 |
| 1061051 | CWE-456 |
| 1061053 | CWE-459 |
| 1061054 | CWE-476 |
| 1061057 | CWE-480 |
| 1061058 | CWE-484 |
| 1061060 | CWE-543 |
| 1061062 | CWE-562 |
| 1061064 | CWE-567 |
| 1061067 | CWE-595 |
| 1061068 | CWE-597 |
| 1061074 | CWE-662 |
| 1061076 | CWE-667 |
| 1061077 | CWE-672 |
| 1061078 | CWE-681 |
| 1061079 | CWE-682 |
| 1061080 | CWE-703 |
| 1061081 | CWE-704 |
| 1061083 | CWE-758 |
| 1061084 | CWE-764 |
| 1061085 | CWE-772 |
| 1061086 | CWE-775 |
| 1061089 | CWE-786 |
| 1061090 | CWE-787 |
| 1061091 | CWE-788 |
| 1061094 | CWE-805 |
| 1061095 | CWE-820 |
| 1061096 | CWE-821 |
| 1061097 | CWE-822 |
| 1061098 | CWE-823 |
| 1061099 | CWE-824 |
| 1061100 | CWE-825 |
| 1061101 | CWE-833 |
| 1061102 | CWE-835 |
| 1061103 | CWE-908 |
| 1061108 | CWE-1045 |
| 1061114 | CWE-1051 |
| 1061119 | CWE-1058 |
| 1061123 | CWE-1066 |
| 1061125 | CWE-1070 |
| 1061130 | CWE-1077 |
| 1061131 | CWE-1079 |
| 1061133 | CWE-1082 |
| 1061134 | CWE-1083 |
| 1061138 | CWE-1087 |
| 1061139 | CWE-1088 |
| 1061146 | CWE-1096 |
| 1061147 | CWE-1097 |
| 1061148 | CWE-1098 |
ISO-5055-Security
| ID | Name |
|---|---|
| 1061004 | ISO-5055-Security |
| 1061010 | CWE-22 |
| 1061011 | CWE-23 |
| 1061012 | CWE-36 |
| 1061013 | CWE-77 |
| 1061014 | CWE-78 |
| 1061015 | CWE-79 |
| 1061016 | CWE-88 |
| 1061017 | CWE-89 |
| 1061018 | CWE-90 |
| 1061019 | CWE-91 |
| 1061020 | CWE-99 |
| 1061021 | CWE-119 |
| 1061022 | CWE-120 |
| 1061023 | CWE-123 |
| 1061024 | CWE-125 |
| 1061025 | CWE-129 |
| 1061026 | CWE-130 |
| 1061027 | CWE-131 |
| 1061028 | CWE-134 |
| 1061030 | CWE-194 |
| 1061031 | CWE-195 |
| 1061032 | CWE-196 |
| 1061033 | CWE-197 |
| 1061035 | CWE-252 |
| 1061036 | CWE-259 |
| 1061037 | CWE-321 |
| 1061038 | CWE-366 |
| 1061039 | CWE-369 |
| 1061044 | CWE-401 |
| 1061045 | CWE-404 |
| 1061049 | CWE-424 |
| 1061050 | CWE-434 |
| 1061051 | CWE-456 |
| 1061052 | CWE-457 |
| 1061055 | CWE-477 |
| 1061057 | CWE-480 |
| 1061059 | CWE-502 |
| 1061060 | CWE-543 |
| 1061063 | CWE-564 |
| 1061064 | CWE-567 |
| 1061065 | CWE-570 |
| 1061066 | CWE-571 |
| 1061069 | CWE-606 |
| 1061070 | CWE-611 |
| 1061071 | CWE-624 |
| 1061072 | CWE-643 |
| 1061073 | CWE-652 |
| 1061074 | CWE-662 |
| 1061075 | CWE-665 |
| 1061076 | CWE-667 |
| 1061077 | CWE-672 |
| 1061078 | CWE-681 |
| 1061079 | CWE-682 |
| 1061082 | CWE-732 |
| 1061085 | CWE-772 |
| 1061086 | CWE-775 |
| 1061087 | CWE-778 |
| 1061088 | CWE-783 |
| 1061089 | CWE-786 |
| 1061090 | CWE-787 |
| 1061091 | CWE-788 |
| 1061092 | CWE-789 |
| 1061093 | CWE-798 |
| 1061094 | CWE-805 |
| 1061095 | CWE-820 |
| 1061096 | CWE-821 |
| 1061097 | CWE-822 |
| 1061098 | CWE-823 |
| 1061099 | CWE-824 |
| 1061100 | CWE-825 |
| 1061102 | CWE-835 |
| 1061104 | CWE-917 |
Health Dashboard
v. ≥ 1.27 / ≥ 2.1.0
A dedicated ISO-5055 view is available allowing you to swap between tiles showing ISO-5055 data and tiles showing standard data. The ISO-5055 view is accessed using the drop down available at single or multi-application level as shown in the screenshots below. By default, the tiles in this view use the root ISO-5055 Business Criterion (ISO-5055), and show either of the following data by default:
| Release | Data displayed by default | Description |
|---|---|---|
