Explore software risk at object level and transaction level, download PCI report on compliance and several other new features in Dashboard 1.12 release

Continuing where I left off in my earlier post about the enhancements made in 2019, we have some more interesting updates to share. We recently announced the release of CAST AIP 1.12 Dashboard package with some pretty cool and exciting features that we hope, will help our customers get more visibility into their complex systems. We understand, the Dashboards are critical components for your Software Intelligence consumption, and we strive hard to make it valuable and useful in each release.

As a Dashboard user, here are a few things that you will find exciting about CAST AIP Dashboard package release 1.12:

Ability to explore violated rules for a specific transaction
The Transaction level Investigation page in the Engineering Dashboard has been completely revamped with the view for users to select a particular transaction and explore the violated software quality rules and violating objects. Users can now focus on a specific transaction for a business driver and explore the violations that are impacting the transactions for an applicable business driver.

Fig 1: New Transaction Level Investigation view enables users to explore violated rules
Visibility on impacted objects for a specific transaction
The Transaction level Investigation page in the Engineering Dashboard also provides the ability for users to explore the impacted objects (with violations) participating in a particular transaction for a specific business driver. Users also can drill-down further to explore the object characteristics and corresponding software quality violations for the object.

Fig 2: New Transaction Level Investigation view enables users to explore impacted objects
Visibility on impacted transaction for a specific object
On Application Investigation view, users now can see all the impacted transactions for a given object. Specifically, users can select an object level view and see all the transactions the object is participating in and understand how the object is adversely contributing to software quality health measures Robustness, Security, or Efficiency of the application.

Fig 3: Application Investigation view enables users to explore impacted transaction for an object
Ability to explore objects with highest Cyclomatic Complexity Change
Users now can explore the objects with the highest cyclomatic complexity change for the recent snapshot. The report is added in the Miscellaneous Report section, enabling users to explore the objects with most cyclomatic complexity increase and decrease in the recent snapshot.

Users also can drill-down to a specific object to explore more.

Fig 4: Users can explore the objects with highest Cyclomatic Complexity change
Introducing “AIP Datamart”
Introducing “AIP Datamart” (Beta) – a new way to expose, explore, and integrate AIP software quality data for management reporting, with the following notable features -
- Robust and flexible Data structure that contains almost all key AIP metrics.
- A robust ETL mechanism for faster deployment and less effort to maintain.
- A new set of API services with streaming mode for faster extraction.
- Easier integration with off-the-shelf BI tools.
- Flexibility for users to select data that are relevant for the customers.
- Ability to integrate with external customer data.
- Ability to create derived metrics that aligns with customer business practice.
- Flexibility to customize the data structure that fulfills client reporting needs.
- Support for custom rule groupings.
- Support for various Industry Standard Tags
  
  Fig 5: CAST dashboard in Power BI-1
  
  Fig 6: CAST dashboard in Power BI-2
Filtering capability in Action Plan view
In the Action Plan list, it is now possible to filter the records by all the columns, enabling users to select records for a specific criteria and make bulk changes to them. The current version allows multiple filtering across different columns but does not support multiple filtering on a specific field.

Fig 7: Users can now filter on any column in action plan view
Parameter details/Threshold values for distribution metrics
Threshold values/ Parameter details are now available for distribution metrics such as coupling, sizing, cyclomatic complexity etc. along with the software quality rules. For a given Distribution in each snapshot, the contributing Parameters are listed, together with the type of technology involved (Object Type Involved) and the number of objects (Parameter Value) classed in that parameter.

Fig 8: Parameter details are now available for distribution metrics
New Industry-standard compliance reports for NIST, STIG, PCI-DSS
We have included the following new industry-standard compliance reports in the dashboards- NIST, PCI DSS, STIG, available to be downloaded directly from the Engineering Dashboard or Security Dashboard.

Fig 9: New industry standard compliance reports added to the Dashboard
Notification for users during server cache reload

server-cache-reload-notification Users will now get a notification when the server cache reload is initiated in the background and is in progress. If users try to log in to the system during this period, the login process will be blocked with a notification for the users. If a user is browsing through the dashboard when cache reload is initiated, system will give them notification and request them to log back in again to see the latest snapshot data. Earlier, users often reported consistency issues during a cache reload.

If you an existing CAST AIP user, we have the new Dashboard package available for download here.

For any feedback and feature request, please visit here. We are listening!

If you’re not a current CAST AIP user but would like to learn more, sign up for a free demo here!

Filed in: CAST News Risk & Security Software Intelligence Software Measurement

Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers

In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors â€” CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys â€” and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice. Forrester Wave: Static Application Security Testing, Q4 2017 Analyst Paper

Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report

Arkapravo Chakraborty Senior Product Manager

A global product manager, strategic marketing leader, and an IIM Calcutta alumnus, Arka leads the product vision, strategy, and development efforts for CAST Dashboards, Report Generator, and Rest API with the mission to enable the benefits of Software Intelligence for entire Software fraternity. Arka is always keen to explore various software development and management challenges and figure out the ways Software Intelligence can make life better for Software Professionals.