Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2025.1

In this section:

Table of Contents
maxLevel2

...

  1. Choose Extension Designer from the DTP settings (gear icon) menu.
  2. Click the Services tab and expand the DTP Workflows service category. You can deploy assets under any service category you wish, but we recommend using the DTP Workflows category to match how Parasoft categorizes the assets. You can also click Add Category to create your own service category (see Working with Services for additional information).
    Image Modified 
  3. You can deploy the artifact to an existing service or add a new service. The number of artifacts deployed to a service affects the overall performance. See Extension Designer Best Practices for additional information. Choose an existing service and continue to step 5 or click Add Service.
  4. Specify a name for the service and click Confirm.
  5. The tabbed interface helps you keep artifacts organized within the service. Organizing your artifacts across one or more tabs does not affect the performance of the system. Click on a tab (or click the + icon to add a new tab) and choose Import from the vertical ellipses menu.
  6. For OWASP API Security Top 10, go to Local > Flows > Workflows > Security > OWASP API Security Top 10 Compliance and click Import.
  7. For OWASP Top 10, go to Local > Flows > Workflows > Security > OWASP Top 10 Compliance and click Import.
  8. Click anywhere in the open area to drop the artifact into the service.
  9. Click Deploy to finish deploying the artifact to your DTP environment. 
  10. Return to DTP and refresh your dashboard.

...

  1. Click Add Dashboard from the DTP toolbar and specify a name when prompted.
  2. Enable Create dashboard from a template and choose one of the OWASP templates from the associated menu.
     Image Modified
  3. Click Create to finish adding the dashboard.

Manually Adding OWASP Widgets to an Existing Dashboard 

You After deploying the artifact, you can add the OWASP widgets shipped with the artifact to an existing to a dashboard. See See Adding Widgets for general instructions on adding widgets to a dashboard. After deploying the artifact, the OWASP widgets will appear more information about this process. OWASP widgets can be found in the OWASP API or OWASP Top 10 categories in the Add Widget dialog.

The following configurations are available:

...

There are seven possible states:

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • No rules enabled: Code analysis has not been reported to DTP or the OWASP Top 10 test configuration was not executed by Jtest or dotTEST.
  • N/A: The OWASP assets have not been deployed to a service or the service is not running. See Deploying the OWASP Compliance Assets 
  • Compliant with Deviations: Any The violations reported are acceptable and have been suppressed. See Deviations Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: Any violations reported do not represent a significant risk.
  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in Jtest or dotTEST and re-run analysis.

Click on Click on the widget to open the OWASP Compliance Report

...

Mouse over a cell in the chart to view the number of violations and suppressions for the specified risk level. Click on a cell risk level. Click on a cell to open the OWASP Compliance Report filtered according to the risk.

OWASP Compliance Percentage

This widget is included with the OWASP Compliance artifact. It shows the percentage of OWASP weaknesses that the code is in compliance with. Click on the widget to open the OWASP Compliance Report filtered according to the risk.

Click on the widget to open the CWE Compliance report (see CWE Compliance for additional information).

OWASP Compliance

...

- Weakness by Status

This widget is included with the OWASP Compliance artifact. It shows the percentage of OWASP  The red segment of the pie chart represents the weaknesses that the code is not compliant with. The green segment represents weaknesses that the code is in compliance with. The widget also shows the number of violations and deviations. Click on the widget to open the 

You can perform the following actions:

...

  • the

...

  • Violations section to open

...

Rules in Compliance

This widget is an implementation of the native DTP Rules in Compliance widget. It shows the percentage of Parasoft rules that are mapped to OWASP weaknesses that are not reporting a violation (are in compliance). See Rules in Compliance - Summary for details about the widget. 

Categories - Table

The dashboard includes an instance of the native Categories - Table widget configured for OWASP Top 10. It shows the five OWASP categories with the most violations. See Categories - Table for details about the widget.

Rules - Table

The dashboard includes an instance of the native Rules - Table widget configured for OWASP Top 10. It shows the five Parasoft rules mapped to OWASP categories with the most violations. See Rules - Table

...

OWASP Compliance - Weakness by Status

This widget is included with the OWASP Compliance artifact. The red segment of the pie chart represents the weaknesses that the code is not compliant with. The green segment represents weaknesses that the code is in compliance with. The widget also shows the number of violations and deviations.

You can perform the following actions:

Rules in Compliance

This widget is an implementation of the native DTP Rules in Compliance widget. It shows the percentage of Parasoft rules that are mapped to OWASP weaknesses that are not reporting a violation (are in compliance). See Rules in Compliance - Summary for details about the widget. 

Categories - Top 5 Table

The dashboard includes an instance of the native Categories - Top 5 Table widget configured for OWASP Top 10. It shows the five OWASP categories with the most violations. See Categories - Top 5 Table for details about the widget.

Rules - Top 5 Table

The dashboard includes an instance of the native Rules - Top 5 Table widget configured for OWASP Top 10. It shows the five Parasoft rules mapped to OWASP categories with the most violations. See Rules - Top 5 Table for details about the widget.

Violations by Weakness - Treemap

This widget shows the violations grouped by weakness in a tree map. Each tile is assigned a color and represents a weakness from the OWASP guidelines.

...

Violations by Weakness - Treemap

This widget shows the violations grouped by weakness in a tree map. Each tile is assigned a color and represents a weakness from the OWASP guidelines.

Anchor
Viewing the OWASP Compliance Report
Viewing the OWASP Compliance Report
Viewing the OWASP Compliance Report

The main OWASP compliance report provides details about your OWASP compliance status and serves as the primary document for demonstrating compliance. The report can show the following states:

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
  • No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.

You can perform the following actions:

...

The Weakness Detection Plan shows which static analysis rules are used to enforce the OWASP guidelines and is intended to describe how you are enforcing each guideline. This report uses the data specified in the compliance profile (see Custom Configuration for Profile). In the profile, you can configure the values associated with each weakness property to better reflect the specific challenges associated with your project.  

...

Deviation Report

Your code can contain violations and still be OWASP-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the dotTEST and Jtest documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click theDeviations  Deviation Report link in the OWASP Compliance report to open the Deviations Deviation Report.

The

...

Deviation Report shows all guideline IDs and headers

...

with deviations. You can click on the Violation ID to drill down into the Violations Explorer.

Build Audit Report

The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with OWASP during a regulatory audit.

...