| ≥ 2.5.x | Compliance ratio |  |
| 2.1.x - 2.4.x and ≥ 1.27.x | Grades |  |
The tiles can be modified as follows (see Manual configuration of Dashboard tiles using ISO-5055 data ) for more information::
- to use any of the ISO-5055 business/technical criterion for the “qualityIndicator” parameter:
- ISO-5055
- ISO-5055-SECURITY
- ISO-5055-RELIABILITY
- ISO-5055-PERFORMANCE-EFFICIENCY
- ISO-5055-MAINTAINABILITY
- the “mode” can be changed manually to show any of the following, instead of the default:
- Grade
- Compliance ratio
- Number of violations
v. 1.26 / 2.0 only
Five ISO-5055 specific tiles will be available at both single and multi-application level - one for the Business Criteria ISO-5055 Index and the rest for the four Technical Criteria. In these releases, grade information is displayed by default.
v. ≤ 1.25
No tiles will be provided to display data for this extension, however it is possible to create tiles manually to display Grade, Compliance, and Violation data directly from this extension using the Industry Standard/s tile plugin available in v. ≥ 1.17. Clicking on any of these tiles will display a list of the rules that have been tagged with the specified standard as provided by the extension. Compliance percentage is also displayed in a “bubble”.
Examples for cmp.json and app.json:
cmp.json
Configuration to create a “gauge” tile at portfolio level (multi-app level) to show a ISO-5055-Index Business Criterion tile:
{
"id": 1234,
"plugin": "IndustryStandards",
"color": "black",
"parameters": {
"type": "ISO-5055",
"title": "ISO-5055-Index",
"widget": "gauge",
"industryStandard": {
"id": "1061000",
"mode": "grade",
"format": "0.00",
"description": "ISO-5055-Index in grade format"
}
}
}
app.json
Configuration to create a “number of violations” tile at application level (single app level) to show a ISO-5055-Maintainability Business Criterion tile:
{
"id": 1236,
"plugin": "IndustryStandard",
"color": "orange",
"parameters": {
"type": "ISO-5055",
"title": "ISO-5055-Maintainability",
"industryStandard": {
"id": "1061001",
"mode": "violations",
"format": "0,000",
"description": "ISO-5055-Maintainability in number of violations format"
}
}
}
Engineering/Security Dashboard
v. ≥ 1.26
An ISO-5055 tile is displayed by default taking data from the Business Criterion ISO-5055 Index for the Engineering Dashboard and the Technical Criterion ISO-5055 Security for the Security Dashboard. The number of violations is shown in both cases:
Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):
v. ≤ 1.25
Out of the box, no tiles will be provided to display data for this extension, however it is possible to create tiles manually to display Violation data directly from this extension using the Industry Standard/s tile plugin in v. ≥ 1.18 of the Engineering Dashboard. See Engineering Dashboard tile management for more information. Clicking on the tile navigates to Risk investigation view and the specified Industry Standard will be selected in the Health Factor table.
In addition, as above, the ISO-5055 Assessment Model will be made available in the Risk Investigation view.
RestAPI
The RestAPI can be used to query both the Dashboard (AED) and Measurement (AAD) schemas for results, for example:
