CAST HIGHLIGHT - Getting Started Guide

Welcome to CAST Highlight, CAST’s application portfolio analysis software-as-a-service

(SaaS). As a fast, intuitive, and easy-to-use platform, CAST Highlight assesses the health of

custom business applications across an organization’s IT portfolio. The platform generates

metrics on each application’s software risk, complexity, size, and other key indicators, and

delivers you increased visibility into overall system health.

This guide is designed to get you up and running with CAST Highlight today. If you are the

project administrator for your organization’s CAST Highlight instance, we recommend you

use this entire manual as a reference guide. Section II: Setting up your project in CAST

Highlight is designed especially for you. Application owners, we suggest you focus on Section

III: Analyzing source code in CAST Highlight.

Of course, if at any time you have questions or feedback, please don’t hesitate to contact

CAST Support at https://help.castsoftware.com.

Sincerely,

The CAST Highlight Team 

Getting started with CAST Highlight

Technical requirements

CAST Highlight requirements:

▪ Microsoft Windows Operating System superior or equal to Windows 10

▪ Supported browsers: preferably Google Chrome recommended for better

experience, Microsoft Edge, Firefox ESR. Generally, support is not guaranteed on

browser versions which are no longer supported by their vendor.

▪ Code Reader Install/Scan: 600MB free disk space, 8GB memory

▪ Users should have administrator privileges to run the installer

▪ Source code is available and stored in text files, in UTF8 encoding, accessible

from the machine where the Code Reader is running

Roles & access rights

CAST Highlight provides access rights at three different levels.

Portfolio Manager

▪ A Portfolio Manager is the administrator. This user has access to all pages in the

organization’s CAST Highlight instance. This role is assigned to the user or users at

the organization who set up and maintain core aspects of the implementation. For

example, the Portfolio Manager creates and manages other user accounts within the

organization and can access the analysis results for all applications in the instance.

▪ The Portfolio Manager also manages the scope of each assessment campaign,

including which applications are analyzed and by whom, and oversees any

customization of the survey.

▪ The Portfolio Manager can download the CAST Highlight Code Reader and, if desired,

he or she can analyze applications on behalf of application owners.

Application and Domain Contributor

▪  A Domain Contributor is attached to a domain and can contribute to

any application attached to this domain (upload scan results, answer

surveys). The Domain Contributor has visibility on all application

results of this domain.

Simply click on the activation link to activate your account on the CAST Highlight portal.

Enter a password to complete the activation process. You will then be re-directed to the CAST

Highlight home page. Login with your credentials to enter the portal.

Account settings

CAST Highlight includes an account settings view, where you can manage your login

credentials and verify your access rights.

• On the top right-hand side of the portal, your name will be displayed.
• Click on the user icon to display the user side menu.

• Select My Account

Security and password policy management

In order to guarantee security of the platform and to support your internal security policy, it

is now possible to decide on the strength level that user passwords must require. These

settings are defined at company level.

By default, any enrolling user must select a password that requires the following criteria:

▪ Minimum length of 10 characters

▪ Must contain at least one alphabetic character

▪ Must contain at least one lower case character

▪ Must contain at least one upper case character

▪ Must contain at least one numeric character

For companies who require stronger passwords for third-party solutions (i.e.: Highlight), the

CAST Highlight platform administrator can specify additional password requirements:

▪ Password must contain at least one special character (e.g.: #-?@)

▪ Minimum length can be extended to comply with your policy (e.g. 14 characters)

Please note that in the current version of Highlight, this feature is not retro-active for users

who already defined their password. This feature is accessible to the Highlight platform

administrator. You can request a modification of your password criteria at any moment, by

contacting the CAST support at https://help.castsoftware.com.

Alternatively, user authentication can be done through SAML2/SSO integration with your

organization directory. Follow instructions from this tutorial.

Setting up your project in CAST Highlight

Important: This section of the user guide is dedicated to the Portfolio Manager.

