The Parasoft Security Compliance Pack is a set of assets for your DTP infrastructure that help you implement your software security compliance initiatives. It includes configurations that re-orient static analysis data to security compliance standards, widgets for viewing your security compliance status, and custom compliance DTP dashboards for monitoring the progress toward you overall security compliance goals. The Security Compliance Pack supports the following standards by default:

• CERT C
• CWE Top 25 
• CWE List Version 2.11
• OWASP Top 10

Contact your Parasoft representative for download and licensing information.

Requirements

• DTP and DTP Enterprise Pack 5.4.0 or later with Enterprise license
• A Parasoft code analysis tool with the Flow Analysis license feature enabled. See the documentation for each artifact for specific requirements 

What’s Included in the Parasoft Security Compliance Pack

The Security Compliance Pack includes the following artifacts: 

• CERT C Compliance
• CWE Compliance
• Key Performance Indicator
• OWASP Compliance

See the documentation for these artifacts for usage details.

Process Overview

1. Download and install the Security Compliance Pack (security-compliance-<version>.zip) into your DTP environment. Installing the package add several files that configure DTP to report code analysis violations according the supported security standards. 
2. Deploy the compliance artifact(s) you want to analyze code against into DTP Extension Designer. 
3. Connect an instance of your tool to DTP analyze the project using one of the security standard test configurations shipped with the tool. See the documentation for your tool for static analysis execution instructions.
4. Add the security compliance dashboard(s) and widgets to DTP and configure them to view the data according to your security standard.
5. Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.

Installation

Parasoft will provide the compliance pack as a compressed folder (.zip). Extension Designer will expand the .zip file and move the contents to the appropriate location when uploaded. The following process is also described in the Downloading and Installing Artifacts section:

1. Choose Extension Designer from the DTP settings menu (gear icon).
   
2. Click the Configuration tab and click Upload Artifact. 
   
3. Browse for the .zip file when prompted and click Install. 

After the compliance pack files have been installed, the next step is to deploy the artifacts for the compliance standard(s) you want to measure your code against. See the following documentation for instructions:  

• CERT C Compliance
• CWE Compliance
• Key Performance Indicator
• OWASP Compliance

Upgrading

Although Parasoft extensions are designed to be forward compatible, they are not guaranteed to work in newer versions of DTP or Extension Designer. We strongly recommend installing the latest version of the artifact and removing the previous version. 

1. Install the newer artifact as described in #Installation. 
2. Un-deploy older artifact from Extension Designer by deleting its nodes and deploy the newer version. 
3. After deploying the newer artifact, you can remove the older version from Artifact Manager by clicking the delete button (trash icon). This is optional, but we recommend keeping your DTP environment organized.