CAST HIGHLIGHT - Analysis - Are exclusions possible after the analysis of an application?

Follow

Code insights can be excluded, filters can be applied by excluding folders to refine software analysis results, but it might not be possible to exclude a specific file and its results unless a workaround is applied.

 

Details

  • It is not possible to exclude a specific file and its results permanently from the UI after scanning. A workaround would be to modify the result csv files to remove the particular file result for the application and then re-submit.  
  • A code insight can be excluded.  To do this go to the application's code insights, click on the exclusion button for the insight to the left. 1.pngThis excludes the code insight for all scanned items. That is if a code insight is excluded in the first analysis for an application. and then if another submission for this same application is made, the code insight will remain excluded. The code insight exclusion will be 'permanent' and applied to all future analyses for that application.

 

The code insight will be excluded across the entire application, regardless of all the folders within the application.
 
There's no exclusions for code insights for parts of the application.  To do this with the current functionality, application should be split and the code insight exclusion applied to the part of the code you want to exclude.  But the analysis reporting will happen on each part of the application separately.
 
For example: 

      • Application1 has folders backend and frontend.
      • Analysing together you get results for both backend and frontend, but any code insight exclusions are applied to both backend and frontend.
      • Splitting the Application1 into Application1_back and Application2_front will allow for a code insight exclusion just in either backend or frontend but the results for each piece will get separated.

 

  • Users can apply filters by excluding folders to refine software analysis results directly from an application’s insights dashboard after analysis. The system recalculates metrics using a default set of excluded folders, such as those containing third-party libraries, test files, build or deployment tools, documentation, or generated code. 

Purpose is to enable users to see what the scores and lines of code would be if some folders and corresponding source files would have been suppressed from the scan.

In certain scenarios, users require both detailed analysis of open source risks and accurate evaluation of software quality. But, scans often include third-party libraries to assess open source components. However, these external files can skew software quality metrics, especially in technologies with large dependency trees like JavaScript.

To address this, Highlight can do real-time filtering during scans, allowing users to separate open source risk analysis from proprietary code quality assessments. This ensures comprehensive visibility into open source usage while maintaining accurate software health metrics.

From the Health Distribution tab of an application’s page, click on the filter icon to activate the re-calculated insights. 2.pngCAST Highlight will calculate scores and metrics based on a default set of pre-filtered folder exclusions. The calculation can take some time depending on the application size.

 

To change the default folder exclusions, click on the cog icon. A modal opens with a list of all folders and subfolders of the scan, indicating whether they are excluded or not, the type of file (source, build, third-party, etc.), the number of included vs. excluded files, the corresponding detected technologies and OSS components if any. Check the boxes for the folders you want to include in the calculation and finally click on the Apply button. 3.pngThe modal closes and re-calculated scores and lines of code are displayed.

You can easily check the before/after results by clicking on the filter icon again. These filters thus help ensure more accurate software quality insights by focusing on relevant source code.

 

Users can thus customize exclusions by accessing a detailed view of all scanned folders, where they can review and adjust which files are included in the analysis

These re-calculated scores and metrics are “for your eyes only” and do not persist (i.e. saved) on the platform. Please refer Re-calculate Software Health scores in real-time based on folder exclusions for more details

 

Additional Resources

CAST Highlight Troubleshooting Guides

CAST Highlight Product Documentation

 

Ticket

50795

Have more questions? Submit a request

Comments

Powered by Zendesk