Users assigned to Contributor roles can skip this section of the guide and go straight to Section III:

Analyzing Your Source Code in CAST Highlight.

All the features detailed in this section take part in the Plan section of the CAST Highlight

portal.

Domain, Application, and User management

Portfolio Managers can create, update and delete domains, subdomains, applications and

users from the same screen.

For further guidance on portfolio management features, please refer to this product tutorial:

https://doc.casthighlight.com/feature-focus-portfolio-management-optimization/

For SSO/SAML-configured CAST Highlight instances, please refer to this documentation:

https://doc.casthighlight.com/cast-highlight-saml-sso-integration-with-identity-providers-

idp/

Survey management

Setting up a survey

The survey is designed to collect valuable inputs from application owners regarding each

application analyzed by CAST Highlight. To access survey management features, visit the

Manage Portfolio section and click “Manage Surveys.”

Two kind of survey are available:

▪ CAST standard surveys: these surveys are provided by CAST. You can use them

and override/customize labels for your application campaigns.

▪ Custom surveys: these surveys are created by Portfolio Managers within your

organization. You can create and administrate them.

All active surveys that can be used for a campaign are listed in the right panel (“Active

Surveys”). You can unfold them to see, remove or make mandatory the questions, except for

CAST standard surveys for which the content is locked. In case you want to customize CAST

standard surveys, you’ll have to clone them first.

To override survey labels (e.g. to translate description in another language), click on the pen

icon. To remove a question of a survey or make it mandatory, respectively click on the cross

or the star.

CAST standard surveys

The platform uses the responses of CAST standard surveys to generate a Business Impact

indicator for each application, a Cloud Maturity indicator and a Software Maintenance

Estimate. The Portfolio Manager sets up the survey, and the Contributor – typically the

application lead – answers the questions and runs the code analysis.

The surveys are divided into four sections:

▪ Application Properties

This the survey contains key questions to qualify your applications:

o The application category: is the application a COTS (Commercial Off The

Shelf), a custom application, a customized COTS or integration code?

o The application type: is the application a CRM, an ERP, a Consumer Lending

application, etc.?

o Initial release year: when has the application been initially implemented?

▪ Business Impact

This survey provides 10 questions which are used to calculate the Business Impact

index in CAST Highlight. These questions are required for CAST Highlight to generate

the Business Impact metric for the application, but your organization can de-activate

or customize this the survey, if you prefer. Note also that the weighting of these

questions and answers can be customized to fit with your business specificities. See

this tutorial to learn how to do so.

▪ Cloud Maturity

This survey provides 12 questions which are used to calculate the Cloud Maturity

indicator in Highlight. These questions are required for CAST Highlight to generate

the Cloud Maturity metric for the application, but your organization can de-activate

or customize this the survey, if you prefer. Note also that the weighting of these

questions and answers can be customized to fit with your business specificities. See

this tutorial to learn how to do so.

▪ Green Impact

This survey provides 13 questions which are used to calculate the Green Impact

indicator in Highlight. These questions are required for CAST Highlight to generate

the Green Impact metric for the application, but your organization can de-activate

or customize this the survey, if you prefer. Note also that the weighting of these

questions and answers can be customized to fit with your business specificities. See

this tutorial to learn how to do so.

▪ Software Maintenance Estimate

This survey provides six questions which are used to calculate the Software

Maintenance Estimate in CAST Highlight. These questions are all required for CAST

Highlight to generate the Software Maintenance Estimate for the application, but

your organization can de-activate them entirely, if you prefer. This is covered on the

next page of this guide.

Note: For CAST Highlight to generate the Software Maintenance Estimate, the

Contributor must complete both the Business Impact and Software Maintenance

Estimate questions.

De-activating a CAST standard survey

If your organization wants, for instance, to focus exclusively on the source code analysis, you

can remove the survey, or parts of the survey, from CAST Highlight.

