Versions Compared

Old Version 2

changes.mady.by.user Chieko Sugizaki

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2025.1

In this section:

Table of Contents
maxLevel2

...

  1. Choose Extension Designer from the DTP settings (gear icon) menu.
  2. Click the Services tab and expand the DTP Workflows service category. You can deploy assets under any service category you wish, but we recommend using the DTP Workflows category to match how Parasoft categorizes the assets. You can also click Add Category to create your own service category (see Working with Services for additional information).
    Image Modified 
  3. You can deploy the artifact to an existing service or add a new service. The number of artifacts deployed to a service affects the overall performance. See Extension Designer Best Practices for additional information. Choose an existing service and continue to step 5 or click Add Service.
  4. Specify a name for the service and click Confirm.
  5. The tabbed interface helps you keep artifacts organized within the service. Organizing your artifacts across one or more tabs does not affect the performance of the system. Click on a tab (or click the + icon to add a new tab) and choose Import from the vertical ellipses menu.
  6. For OWASP API Security Top 10, go to Local > Flows > Workflows > Security > OWASP API Security Top 10 Compliance and click Import.
  7. For OWASP Top 10, go to Local > Flows > Workflows > Security > OWASP Top 10 Compliance and click Import.
  8. Click anywhere in the open area to drop the artifact into the service.
  9. Click Deploy to finish deploying the artifact to your DTP environment. 
  10. Return to DTP and refresh your dashboard.

...

  1. Click Add Dashboard from the DTP toolbar and specify a name when prompted.
  2. Enable Create dashboard from a template and choose one of the OWASP templates from the associated menu.
     Image Modified
  3. Click Create to finish adding the dashboard.

Manually Adding OWASP Widgets to an Existing Dashboard 

You After deploying the artifact, you can add the OWASP widgets shipped with the artifact to an existing to a dashboard. See See Adding Widgets for general instructions on adding widgets to a dashboard. After deploying the artifact, the OWASP widgets will appear more information about this process. OWASP widgets can be found in the OWASP API or OWASP Top 10 categories in the Add Widget dialog.

The following configurations are available:

...

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.
  • Compliant with Violations: The violations reported do not represent a significant risk.

Click on the Click on the widget to open the OWASP Compliance Report

...

Rules in Compliance

This widget is an implementation of the native DTP Rules in Compliance widget. It shows the percentage of Parasoft rules that are mapped to OWASP weaknesses that are not reporting a violation (are in compliance). See Rules in Compliance - Summary for details about the widget. 

Categories -

...

 Table

The dashboard includes an instance of the native Categories - Top 5 Table widget Table widget configured for OWASP Top 10. It shows the five OWASP categories with the most violations. See Categories - Top 5 Table for details about the widget.

Rules -

...

Table

The dashboard includes an instance of the native Rules - Top 5 Table widget Table widget configured for OWASP Top 10. It shows the five Parasoft rules mapped to OWASP categories with the most violations. See See Rules - Top 5 Table for details about the widget.

...

  • Compliant: No violations are reported, and no suppressions have been applied. 
  • Not Compliant: Violations have been reported that represent a significant risk. 
  • Missing rule(s) in analysis: Parasoft code analysis rules documented in the profile were not included in the specified build. Make sure all rules are enabled in the Parasoft tool and re-run the analysis.
  • Compliant with Deviations: The violations reported are acceptable and have been suppressed. See Deviation Report for additional information about deviations/suppressions.Compliant with Violations: The violations reported do not represent a significant risk.
  • No Rules Enabled: There are no Parasoft code analysis rules mapped to the guideline.

You can perform the following actions:

...

Your code can contain violations and still be OWASP-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the dotTEST and Jtest documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click the Deviation Report link in the OWASP Compliance report to open the Deviations Deviation Report.

The

...

Deviation Report shows all guideline IDs and headers

...

with deviations. You can click on the Violation ID to drill down into the Violations Explorer.

Build Audit Report

The Build Audit Report shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with OWASP during a regulatory audit.

...