Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2020.1

...

See https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682 to learn more about about the standard.

Prerequisites

C/C++test 102020.4.3 1 or later (desktop or plug-in edition) with the SEI CERT C++ Rules and Flow Analysis license features enabled. See Security Compliance Pack for additional information.

...

Click on a rule to see the violation in the Violations Explorer.

CERT

...

Compliance

...

The CERT Compliance Report provides an overview of your CERT compliance status and serves as the primary document for demonstrating compliance.

Image Removed

You can perform the following actions:

by Priority

This widget is an implementation of the standard Compliance By Category widget shipped with DTP. It shows the number and percentage of rules in compliance grouped by rule categories.

Image Added

Click on an entry in the table to open the Violations by Compliance Category report.

Top 5 CERT Categories

This widget is an implementation of the standard Categories - Top 5 Table widget shipped with DTP. It shows the five CERT guideline categories with the most violations.

Image Added

Click on a link in the Name column or the more... link to open the Violations by Compliance Category report.

Top 5 CERT Guidelines

This widget is an implementation of the standard Categories - Top 5 Table widget shipped with DTP. It shows the five CERT guidelines with the most violations.

Image Added

Click on a link in the Name column or the more... link to open the Violations by Compliance Category report.

CERT Analysis Compliance

This widget is an implementation of the standard Rules in Compliance - Summary widget shipped withe DTP. This widgets shows the following information:

  • how many static analysis rules for the selected compliance standard were enabled during code analysis
  • how many violations were reported
  • the overall percentage of rules that did not report violations
  • the change in number of violations from the baseline build to the target build as a percentage (if applicable)

Image Added

Click on the widget to open the Violations by Compliance Category report.

CERT C++ Compliance Reports

The CERT Compliance Report provides an overview of your CERT compliance status and serves as the primary document for demonstrating compliance.

Image Added

You can perform the following actions:

  • Use the drop-down menus to sort by the following criteria:
    • Guideline type: Rule, Recommendation, or All 
    • Priority level: L1, L2, L3, or All
    • Compliance status: All, No Rules Enabled, Compliant, Compliant With Deviations, Compliant With Violations, Not Compliant, Missing Rule(s) in Analysis
  • Click on a link in the # of Violations, In-Code Suppression, or DTP Suppressions column to view the violations in the Violations Explorer.
  • Open one of the CERT Compliance sub-reports.
  • Click Download PDF to download a printer-friendly PDF version of the report data. If you added a custom graphic to DTP as described in Adding a Custom Graphic to the Navigation Bar, the PDF will also be branded with the graphic. 

...

Table of Content Zone
maxLevel2
minLevel2
locationtop

Conformance Testing Plan

The Conformance Testing Plan cross-references CERT guidelines with Parasoft static analysis rules using the data specified in the compliance profile. You can change the severity, likelihood, remediation cost, and other values to meet your project goals by configuring the profile. Click on a guideline to view the CERT documentation on the CERT website.

Image RemovedImage Added

Deviation Report 

Your code can contain violations and still be CERT-compliant as long as the deviations from the standard are documented and that the safety of the software is unaffected. Deviations are code analysis rules that have been suppressed either directly in the code or in the DTP Violations Explorer. See the C/C++test documentation for details on suppressing violations in the code. See Suppressing Violations in the Violations Explorer documentation for information about suppressing violations in DTP.

Click on the Deviation Report link in the CERT Compliance Report to open the Deviation Report.  

The Deviations Report shows all guideline IDs and headers, but guidelines that have been suppressed will show additional information. You can perform the following actions:

  1. Filter the report by type (Rule, Recommendation, All)
  2. Filter the report by level (L1, L2, L3)
  3. Enable the Only Deviations option to only show deviations
  4. Enable the Hide Modification History option to exclude the modification history for deviations   

Build Audit Report

The Build Audit Report is native functionality in DTP. It shows an overview of code analysis violations, as well as test results and coverage information, associated with the build. This report also allows you to download an archive of the data, which is an artifact you can use to demonstrate compliance with CERT during a regulatory audit.

In order to download an archive, the build has to be locked. See Build Audit Report for additional details about this report.  

...