▪ Navigate to the “Manage Surveys” tab under the Manage Portfolio section

▪ On the left panel, click on the link icon

Clicking on this button will remove the survey from your CAST Highlight instance. Please note

you cannot remove a single question from a given section; only full sections can be removed

from the survey.

▪ The two survey sections can be re-activated at any time by clicking on the ‘+’ icon for

the corresponding survey from the Survey Catalog tab.

Custom surveys

A custom survey is an excellent way to gather additional information on your applications,

to build complementary analytics to standard CAST indicators.

Creating a survey

To create a custom survey, in the Manage Portfolio > Manage Surveys section, click on “+

Create Survey” in the left panel. A modal opens to specify the name and description of the

survey. To confirm the creation, click on “Save”. This new survey will be added and available

across your organization.

Adding, editing, or removing a question

Managing custom survey questions is easy. In the right panel, select the tab “Questions”. The

questions that have already been created are listed and you can attach them to a survey. If

you want to create a new question, click on “+ Create Question”.

▪ Type in the question

▪ Chose the format of the answer (Text, Number, Percent, Date, or Multiple Value)

▪ Click “Save” to finalize the question and add it to the survey

A custom question can be edited or deleted at any time. Click on the edit or delete button,

as shown below.

Attaching a question to a survey

To make one or many questions part of a survey, click on checkboxes of questions you want

to include. Click on the file icon of the survey to attach the question. Note that you cannot

attach a question to a CAST standard survey.

Mandatory questions

Questions of your custom surveys can be made mandatory or optional. Just click on the star

button on the right-hand side of the question – a lit star means the question is mandatory.

Once your survey and its questions are ready, you can use it for a campaign.

Campaign management

Creating and launching a campaign

The term campaign in CAST Highlight is used to describe a set of applications that will be

analyzed at a specific point in time. Launching a campaign allows the Portfolio Manager to

send a communication to all the registered team members through CAST Highlight. This

communication notifies each user that they should start analyzing their source code.

Important: It is required that applications are associated with a campaign for the Contributors

to be able to conduct the analysis and complete the survey.

Setting up and launching a campaign can be done under the “Manage Campaigns” tab of the

Manage Portfolio section.

▪ Navigate to the “Manage Campaigns” tab under Manage Portfolio section

▪ Click the “Create Campaign” button

The following information will need to be provided:

▪ Name – what is the name of the campaign? (e.g.: January Campaign; Business Services

Campaign, etc.). This name will be displayed in the portal.

▪ Closing Date – The end date for the campaign. Contributors will not be able to submit

results after this date.

▪ Domain and Application scope – which applications will be analyzed in this campaign

Please note, all applications that need to be added to a campaign must be created in the

“Manage Applications” tab beforehand. For more information, see “Creating Application Records”

Once you’ve entered the above information into the “Create Campaign” screens, click on the

“Next Step” button. You will see the Launch message, as shown below. This message will be

sent via email to all the users associated to the applications in the campaign. Customize the

message to your liking – up to 1,024 characters – and click ‘Complete’. Each user will receive

the email, also shown below.

Analyzing source code in CAST Highlight

This section of the guide is designed for team members with a Contributor role, typically the

application owners. For teams who want to leverage automation capabilities of the Highlight

command line, please refer to this link from which the tool can be downloaded.

Installing the Code Reader

Download the Code Reader under the Application Scans section of the portal. Haven’t

downloaded the Code Reader in a while? Be sure to download the latest version from the

CAST Highlight portal.

Download the binary that corresponds to the Operating System where the Code Reader will

be installed. The Code Reader is available for Windows, Linux and Mac platforms.

Proceed with the installation by following steps of the wizard.

The Code Reader is packaged with Perl and CAST Highlight CLI that are required elements.

If you’re installing the Code Reader on Linux or Mac, Perl and additional modules might be

required. Check the prerequisites that are available from this link.

