Page History

In this section:

...

1. Choose Extension Designer from the DTP settings (gear icon) menu.
2. Click the Services tab and expand the DTP Workflows service category. You can deploy assets under any service category you wish, but we recommend using the DTP Workflows category to match how Parasoft categorizes the assets. You can also click Add Category to create your own service category (see Working with Services for additional information).
   Image Modified 
3. You can deploy the artifact to an existing service or add a new service. The number of artifacts deployed to a service affects the overall performance. See Extension Designer Best Practices for additional information. Choose an existing service and continue to step 5 or click Add Service.
4. Specify a name for the service and click Confirm.
5. The tabbed interface helps you keep artifacts organized within the service. Organizing your artifacts across one or more tabs does not affect the performance of the system. Click on a tab (or click the + icon to add a new tab) and choose Import from the vertical ellipses menu.
6. Choose Local > Flows > Workflows > Security > PCI DSS Compliance and click Import.
7. Click anywhere in the open area to drop the artifact into the service.
8. Click Deploy to finish deploying the artifact to your DTP environment. 
9. Return to DTP and refresh your dashboard.

...

The PCI DSS dashboard templates for Java and .NET enable you to quickly add a set of preconfigured widgets that monitor PCI DSS compliance. See Dashboard Templates for a list of the templates included with the artifact. 

The dashboard template is deployed to your DTP environment as part of the Security Compliance Pack installation. If you do not see the dashboard template, restart DTP Services (see Stopping DTP Services and Starting DTP Applications).

1. Click Add Dashboard from the DTP toolbar and specify a name when prompted.
2. (Optional) You can configure the default view for the dashboard by specifying the following information:
   1. Choose the filter associated with your project in the filter menu. A filter represents a set of run configurations that enabled custom views of the data stored in DTP. See DTP Concepts for additional information.
   2. Specify a range of time from the Period menu. 
   3. Specify a range of builds from the Baseline Build and Target Build menus.  
3. Enable Create dashboard from a template and choose either the PCI DSS - .NET or Java template from the associated menu.
   Image Modified 
4. Click Create to finish adding the dashboard.

Manually Adding PCI DSS Widgets to an Existing Dashboard 

You After deploying the artifact, you can add the PCI DSS widgets shipped with the artifact to an existing to a dashboard.  See See Adding Widgets for general instructions on adding widgets to a dashboard. After deploying the artifact, the more information about this process. PCI DSS widgets will appear can be found in the PCI DSS category in the Add Widget overlay.

Image Removed

The following configurations are available:

...

• Compliant: No violations are reported, and no suppressions have been applied. 
• Not Compliant: Violations have been reported that represent a significant risk. 
• Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
• Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.Compliant with Violations: The violations reported do not represent a significant risk.

Click on the widget to open the PCI DSS Compliance Report. 

...

• Click on a segment in the pie chart to open the PCI DSS Compliance Report filtered by the selected status.
• Click on the Violations section to open an unfiltered PCI DSS Compliance Report.
• Click on the Deviations section to open the Deviations Deviation Report. 

Rules in Compliance

...

This widget shows the violations grouped by PCI DSS requirement in a tree map. Each tile is assigned a color and represents a requirement from the guidelines. See Manually Adding PCI DSS Widgets to an Existing Dashboard for details on how to configure this widget.

Image Modified

Anchor
Viewing the PCI DSS Compliance Report Viewing the PCI DSS Compliance Report

Viewing the PCI DSS Compliance Report

The main PCI DSS compliance report provides details about your compliance status and serves as the primary document for demonstrating compliance. 

Image Modified

The report can show the following states:

• Compliant: No violations are reported, and no suppressions have been applied. 
• Not Compliant: Violations have been reported that represent a significant risk. 
• Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
• Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
• Compliant with Violations: The violations reported do not represent a significant risk.
• No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.

...

• Use the menus to sort by a weakness property.
• Click a link in the # of Violations column to view the violations in the Violations Explorer.
• Click a link in the # of Deviations column to view the suppressed violations in the Violations Explorer.
• Click a link in the Requirement column to open the Requirement Enforcement Plan. The link goes directly to the specific requirement so that you can review the Parasoft code analysis rule or rules detecting the weaknesses. 
• Open one of the sub-reports (Requirement Enforcement Plan, Deviations Deviation Report, Build Audit Report).
• Click Download PDF to export a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic. 

...

The Requirement Enforcement Plan shows which static analysis rules are used to enforce the PCI DSS requirements. It is intended to describe how you are enforcing each requirement. This report uses the data specified in the compliance profile (see Profile Configuration). In the profile, you can configure the values associated with each weakness property to better reflect the specific challenges associated with your project.  

Image Modified

Deviation Report

...

Click the Deviation Report link in the PCI DSS Compliance report to open the Deviations ReportDeviation Report.

Image Removed

The

...

Deviation Report shows all

...

guideline IDs and headers

...

with deviations. You can click on the Violation ID to drill down into the Violations Explorer.

Build Audit Report

The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with PCI DSS during a regulatory audit.

Image Modified

In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

...

The PCI DSS Compliance artifact ships with a default model and profile for code analysis results from Parasoft dotTEST and Jtest. Each profile contains categorization information for mapping Parasoft rules to PCI DSS requirements.  

Image Modified

The profile includes information necessary for generating compliance reports, as well as displaying data in the widgets shipped with the PCI DSS artifact. You can modify the profile if you want to re-categorize guidelines to meet your specific goals or specify additional metadata for your reports. Changes will be reflected in the Requirement Enforcement Plan.

...