Versions Compared

Old Version 3

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2025.1

The Parasoft CERT C Compliance extension is a set of assets for your DTP infrastructure that enable you to demonstrate compliance with CERT C Coding Standard guidelines. The extension is shipped as part of the Security Compliance PackContact your Parasoft representative to download and license the Security Compliance Pack. 

In this section:

Table of Contents
maxLevel2

...

  1. Click Add Dashboard in the DTP toolbar and specify a name when prompted. 
  2. (Optional) You can configure the default view for the dashboard by specifying the following information:
    1. Choose the filter associated with your project in the filter drop-down menu. A filter represents a set of run configurations that enabled custom views of the data stored in DTP. See DTP Concepts for additional information.
    2. Specify a range of time from the Period menu. 
    3. Specify a range of builds from the Baseline Build and Target Build menus.  
    Image Modified
  3. Enable Create dashboard from a template and choose the SEI CERT C Compliance dashboard from the associated menu.
  4. Click Create to finish adding the dashboard.

...

Manually Adding the CERT C Widgets

You can manually add the After deploying the artifact, you can add CERT C widgets to an existing a dashboard. See See Adding Widgets for generation instructions on how to add widgets to a dashboard. After deploying the artifact, widgets will appear more information about this process. CERT C widgets can be found in the SEI CERT category.

Image Removed

The following configurations are available:

...

This widget shows the compliance status for a specific Rule or Recommendation per priority level. You can add multiple instances of the widget configured to different type/priority level combinations to help you understand your compliance status from different perspectives.

Image Modified

The pie chart can represent up to four different guideline statuses for the selected category:

...

The Parasoft rule(s) enforcing compliance with the guidelines are also presented. Tiles are proportional to the number of static analysis violations reported for each rule. 

Image Modified  

The widget uses the hierarchy established in the model profile to correlate Parasoft rules with CERT rules, recommendations, and priorities. You can mouse over a tile in the widget to view the number of violations associated with each rule/guideline/category.

...

The CERT Compliance Report provides an overview of your CERT compliance status and serves as the primary document for demonstrating compliance.

Image Modified

The report can show the following states:

...

Table of Content Zone
maxLevel3
minLevel3
locationtop

Conformance Testing Plan

The Conformance Testing Plan cross-references CERT guidelines with Parasoft static analysis rules using the data specified in the compliance profile. You can change the severity, likelihood, remediation cost, and other values to meet your project goals by configuring the profile.

Image Modified

Deviation Report 

Your code can contain violations and still be CERT-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C/C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click the Deviation Report link in the CERT Compliance Report to open the Deviation Report. Image Removed

The Deviations Deviation Report shows all guideline IDs and headers , but guidelines that have been suppressed will show additional informationwith deviations. You can perform the following actions:

  • Filter the report by type (Rule, Recommendation, All).
  • Filter the report by level (L1, L2, L3).
  • Enable Only Deviations to only show deviations.
    • Enable Hide Modification History to exclude the modification history for deviations
    • Click on the Violation ID to drill down into the Violations Explorer.

    Build Audit Report

    The Build Audit Report is native functionality in DTP. It shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with CERT during a regulatory audit.

    Image Modified

    In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

    ...

    Warning
    titleDo not modify the CERT profile

    We strongly advise against altering the default CERT C profile because doing so will affect any reports you may need to generate for auditing purposes.

     Image Modified

    If necessary, you can make a copy of the default profile and adjust the correlation between Parasoft code analysis rules and CERT C guidelines to achieve your software quality and compliance goals

    ...