Alternatively, you can download our command line. The CLI documentation can also be

found online. It contains the same analyzers than the Code Reader and allows integration

within your CI/CD environment.

Define your Code Scan Scope

As CAST Highlight performs a code analysis at the file level and doesn't particularly consider

the logical links or dependencies between these files, all files are considered equal and as

being part of the application. In order to provide accurate and consistent results, especially

from a Software Composition standpoint, you'll have to take a few minutes to prepare your

code scan scope by using the file/folder exclusion features of the Code Reader.

▪ If you want to identify open source or COTS packages, make sure they're included in

the folders you'll scan (external libraries are generally grouped into a sub-folder

named "third-party" or something similar, while the main code is often located

under "src/main").

▪ Test classes should be excluded except if you want to scan them.

▪ Generated code (e.g. *.t.ds, *.flow.js) should be excluded as well as they're

automatically produced by the system and the development team can't really

manage software health of this aspect of the code.

▪ For more consistent results, SCM, build and deployment folders (e.g. .git, .svn)

shouldn't be part of the scope.

▪ If you want to get insights on frameworks and dependencies whose physical files

are not part of the folder you're scanning, make sure that the dependency files (e.g.

pom.xml, build.gradle, package.json, .vcsproj, etc.) are there too.

To the extreme opposite case, if you scan your C:\ drive and all the folders and files it

contains, Highlight will systematically scan files with the 40+ technologies it supports and will

try to consolidate the different insights (software health, cloud maturity, open source origin,

security vulnerabilities...) from there.

As you can easily understand, the few minutes you'll spend in defining your

application scope will be saved later when consuming the software analytics.

Running the Code Reader

▪ Click the CAST Highlight Code Reader shortcut on your desktop to launch it

▪ Select the folder containing your source code. As shown below, you can add multiple

folders to be discovered by the Code Reader

▪ For best performance, it is recommended to select source folders on your local

machine, though the Code Reader supports source discovery through network paths, if

your permissions allow to do so.

▪ If the total number of files exceeds 10,000 files, it is recommended to use the

Command Line which is less CPU-consuming, or eventually to split the application scan

into several separate scans

▪ When your folder selection is ready, click on “LAUNCH SCAN”. The Code Reader will

automatically discover and scan files in specified folders and subfolders and detect

associated technologies.

▪ You can cancel the discovery at any moment by clicking on the “CANCEL SCAN” button. 

▪ Once the scan is completed, the Code Reader displays an analysis summary with

detected technologies and corresponding number of files along with file extensions that

couldn’t be analyzed. Find the list of supported technologies from this link.

▪  Once the scan is finished, you can:

- Save scan results by clicking on “SAVE RESULTS”. This is the ZIP file that you will

upload on the SaaS platform for the corresponding application

- Open/Save scan logs

- Re-scan the selected folder or go back to the initial screen to scan another folder

- Save scan settings (e.g., .properties file) to ease further automation through the

CLI (see how in this product tutorial)

▪ Possible reasons for file exclusion of supported technologies could be:

- Binary file

- Unreadable file

- Missing file

- External library

- Encoded file

- Generated file

- Syntax error

- Content is not in the expected language.

- Code not compliant with enough analysis criteria

- File is too big (the size limit is 3MB)

- Time out

- Analyzer not available

- Some analysis unit are not OK

▪ If you encounter any issue during the analysis process, and in order to facilitate support

and interactions with our product team, save analysis logs by clicking on “SAVE LOGS

FOR SUPPORT” and share it with CAST’s Support team.

Likewise, your files may have extensions that do not match the extensions detected by the

Code Reader. It is recommended you rename file extensions as needed to match the

extensions detected by the Code Reader. Please see the Best Practices section for more

information

Advanced Settings

Depending on your needs, you may want to specify settings for a scan. To do so, click on

“ADVANCED SETTINGS” from the bottom of the initial screen.

You can reset these settings to default values by clicking on “RESET CONFIGURATION”.

