Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version 2

changes.mady.by.user Chieko Sugizaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2024.2

...

There are seven possible states:

  • No rules enabled: Code analysis has not been reported to DTP or the test configuration was not executed.
  • N/A: The assets have not been deployed to a service or the service is not running. See Deploying the PCI DSS Compliance Assets 
  • Compliant with Deviations: Any violations reported are acceptable and have been suppressed. See Deviations Report for additional information about deviations/suppressions.
  • Compliant with Violations: Any violations reported do not represent a significant risk.
  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in Jtest or dotTEST and re-run analysis.
  • Compliant with Deviations: Any violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: Any violations reported do not represent a significant risk.

Click on the widget to open the PCI DSS Compliance Report

...

The main PCI DSS compliance report provides details about your compliance status and serves as the primary document for demonstrating compliance. 

The report can show the following states:

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in Jtest or dotTEST and re-run analysis.
  • Compliant with Deviations: Any violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: Any violations reported do not represent a significant risk.
  • No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.

You can perform the following actions:

...

The Requirement Enforcement Plan shows which static analysis rules are used to enforce the PCI DSS requirements. It is intended to describe how you are enforcing each requirement. This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can configure the values associated with each weakness property to better reflect the specific challenges associated with your project.  


...

Deviation Report

Your code can contain violations and still be PCI DSS-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the dotTEST and Jtest documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click the Deviations Deviation Report link in the PCI DSS Compliance report to open the Deviations Report.

...