The Overview with Fast Scan panel is part of the onboarding workflow introduced in 2.3.1. It will only be populated when this onboarding workflow is enabled and used - see Administration Center - Settings - Application Onboarding. See also Workflow - Application onboarding with Fast Scan.
This section is only displayed if you have configured more than one of either of the following:
- Multiple CAST Storage Service/PostgreSQL instances for analysis or Measurement requirements - see Administration Center - Settings - CSS and Measurement settings.
- Multiple Nodes (i.e. you are running the enterprise release of Console which allows for multiple Nodes to be configured) - see Administration Center - Nodes.
This allows you to select the specific target CAST Storage Service/PostgreSQL instance (for the database schemas required for the new Application) OR the target Node (for deep analysis requirements). If you do not make a selection - i.e. you leave the options set to "ANY", Console will function in "load balancing" mode and will choose the CAST Storage Service/PostgreSQL or Node automatically:
- If you have ALREADY run a deep analysis, the UI will prevent you from choosing a different CAST Storage Service instance or Node for any subsequent analysis related actions to ensure stability.
- Load Balancing
behaviour, when ANY is selected:
-
CAST Storage Service/PostgreSQL
- For the deep analysis step (result storage), the CAST Storage Service/PostgreSQL instance with the lowest number of CAST related schemas already stored on it will be used.
-
Nodes
- For the deep analysis step, the least busy node running the same release of AIP Core as used for the initial fast scan will be selected.
-
CAST Storage Service/PostgreSQL
- Node manual selection: only nodes running the same release of AIP Core as used for the initial fast scan of the onboarding process will be made available for selection - this is to prevent analysis errors. This may mean that it is not possible to choose a specific node.
Run analysis
In ≤ 2.7, CAST Imaging MUST be configured Administration Center - Settings - Imaging Settings otherwise the action will fail. This requirement has been removed in ≥ 2.8.
This section provides the following:
- Information about the state of the source code
- Allows you to start an analysis
- Provides an analysis estimation time in hours and minutes. In ≥ 2.6 this estimation is valid for the analysis action and the upload to CAST Imaging (no estimation is given for CAST Dashboard actions). In previous releases, the estimation is only valid for the analysis action.
Information about the state of the source code | Information about the readiness of the delivered source code for analysis is provided based on the initial fast scan: All clear If no "issues" are found then the "all clear" is given: All clear but cannot access CAST Imaging/CAST Dashboards If no "issues" are found, but CAST Imaging/CAST Dashboards are either not configured or not available, the upload to CAST Imaging/CAST Dashboards (snapshot) will not run: Issues found If issues are found, then a warning is given with an explanation. In this situation, a warning does not mean that the analysis cannot proceed, however, coherent results may not be produced. For example:
Analysis complete When an analysis has been run, this panel will show:
|
---|---|
Run Analysis | Click the Run Analysis button to start the deep analysis process. A popup will then be displayed: When an analysis is started, a full backup of the onboarding details (e.g. delivered source code and any exclusions that have been set) and is created (in ZIP format) and is stored in the following locations (see below). This is so that any manually or automatically (via a filter) excluded folders/files can be removed before the analysis is started. When the analysis action is complete, any excluded files/folders are put back in the original location (ZIP file unzip location or source code folder location):
|
Deep analysis estimation time | The deep analysis estimation time is provided in hours and minutes and is based on anonymous statistical data that has been collected by CAST using the Allow CAST to automatically collect anonymous statistical data option in the Admin Center - see Administration Center - Settings - CAST Extend. Note that this estimation is only valid for the analysis action and does not include any other actions that may have been enabled for CAST Dashboards/Imaging. |
Advanced configuration |
This option allows you to control what steps in the analysis process are actioned and should only be used if you know what you want to achieve: |
What steps are actioned when Run Analysis is clicked?
When the Run Analysis button is clicked, the following will occur automatically depending on the configuration:
CAST Imaging configured and available |
Embedded CAST Dashboards configured and available | Analysis | Upload
to CAST Imaging |
Security Dataflow |
Snapshot generation | Upload to CAST Dashboards |
---|---|---|---|---|---|---|
Install, Configure, Analyze
The actions Install, Configure and Analyze are ALWAYS actioned regardless of your configuration:
The Finalizing Analysis entry will only be visible in the Analyze section when source code exclusions have been configured. This step restores the excluded files after the analysis has completed:
Upload
The Upload action differs depending on your configuration:
Configuration | Requirement | Actions |
---|---|---|
Any (Standard AIP Core, AIP Core for Imaging, AIP Core for Security) | CAST Imaging MUST be configured in Administration Center - Settings - Imaging Settings and accessible. |
|
With embedded Dashboards | Embedded CAST Dashboards MUST be configured and accessible. See Embedded CAST Dashboard deployment process. |
|
Additional analysis options
Depending on the configuration and license in use the following configuration will also be automatically applied when the Run Analysis button is clicked:
Option name | Target | Action |
---|---|---|
Security Dataflow | CAST Dashboards | This option focuses on user input security assessments for JEE/NET technologies. Selecting this option will:
This configuration is applied as follows:
|
Function Points | CAST Dashboards | This option focuses on function points measurement. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions): If you are using a CAST global license that does not include EFP, then this option will not produce any results. |
Tags for Data Access Sensitivity | CAST Imaging and CAST Dashboards | This option focuses on flow of data identification and will deliver associated results. Selecting this option will currently install the following extensions (in addition to any that are discovered, set to force install or those that are automatically active / shipped extensions):
GDPR / PCI DSS Two additional options specifically enable a check of a set of predefined sensitive key words related to GDPR (General Data Protection Regulation) and/or PCI-DSS (Payment Card Industry Data Security Standards) data:
In other words, enabling the GDPR option (for example) will force the check using the predefined keywords. When the analysis runs, the predefined keywords defined will be checked and if any are found in the source code a flag will be added in the analysis results on the object in question. This can be seen as below in CAST Imaging: Click to enlarge |
Resuming interrupted jobs
Should your job be interrupted for whatever reason (network issue, issue on the Node etc.), CAST Console is able to resume the job from the same point or a previous point. Take for example a job that has been interrupted in the Install step:
Returning to the Application - Overview with Fast Scan page, a Resume button will be displayed in place of Run analysis:
In addition starting CAST Console 2.9, steps that were successfully completed prior to the interruption will be displayed as follows:
Log panel | Click to enlarge |
---|---|
Job progress screen ≥ 2.9 | Click to enlarge |