Many settings and scanning options are available such as upload parameters, folder/file

exclusion patterns, technology filters, etc. These settings are shared with the Command Line

and can be retrieved from the CLI documentation page.

Uploading the results

The CAST Highlight Code Reader produces as ZIP file a series of .csv files which contain the

analysis results. To view the structure and definition of the file, please refer to Appendix B in

this guide. These files are readable and contain anonymized metrics on scanned files.

The user must upload this result ZIP file to the CAST Highlight portal for the results to be

displayed in the system. Simply follow these steps:

▪ Log in to the portal

▪ Under the Application Scans section, look for the application that you to analyzed

▪ Click on the “Upload Results” button and point to the result ZIP file. The file has been

stored in the location you chose when saving analysis results with the Code Reader.

▪ Once the file is uploaded, you will see a record of the upload on the screen.

▪ You can eventually upload result .csv files one by one

An analysis results file can be deleted at any time during the upload process by clicking on

the icon “trash can” at the top-right hand side of the table. Only the Portfolio Manager or the

Contributor who uploaded the results can remove their results – their password will be needed to validate the action.

Answering surveys

If the survey is activated for your organization, you will see a “Survey” button on the

application. Please follow these steps to validate this and answer the survey questions.

▪ Under the Application Scans section, click on the campaign and then the application.

▪ Click on the “Survey” button and answer the questions for each section of the survey.

▪ If the survey is de-activated for your organization, please go ahead and submit the

results of the source code analysis. Simply click the “Submit” button and you are

finished.

For those of you who are completing the survey, the progress of your survey will be displayed

on the top of the screen. Once all mandatory information has been submitted, you will be

able to submit your results. However, it is recommended you answer all questions to enrich

the data in your organization’s CAST Highlight instance.

Submitting the results

▪ Once you have uploaded all the required .csv files for the application, and

completed the survey questions (if mandatory), click “Submit” on the application

under Application Scans section.

▪ This step is required to complete the process and ensure the results are populated

in the portal.

Please note, once the results have been submitted, a member with a Contributor role will not be

able to make any changes. The Portfolio Manager is the only member who will have access to

modify an application once results have been submitted. If the analysis or survey questions need

to be redone for any reason, please contact your organization’s Portfolio Manager. Not sure who

this person is? Contact the CAST support at https://help.castsoftware.com.

Best practices for using the Code Reader

Please refer to the following best practices for analyzing source code with CAST Highlight.

For more information, please contact the CAST support at https://help.castsoftware.com

SAP/Abap

▪ It is recommended the user leverage the CAST extractor to compile ABAP source files to

be analyzed by CAST Highlight. Please visit https://help.castsoftware.com

mailto:help@castsoftware.comfor more information.

▪ Benefits of using the CAST extractor include:

- The CAST Highlight Code Reader has been validated with source files coming

from the CAST extractor.

- The CAST extractor automatically splits the files, which is required for the CAST

Highlight analysis.

- The Code Reader is designed to automatically handle files extracted with the

CAST extractor, without the need for the user to modify file extensions.

▪ The user can choose to utilize a different extractor, but please note the above

advantages of using the CAST extractor.

Javascript

▪ Third-party libraries and compressed files (filename.min.js) are generally not fit for

analysis by CAST Highlight. These cases are automatically detected and excluded from

the software health analysis, but results will be stored separately (in *.ThirdParties.csv)

for the Software Composition Analysis features.

UNIX Shell scripts

▪ The Code Reader can be used to analyze KSH (.ksh), Bourne shell (.sh) and Bourne

Again shell (.bash), which have a very close syntax. C-Shell is not supported

▪ There are two options for analyzing UNIX Shell scripts in the CAST Highlight Code

Reader. The difference between them is the file filtering

▪ The option with KSH (.ksh) will only consider files with “.ksh” extensions

▪ The option with KSH (*) will consider all files in the selected directory. Ksh scripts can

have any extension, so the second option may be preferred but the user should

select/unselect the files to be analyzed

PL/SQL

▪ CAST Highlight supports PL/SQL source files provided by any extractor. However, we

recommend using CAST extractor. Please visit this page for more information.

