...
| Anchor | ||||
|---|---|---|---|---|
|
The following widgets are shipped with the CERT C++ Compliance DTP Workflow to help you achieve CERT C++ Compliance goals.
...
This widget provides an overview of the project's CERT compliance status.
By default, the widget shows Rules and Recommendations, as well as all priority levels. You can add multiple instances of the widget and configure different combinations to create robust views of the compliance status. Click on the widget to open the CERT C++ Compliance Report.
CERT Levels - Target
This widget shows the highest concentration of static analysis violations per CERT category. It provides an overview of the compliance status, as well as applicable deviations, in the tooltip. Click on the widget to open the CERT C++ Compliance Report.
CERT Compliance - Status
The widget can show the following states:
- Compliant: No violations are reported, and no suppressions have been applied.
- Not Compliant: Violations have been reported that represent a significant risk.
- Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
- Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
- Compliant with Violations: The violations reported do not represent a significant risk.
By default, the widget shows Rules and Recommendations, as well as all priority levels. The widget shows the overall compliance status, as well as the compliance status for each CERT level. You can add multiple instances of the widget configured to use a different profile, for example, a profile with disabled guidelines, to view your current and configure different combinations to create robust views of the compliance status. Click on the widget to open the the CERT C++ Compliance Report.
The code can be compliant with deviations and violations that have been deemed acceptable. See Deviation Report for additional information about deviations.
The status will be set to Not Compliant if Parasoft code analysis rules documented in your profile were not included in the specified build or if unacceptable violations have been reported. Make sure all rules are enabled in C/C++test and re-run analysis.
CERT Compliance - Percentage Widget
CERT Levels - Target
This widget shows the highest concentration of static analysis violations per CERT category. It provides an overview of the compliance status, as well as applicable deviations, in the tooltip. Click on the widget to open the CERT C++ Compliance Report.
CERT Compliance - Status by Level
The widget shows the overall compliance status, as well as the compliance status for each CERT level. You can add multiple instances of the widget configured to use a different profile, for example, a profile with disabled guidelines, to view your current compliance statusThis widget shows the completeness of CERT compliance as a percentage. Completeness is based on the number of guidelines being enforced in the profile. The CERT C++ dashboard includes three instances of this widget, one for each level. Click on the widget to open the CERT C++ Compliance Report.
The code can be compliant with deviations and violations that have been deemed acceptable. See Deviation Report for additional information about deviations.
The status will be set to Not Compliant if Parasoft code analysis rules documented in your profile were not included in the specified build or if unacceptable violations have been reported. Make sure all rules are enabled in C/C++test and re-run analysis.
CERT Compliance - Percentage Widget
This widget shows the completeness of CERT compliance as a percentage. Completeness is based on the number of guidelines being enforced in the profile. The CERT C++ dashboard includes three instances of this widget, one for each level. Click on the widget to open the CERT C++ Compliance Report.
CERT CERT Compliance - Guidelines by Status
...
Click on a link in the Name column or the more... link to open the Violations by Compliance Category report.
Top 5 CERT GuidelinesCERT Guidelines
This widget is an implementation of the standard Categories - Top 5 Table widget shipped with DTP. It shows the five CERT guidelines with the most violations.
Click on a link in the Name column or the more... link to open the Violations by Compliance Category report.
CERT Analysis Compliance
This widget is an implementation of the standard Categories - Top 5 Table widget shipped with DTP. It shows the five CERT guidelines with the most violations.
Click on a link in the Name column or the more... link to open the Violations by Compliance Category report.
CERT Analysis Compliance
This widget is an implementation of the standard Rules in Compliance - Summary widget shipped withe DTP. This widget shows the following information:
- How many static analysis rules for the selected compliance standard were enabled during code analysis.
- How many violations were reported.
- The overall percentage of rules that did not report violations.
- The change in number of violations from the baseline build to the target build as a percentage (if applicable).
Click on the widget to open the Violations by Compliance Category report.
...
Rules in Compliance - Summary widget shipped withe DTP. This widget shows the following information:
- How many static analysis rules for the selected compliance standard were enabled during code analysis.
- How many violations were reported.
- The overall percentage of rules that did not report violations.
- The change in number of violations from the baseline build to the target build as a percentage (if applicable).
Click on the widget to open the Violations by Compliance Category report.
| Anchor | ||||
|---|---|---|---|---|
|
The CERT Compliance Report provides an overview of your CERT compliance status and serves as the primary document for demonstrating compliance.
The report can show the following states:
- Compliant: No violations are reported, and no suppressions have been applied.
- Not Compliant: Violations have been reported that represent a significant risk.
- Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
- Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
- Compliant with Violations: The violations reported do not represent a significant risk.
- No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.
The CERT Compliance Report provides an overview of your CERT compliance status and serves as the primary document for demonstrating compliance.
...
You can perform the following actions:
- Use the menus to sort by the following criteria:
- Guideline type: Rule, Recommendation, or All
- Priority level: L1, L2, L3, or All
- Compliance status: All, No Rules Enabled, Compliant, Compliant With with Deviations, Compliant With with Violations, Not Compliant, Missing Rule(s) in Analysis
- Click a link in the # of Violations to view the violations in the Violations Explorer.
- Click a link in the # of Deviations to view the suppressed violations in the Violations Explorer.
- Open one of the CERT Compliance sub-reports.
- Click Download PDF to download a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic.
...