Versions Compared

Old Version 2

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Chieko Sugizaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2024.2

...

There are seven possible states:

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • No rules enabled: Code analysis has not been reported to DTP or the OWASP Top 10 test configuration was not executed by Jtest or dotTEST.
  • N/A: The OWASP assets have not been deployed to a service or the service is not running. See Deploying the OWASP Compliance Assets 
  • Compliant with Deviations: Any The violations reported are acceptable and have been suppressed. See Deviations Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: Any The violations reported do not represent a significant risk.
  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in Jtest or dotTEST and re-run analysis.

Click on the widget to open the OWASP Compliance Report

...

Click on the widget to open the OWASP Compliance Report

OWASP Compliance Risk Matrix

This widget is included with the OWASP Compliance artifact. It shows the concentration of violations and deviations by weakness risk for exploitability and prevalence.

Mouse over a cell in the chart to view the number of violations and suppressions for the specified risk level. Click on a cell to open the OWASP Compliance Report filtered according to the risk.

OWASP Compliance Risk

This widget is included with the OWASP Compliance artifact. It shows the concentration of violations and deviations by weakness risk for exploitability and prevalenceprovides a chart showing the distribution of violations according to its risk as defined in the OWASP standard.

Mouse over a cell in the chart to view the number of violations and suppressions for the specified risk level. Click on a cell to open the OWASP Compliance Report filtered according to the risk.

OWASP Compliance

...

Percentage

This widget is included with the OWASP Compliance artifact. It provides a chart showing the distribution of violations according to its risk as defined in the OWASP standard.Mouse over a cell in the chart to view the number of violations and suppressions for the specified risk level. Click on a cell  It shows the percentage of OWASP weaknesses that the code is in compliance with. Click on the widget to open the OWASP Compliance Report filtered according to the risk.

OWASP Compliance Percentage

This widget is included with the OWASP Compliance artifact. It shows the percentage of OWASP weaknesses that the code is in compliance with. Click on the widget to open the OWASP Compliance Report.

.

Click on the widget to Click on the widget to open the CWE Compliance report (see CWE Compliance for additional information).

...

Anchor
Viewing the OWASP Compliance Report
Viewing the OWASP Compliance Report
Viewing the OWASP Compliance Report

...

OWASP Compliance Report

The main OWASP compliance report provides details about your OWASP compliance status and serves as the primary document for demonstrating compliance. The report can show the following states:

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: The violations reported do not represent a significant risk.
  • No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.

You can perform the following actions:

...

The Weakness Detection Plan shows which static analysis rules are used to enforce the OWASP guidelines and is intended to describe how you are enforcing each guideline. This report uses the data specified in the compliance profile (see Custom Configuration for Profile). In the profile, you can configure the values associated with each weakness property to better reflect the specific challenges associated with your project.  

...

Deviation Report

Your code can contain violations and still be OWASP-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the dotTEST and Jtest documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click the Deviations Deviation Report link in the OWASP Compliance report to open the Deviations Report.

...