▪ The source code should be provided through files .pkb, .pks, .psql or .sql.

▪ If the code is produced by an extractor and is contained in a single .sql or .psql file, it

will be automatically split by the CAST Highlight Code Reader in functions, procedures

and triggers. Code outside routines will also be analyzed, as a “root” artifact.

▪ The non-procedural part of PL/SQL code is excluded from the analysis.

▪ CAST database extractors produce .src by default. However, you can easily rename file

extensions into .psql with the following command line

▪ For better results, it is recommended to use .psql file extension which will explicitly

associate your files to the PL/SQL analyzer

Microsoft T-SQL

▪ It is recommended the user leverage the CAST extractor to compile T-SQL source files to

be analyzed by CAST Highlight. Please visit this page for more information.

▪ The CAST extractor automatically splits T-SQL files. This split consists of dispatching the

procedural code with one artifact (procedures, functions and triggers) per file.

Procedural code that is outside an artifact is considered a “root” artifact and is also

analyzed.

▪ Like PL/SQL, the non-procedural part of T-SQL code is excluded from the analysis.

▪ CAST database extractors produce .src by default. However you can easily rename file

extensions into .tsql with the following command line

▪ For better results, it is recommended to use .tsql extension which will explicitly associate

your files to the Transact-SQL analyzer

.DB2

▪ Like PL/SQL, the non-procedural part of DB2 code is excluded from the analysis.

▪ For better results, it is recommended to use .db2 extension which will explicitly associate

your files to the DB2 analyzer

MySQL

▪ Like PL/SQL, the non-procedural part of MySQL code is excluded from the analysis.

▪ For better results, it is recommended to use .mysql extension which will explicitly

associate your files to the MySQL analyzer

PostgreSQL

▪ Like PL/SQL, the non-procedural part of PostgreSQL code is excluded from the analysis.

▪ For better results, it is recommended to use .postgresql extension which will explicitly

associate your files to the PostgreSQL analyzer

MariaDB

▪ Like PL/SQL, the non-procedural part of MariaDB code is excluded from the analysis.

▪ For better results, it is recommended to use .mariadb extension which will explicitly

associate your files to the MariaDB analyzer

Visual Basic

▪ The Code Reader does not distinguish between VB.NET, VB5 and VB6. The source code

has the same extensions and the syntax is very close. While the Code Reader can

generate results for VB5 or VB6, please note it is optimized for VB.NET applications.

▪ The Code Reader cannot be used to analyze VB Scripts (.vbs).

Languages with no specific extension such as COBOL,

UNIX shell scripts and PL1

▪ It is highly recommended the folder to be analyzed only contains source code. For

example, it is best to not select a folder with copybooks or JCL for a COBOL analysis –

select a folder with only the COBOL programs.

▪ As an alternative, the user can select a folder containing source code and other assets

and check or uncheck individual items in the list to specify which files CAST Highlight will

analyze.

▪ CAST Highlight will automatically reject assets other than the source code, but this can

slow down the analysis time.

Languages and file extensions

Source code files may have extensions that do not match the extensions detected by the

Code Reader. It is recommended that you rename file extensions as needed to match the

extensions recognized by the Code Reader. Please refer to the following tables.

CAST Highlight’s analyzers also take binary extensions into consideration for Software Composition Analysis of possible third-party components:

- .jar (Java)

- .dll (Windows)

- .a

- .lib

- .so

After a scan, binary file information is stored in a separated result CSV file (BinaryLibraries.csv) which needs to be uploaded with other CSV results.

