Versions Compared

Old Version 1

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2022.1

...

  • 2021 CWE Top 25 Most Dangerous Software Errors
  • CWE List Version 4.5 6 (Jtest and dotTEST only)
  • CWE Top 25 + On the Cusp

...

Configurations for C/C++test:

  • CWE Top 25 2019 [Parasoft 2021.2].properties2019
  • CWE Top 25 + On the Cusp 2019 [Parasoft 2021.2].properties2019

Configurations for dotTEST:

  • CWE Top 25 + On the Cusp 2021 [Parasoft 2021.2].properties
  • CWE Top 25 2021 [Parasoft 2021.2].properties
  • CWE 4.5 [Parasoft 2021.2].properties6

Configuration for Jtest:

  • CWE Top 25 + On the Cusp 2021 [Parasoft 2021.2].properties
  • CWE Top 25 2021 [Parasoft 2021.2].properties
  • CWE 4.5 [Parasoft 2021.2].properties6

The Security Compliance pack ships with the following additional configuration for CWE and OWASP compliance. 

  • UL 2900  [Parasoft 2021.2].properties (combines OWASP Top 10-2021 and CWE Top 25 + On the Cusp)

Also see the OWASP Compliance documentation.

...

Dashboards for .NET code:

  • CWE 4.5 6 - .NET 
  • CWE Top 25 2021 - .NET 
  • CWE Top 25 2021 + On the Cusp - .NET 

Dashboards for Java code:

  • CWE 4.5 6 - Java 
  • CWE Top 25 2021 - Java
  • CWE Top 25 2021 + On the Cusp - Java 

The Security The Security Compliance pack ships with the following additional UL 2900 dashboard templates that include a combination of widgets configured to show CWE Top 25 + On the Cusp and OWASP Top 10 2021 compliance.  Note that both CWE and OWASP 2021 compliance artifacts must be deployed

  • UL 2900 - Java 
  • UL 2900 - .NET

...

Profiles for .NET code:

  • CWE 4.5 6 - .NET profile
  • CWE Security Impact - .NET profile
  • CWE Top 25 - .NET profile
  • CWE Top 25+Cusp - .NET

Profiles for Java code:

  • CWE 4.5 6 - Java profile
  • CWE Security Impact - Java profile 
  • CWE Top 25 - Java profile 
  • CWE Top 25+Cusp - Java

...

Categories for .NET code:

  • CWE 4.5 6 - .NET
  • CWE 4.5 6 - Software Development - .NET
  • CWE 4.5 6 - Technical Impact - .NET
  • CWE Top 25 - .NET 
  • CWE Top 25 - Software Development - .NET 
  • CWE Top 25 - Technical Impact - .NET
  • CWE Top 25+Cusp - .NET
  • CWE Top 25+Cusp - Technical Impact - .NET 
  • CWE Top 25+Cusp - Software Development - .NET

Categories for Java code:

  • CWE 4.5 6 - Java
  • CWE 4.5 6 - Software Development - Java
  • CWE 4.5 6 - Technical Impact - Java 
  • CWE Top 25 - Java 
  • CWE Top 25 - Software Development - Java 
  • CWE Top 25 - Technical Impact - Java
  • CWE Top 25+Cusp - Java 
  • CWE Top 25+Cusp - Technical Impact - Java 
  • CWE Top 25+Cusp - Software Development - Java 

...

Click on the widget to open the CWE Compliance Report.

If you deploy the UL 2900 dashboard for Java or .NET, an OWASP Compliance - Status widget for OWASP Top 10 will also be included.

Image Removed

Click on the widget to open the OWASP Compliance Report (see OWASP Compliance for additional information).

CWE Compliance - Percentage

...

Click on the widget to open the CWE Compliance Report.

If you deploy the UL 2900 dashboard for Java or .NET, an OWASP Compliance - Percentage will also be included.

Image Removed

Click on the widget to open the OWASP Compliance Report (see OWASP Compliance for additional information).

