Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CPPTDESKDEV and version 10.4.2

...

Compliance Packs include test configurations tailored for particular compliance domains to help you enforce industry-specific compliance standards and practices. See Compliance Packs Rule Mapping for information how the standards are mapped to C/C++test's rules.(info) Compliance Packs

Info
iconfalse
titleDisplaying compliance results on DTP

Some test configurations in this category have a corresponding "Compliance" extension on DTP, which allows you to view your security compliance status, generate compliance reports, and monitor the progress towards your security compliance goals.  These test configurations require dedicated license features to be activated. Contact Parasoft Support

...

for more details on Compliance Packs licensing.

See the "Extensions for DTP" section in the DTP documentation for the list of available extensions, requirements, and usage.

Aerospace Pack

Test Configuration Description
Joint Strike FighterChecks rules that enforce the Joint Strike Fighter (JSF) program coding standards.
DO178C Software Level A Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level A
DO178C Software Level B Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level B
DO178C Software Level C and D Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level C and D

...

Test Configuration Description
AUTOSAR C++14 Coding Guidelines

Checks rules that enforce the AUTOSAR C++ Coding Guidelines (

Adaptive Platform, version 17-10)

Adaptive Platform, version 17-10).

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

High Integrity C++Checks rules that enforce the High Integrity C++ Coding Standard.
HIS Source Code MetricsChecks metrics required by the Herstellerinitiative Software (HIS) group.
MISRA C 1998Checks rules that enforce the MISRA C coding standards.
MISRA C 2004Checks rules that enforce the MISRA C 2004 coding standards.
MISRA C++ 2008Checks rules that enforce the MISRA C++ 2008 coding standards.
MISRA C 2012

Checks rules that

enforce the MISRA C 2012 coding standards

enforce the MISRA C 2012 coding standards.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

ISO26262 ASIL A Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL A
ISO26262 ASIL B and C Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL B and C
ISO26262 ASIL D Unit TestingExecutes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL D

...

Test Configuration Description
CWE-SANS Top 25 Most Dangerous Programming Errors

Checks for the 2011 CWE/SANS Top 25 Most Dangerous Software Errors—  a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

(http://cwe.mitre.org/top25/index.html)

For more details, see 2011 CWE/SANS Top 25 Most Dangerous Software Errors Mapping.

OWASP Top 10 2017

Includes rules that find issues identified in OWASP’s Top 10 standard.

Payment Card Industry Data Security Standard

Checks rules for the security issues referenced in section 6 of the Payment Card Industry Data Security Standard (PCI DSS) (https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml)

Issues detected include input validation (to prevent cross-site scripting, injection flaws, malicious file execution, etc.) and validation of proper error handling.

Security RulesChecks rules designed to prevent or identify security vulnerabilities.
SEI CERT C Coding GuidelinesChecks rules and recommendations for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
SEI CERT C Rules

Checks rules for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead

to undefined program behaviors and exploitable vulnerabilities

to undefined program behaviors and exploitable vulnerabilities.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

SEI CERT C++ Rules

Checks rules for the SEI CERT C++ Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP. It requires dedicated license features to be activated. Contact your Parasoft representative for details.

UL 2900Includes rules that find issues identified in the UL-2900 standard.

...

This section includes rule mapping for the OWASP and CWE standardsstandars. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.

...