Versions Compared

Old Version 3

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2024.1

...

Info
titleRule Map and Test Configuration

Parasoft static and flow analysis rules normally report violations according to a category (for example, Possible Bug, Interoperability, etc.and so on) and severity (1-5). In order to view code analysis violations as CERT C guideline violations, DTP requires a rule map file that realigns Parasoft rules to report violations according to CERT C guidelines. In addition, the code analysis tool (C/C++test) needs a test configuration file that ensures that only the rules related to the remapped CERT C rules are executed. These files are shipped with C/C++test.

...

The status will be set to Not Compliant if Parasoft code analysis rules documented in your profile were not included in the specified build or if unacceptable violations have been reported. Make sure all rules are enabled in C/C++test and re-run analysis.

...

This widget shows the completeness of CERT compliance as a percentage. Completeness is based on the number of guidelines being enforced in the profilethe profileClick on the widget to open the CERT C Compliance Report.

...

The widget uses the hierarchy established in the model the model profile to correlate Parasoft rules with CERT rules, recommendations, and priorities. You can mouse over a tile in the widget to view the number of violations associated with each rule/guideline/category.

...

  • Use the menus to sort by the following criteria:
    • Guideline type: Rule, Recommendation, or All 
    • Priority level: L1, L2, L3, or All
    • Compliance status: All, No Rules Enabled, Compliant, Compliant With Deviations, Compliant With Violations, Not Compliant, Missing Rule(s) in Analysis
  • Click on a guideline link in the Guideline column to open the Conformance Enforcement Testing Plan. The link goes directly to the specific guideline so that you can review the Parasoft code analysis rule or rules enforcing the guideline. 
  • Click a link in the # of Violations column to view the violations in the Violations Explorer.
  • Click a link in the # of Deviations column to view the suppressed violations in the Violations Explorer.
  • Open one of the CERT Compliance sub-reports.
  • Click Download PDF to download a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic. 

...

Table of Content Zone
maxLevel2
minLevel2
locationtop

Conformance Testing Plan

The Conformance Testing Plan cross-references CERT guidelines with Parasoft static analysis rules using the data specified in the compliance profile. You can change the severity, likelihood, remediation cost, and other values to meet your project goals by configuring the profile.

Deviation Report 

Your code can contain violations and still be CERT-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C/C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click the Deviation Report link in the CERT Compliance Report to open the Deviation Report. 

The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information. You can perform the following actions:

  1. Filter the report by type (Rule, Recommendation, All).
  2. Filter the report by level (L1, L2, L3).
  3. Enable Only Deviations to only show deviations.
  4. Enable Hide Modification History to exclude the modification history for deviations.

Build Audit Report

The Build Audit Report is native functionality in DTP. It shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with CERT during a regulatory audit.

In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

...