...
- 2021 CWE Top 25 Most Dangerous Software Errors
- CWE List Version 4.5 6 (Jtest and dotTEST only)
- CWE Top 25 + On the Cusp
...
Configurations for C/C++test:
- CWE Top 25 2019 [Parasoft 2021.2].properties2019
- CWE Top 25 + On the Cusp 2019 [Parasoft 2021.2].properties2019
Configurations for dotTEST:
- CWE Top 25 + On the Cusp 2021 [Parasoft 2021.2].properties
- CWE Top 25 2021 [Parasoft 2021.2].properties
- CWE 4.5 [Parasoft 2021.2].properties6
Configuration for Jtest:
- CWE Top 25 + On the Cusp 2021 [Parasoft 2021.2].properties
- CWE Top 25 2021 [Parasoft 2021.2].properties
- CWE 4.5 [Parasoft 2021.2].properties6
The Security Compliance pack ships with the following additional configuration for CWE and OWASP compliance.
- UL 2900 [Parasoft 2021.2].properties (combines OWASP Top 10-2021 and CWE Top 25 + On the Cusp)
Also see the OWASP Compliance documentation.
...
Dashboards for .NET code:
- CWE 4.5 6 - .NET
- CWE Top 25 2021 - .NET
- CWE Top 25 2021 + On the Cusp - .NET
Dashboards for Java code:
- CWE 4.5 6 - Java
- CWE Top 25 2021 - Java
- CWE Top 25 2021 + On the Cusp - Java
The Security The Security Compliance pack ships with the following additional UL 2900 dashboard templates that include a combination of widgets configured to show CWE Top 25 + On the Cusp and OWASP Top 10 2021 compliance. Note that both CWE and OWASP 2021 compliance artifacts must be deployed.
- UL 2900 - Java
- UL 2900 - .NET
...
Profiles for .NET code:
- CWE 4.5 6 - .NET profile
- CWE Security Impact - .NET profile
- CWE Top 25 - .NET profile
- CWE Top 25+Cusp - .NET
Profiles for Java code:
- CWE 4.5 6 - Java profile
- CWE Security Impact - Java profile
- CWE Top 25 - Java profile
- CWE Top 25+Cusp - Java
...
Categories for .NET code:
- CWE 4.5 6 - .NET
- CWE 4.5 6 - Software Development - .NET
- CWE 4.5 6 - Technical Impact - .NET
- CWE Top 25 - .NET
- CWE Top 25 - Software Development - .NET
- CWE Top 25 - Technical Impact - .NET
- CWE Top 25+Cusp - .NET
- CWE Top 25+Cusp - Technical Impact - .NET
- CWE Top 25+Cusp - Software Development - .NET
Categories for Java code:
- CWE 4.5 6 - Java
- CWE 4.5 6 - Software Development - Java
- CWE 4.5 6 - Technical Impact - Java
- CWE Top 25 - Java
- CWE Top 25 - Software Development - Java
- CWE Top 25 - Technical Impact - Java
- CWE Top 25+Cusp - Java
- CWE Top 25+Cusp - Technical Impact - Java
- CWE Top 25+Cusp - Software Development - Java
...
Click on the widget to open the CWE Compliance Report.
If you deploy the UL 2900 dashboard for Java or .NET, an OWASP Compliance - Status widget for OWASP Top 10 will also be included.
Click on the widget to open the OWASP Compliance Report (see OWASP Compliance for additional information).
CWE Compliance - Percentage
...
Click on the widget to open the CWE Compliance Report.
If you deploy the UL 2900 dashboard for Java or .NET, an OWASP Compliance - Percentage will also be included.
Click on the widget to open the OWASP Compliance Report (see OWASP Compliance for additional information).
CWE Compliance - Weakness by StatusCWE Compliance - Weakness by Status
This widget shows the number of rules passed, violations, and deviations (suppressed code analysis violations). The green segment in the pie chart represents passing rules, while the red segment represents rules that have been violated. The widget also includes the build ID and the compliance category configuration used to display the results.
...
- Mouse over a segment of the pie chart to view details.
- Click on the passing segment of the pie chart to open the CWE Compliance Report filtered by passing guidelines.
- Click on the violations segment of the pie chart to open the CWE Compliance Report filtered by violations.
- Click on the Violations value to open an unfiltered instance of the CWE Compliance Report.
- Click on the Deviations value to open the Deviation Report.
Violations by Category
The UL 2900 dashboard for Java or .NET includes an OWASP Compliance - Weakness by Status widget, as well.
OWASP Violations by Risk
The UL 2900 dashboard for Java or .NET includes the OWASP Violation by Risk widget.
Refer to the OWASP Compliance documentation to learn more about this widget.
Violations by Category
The dashboard includes several instances of the standard DTP Categories - Top 5 includes several instances of the standard DTP Categories - Top 5 Table widget configured to show violations according to CWE guidelines.
...
Click on a category link in the Name column to open the Violations by Rule report. Click on the more... link (if more than five categories contain violations) to view the Violations by Compliance Category report.
Rules in Compliance
The UL 2900 dashboard for Java or .NET includes Categories - Top 5 Table widgets for CWE and OWASP.
The links in the UL 2900 dashboard widgets link to the same reports as the CWE dashboard widgets.
Rules in Compliance
The dashboard includes dashboard includes an instance of the standard DTP Rules in Compliance - Summary widget configured for CWE. This widget shows what percentage of the rules are in compliance, number of rules in compliance, rules enabled, and number of violations. Click on the widget to view the Violations by Compliance Category report.
If you deploy the UL 2900 dashboard for Java or .NET, a Rules in Compliance widget configured for OWASP compliance will be included.
, and number of violations. Click on the widget to view the OWASP Compliance Report (see OWASP Compliance for additional information).the Violations by Compliance Category report.
Compliance by Category
The dashboard includes an instance of the standard DTP Compliance By Category widget configured for CWE. This widget provides an overview of the compliance status for each category in the compliance configuration.
...
Mouse over a leaf in the widget to view details. Click on a leaf to open the Violations Explorer filtered by the compliance category.
Violations by Weakness - Treemap
The UL 2900 dashboards for Java or .NET include tree map widgets for CWE and OWASP. Both widgets open the Violations Explorer.
Manually Adding the CWE Widgets
...
Title | You can rename the widget in the Title field. | ||||||
---|---|---|---|---|---|---|---|
Filter | Choose a specific filter or Dashboard Settings from the drop-down menu. See Creating and Managing Filters for additional information. The filter should contain data that matches the type compliance profile you choose (Java, .NET, C++). Forexample, if the filter contains code analysis data on a .NET project then you should choose one of the .NET compliance profiles. | ||||||
Target Build | Choose a specific build from the drop-down menu. The build selected for the entire dashboard is selected by default. See Using Build Administration for additional information about understanding builds. This setting is available for all widgets. | ||||||
Compliance Profile
| Choose a compliance profile from the drop-down menu to display the code analysis data against one of the supported CWE-specific sets of guidelines. You can choose one of the following profiles:
The type compliance profile (Java, .NET, C++) should match the data in the selected filter. Forexample, choose one of the .NET compliance profiles if the filter contains code analysis data on a .NET project. |
...
- CWE Security Impact - .NET
- CWE . Security Impact - C++
- CWE Security Impact - Java
...