CWE Compliance - Weakness by StatusCWE Compliance - Weakness by Status

This widget shows the number of rules passed, violations, and deviations (suppressed code analysis violations). The green segment in the pie chart represents passing rules, while the red segment represents rules that have been violated. The widget also includes the build ID and the compliance category configuration used to display the results.

...

  • Mouse over a segment of the pie chart to view details.
  • Click on the passing segment of the pie chart to open the CWE Compliance Report filtered by passing guidelines.
  • Click on the violations segment of the pie chart to open the CWE Compliance Report filtered by violations.
  • Click on the Violations value to open an unfiltered instance of the CWE Compliance Report.
  • Click on the Deviations value to open the Deviation Report.

Violations by Category

The UL 2900 dashboard for Java or .NET includes an OWASP Compliance - Weakness by Status widget, as well.

Image Removed

OWASP Violations by Risk

The UL 2900 dashboard for Java or .NET includes the OWASP Violation by Risk widget.

Image Removed

Refer to the OWASP Compliance documentation to learn more about this widget.

Violations by Category

The dashboard includes several instances of the standard DTP Categories - Top 5 includes several instances of the standard DTP Categories - Top 5 Table widget configured to show violations according to CWE guidelines. 

...

Click on a category link in the Name column to open the Violations by Rule report. Click on the more... link (if more than five categories contain violations) to view the Violations by Compliance Category report.

Rules in Compliance

The UL 2900 dashboard for Java or .NET includes Categories - Top 5 Table widgets for CWE and OWASP.

Image Removed

The links in the UL 2900 dashboard widgets link to the same reports as the CWE dashboard widgets.

Rules in Compliance

The dashboard includes dashboard includes an instance of the standard DTP Rules in Compliance - Summary widget configured for CWE. This widget shows what percentage of the rules are in compliance, number of rules in compliance, rules enabled, and number of violations. Click on the widget to view the Violations by Compliance Category report.

Image Removed

If you deploy the UL 2900 dashboard for Java or .NET, a Rules in Compliance widget configured for OWASP compliance will be included.

Image Removed 

, and number of violations. Click on the widget to view the OWASP Compliance Report (see OWASP Compliance for additional information).the Violations by Compliance Category report.

Image Added

Compliance by Category

The dashboard includes an instance of the standard DTP Compliance By Category widget configured for CWE. This widget provides an overview of the compliance status for each category in the compliance configuration. 

...

Mouse over a leaf in the widget to view details. Click on a leaf to open the Violations Explorer filtered by the compliance category.

Violations by Weakness - Treemap

The UL 2900 dashboards for Java or .NET include tree map widgets for CWE and OWASP. Both widgets open the Violations Explorer.Image Removed

Image Removed

Manually Adding the CWE Widgets

...

TitleYou can rename the widget in the Title field.
Filter

Choose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information.

The filter should contain data that matches the type compliance profile you choose (Java, .NET, C++). Forexample, if the filter contains code analysis data on a .NET project then you should choose one of the .NET compliance profiles.

Target BuildChoose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. This setting is available for all widgets. 

Compliance Profile

Anchor
compliance-profile
compliance-profile

Choose a compliance profile from the drop-down menu to display the code analysis data against one of the supported CWE-specific sets of guidelines. You can choose one of the following profiles:

  • CWE 4.4 - .NET
  • CWE 4.4 6 - Java
  • CWE Top 25 - .NET
  • CWE Top 25 - Java
  • CWE Top 25 - C++
  • CWE Top 25+Cusp - .NET
  • CWE Top 25+Cusp - Java
  • CWE Top 25+Cusp - C++

The type compliance profile (Java, .NET, C++) should match the data in the selected filter. Forexample, choose one of the .NET compliance profiles if the filter contains code analysis data on a .NET project.

...

  • CWE Security Impact - .NET
  • CWE . Security Impact - C++
  • CWE Security Impact - Java 

...