...
Compliance Packs include test configurations tailored for particular compliance domains to help you enforce industry-specific compliance standards and practices. See Compliance Packs Rule Mapping for information how the standards are mapped to C/C++test's rules. Compliance Packs
Info | ||||
---|---|---|---|---|
| ||||
Some test configurations in this category have a corresponding "Compliance" extension on DTP, which allows you to view your security compliance status, generate compliance reports, and monitor the progress towards your security compliance goals. These test configurations require dedicated license features to be activated. Contact Parasoft Support |
...
for more details on Compliance Packs licensing. See the "Extensions for DTP" section in the DTP documentation for the list of available extensions, requirements, and usage. |
Aerospace Pack
Test Configuration | Description |
---|---|
Joint Strike Fighter | Checks rules that enforce the Joint Strike Fighter (JSF) program coding standards. |
DO178C Software Level A Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level A |
DO178C Software Level B Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level B |
DO178C Software Level C and D Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for DO178C Software Level C and D |
...
Test Configuration | Description |
---|---|
AUTOSAR C++14 Coding Guidelines | Checks rules that enforce the AUTOSAR C++ Coding Guidelines ( Adaptive Platform, version 17-10)Adaptive Platform, version 17-10).
|
High Integrity C++ | Checks rules that enforce the High Integrity C++ Coding Standard. |
HIS Source Code Metrics | Checks metrics required by the Herstellerinitiative Software (HIS) group. |
MISRA C 1998 | Checks rules that enforce the MISRA C coding standards. |
MISRA C 2004 | Checks rules that enforce the MISRA C 2004 coding standards. |
MISRA C++ 2008 | Checks rules that enforce the MISRA C++ 2008 coding standards. |
MISRA C 2012 | Checks rules that enforce the MISRA C 2012 coding standardsenforce the MISRA C 2012 coding standards.
|
ISO26262 ASIL A Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL A |
ISO26262 ASIL B and C Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL B and C |
ISO26262 ASIL D Unit Testing | Executes unit tests with appropriate configuration of coverage metrics and reporting settings for ISO26262 ASIL D |
...
Test Configuration | Description |
---|---|
CWE-SANS Top 25 Most Dangerous Programming Errors | Checks for the 2011 CWE/SANS Top 25 Most Dangerous Software Errors— a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all. (http://cwe.mitre.org/top25/index.html) For more details, see 2011 CWE/SANS Top 25 Most Dangerous Software Errors Mapping. |
OWASP Top 10 2017 | Includes rules that find issues identified in OWASP’s Top 10 standard. |
Payment Card Industry Data Security Standard | Checks rules for the security issues referenced in section 6 of the Payment Card Industry Data Security Standard (PCI DSS) (https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml) Issues detected include input validation (to prevent cross-site scripting, injection flaws, malicious file execution, etc.) and validation of proper error handling. |
Security Rules | Checks rules designed to prevent or identify security vulnerabilities. |
SEI CERT C Coding Guidelines | Checks rules and recommendations for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. |
SEI CERT C Rules | Checks rules for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilitiesto undefined program behaviors and exploitable vulnerabilities.
|
SEI CERT C++ Rules | Checks rules for the SEI CERT C++ Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
|
UL 2900 | Includes rules that find issues identified in the UL-2900 standard. |
...
This section includes rule mapping for the OWASP and CWE standardsstandars. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.
...