The structure and definition of the analysis output file

The following information defines the structure and definition of the output files generated

by the CAST Highlight Code Reader. The output files contain three segments of data. The

Output File Attributes, Section Attributes and the File attributes. Please note that customer

data is not sent over the internet either by e-mail or via other internet protocols. The result

of the code level analysis performed by the CAST Highlight Code Reader on the Client

infrastructure is uploaded to the website through https and encrypted in transit using a 256-

bit encryption mechanism.

The CAST Highlight Code Reader produces different types of CSV result files whose

structure may vary. These files are all readable, don’t hesitate to open them to see their

structure and content.

Output file attributes

▪ #Info

▪ # app_version: Identifies the version of the analyzed application

▪ # version_count: Identifies the version of the Code Reader.

▪ # app_type: Identifies the type of analysis

▪ # base_name: Output file name as specified by the user

▪ # csv_base_filename: Output file name

▪ # version_Highlight: CAST Highlight Code Reader version number

▪ # start_date: Analysis Date

▪ # uuid: CAST Highlight UUID identifier of the current file

Section attributes

Section: The section data defines the file structure for the specific analyzer along with

additional analyzer attributes. Scan metrics are anonymized (e.g. Id_123) and decoded by the

portal once the file has been uploaded.

File Output Structure example

[Dat_FileName;Dat_Language;Dat_AnalysisDate;Dat_AnalysisStatus;Dat_AbortCause;Dat_AnaModel;Dat_Lines;N

br_Lines;Id_008;Id_010;Id_011;Id_014;Id_029;Id_033;Id_037;Id_049;Id_064;Id_072;Id_078;Id_082;Id_083;Id_084;Id_

095;Id_102;Id_104;Id_105;Id_108;Id_115;Id_116;Id_120;Id_137;Id_142;Id_144;Id_147;Id_150;Id_155;Id_156;Id_161;

Id_163;Id_164;Id_166;Id_168;Id_179;Id_188;Id_199;Id_211;Id_213;Id_214;Id_215;Id_219;Id_220;Id_228;Id_232;Id_2

36;Id_240;Id_243;Id_244;Id_250;Id_251;Id_255;Id_259;Id_260;Id_262;Id_264;Id_271;Id_275;Id_276;Id_285;Id_291;I

d_299;Id_304;Id_316;Id_320;Id_321;Id_335;Id_337;Id_339;Id_345;Id_348;Id_349;Id_350;Id_359;Id_371;Id_480;Id_3

86;]

File Output Attribute definitions

▪ Dat_FileName: File Name

▪ Dat_Language: Programming language analyzed

▪ Dat_AnalysisDate: Date of the analysis

▪ Dat_CRC: Legacy fingerprint based on file content

▪ Dat_SHA256: Fingerprint based on content

▪ Dat_AnalysisStatus: Reports the analysis status

▪ Dat_AbortCause: Reports the cause of failure.

▪ Dat_AnaModel: Reports the model of the count

▪ Dat_Lines: Number of lines of code analyzed

▪ Nbr_Lines: Number of lines of code analyzed

▪ Id_#: Reports alarm counts against specific rules per analyzer. These values are

parsed as part of the reporting process to derive CAST Highlight risk ratings.

A file summary is generated for each file analyzed. The data is present as defined in the

Section format above. A sample of the output is provided below:

(ejb/AuthorsBean.java;Java;20120702113949;0;None;unspecified;33;33;0;6;0;0;112;0;3;0;0;0;0;0;0;0;0;1;0;1;1;0;1;0;0;2;

0;0;1;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;1;45;0;0;0;3;0;0;0;1;0;3;0;0;1;0;0;0;0;0;5;21;0;0;1;0;0;0;1;9;0;2;)

Code Scan Troubleshooting & Support

Known limitations

- Long paths on Windows:

if you’re scanning files whose paths (directories/and/file.name) are too long (more than 260 characters), the scan will likely interrupt. Workaround is to reduce the length of the path.

Personal Data

Which Personal Data is necessary for CAST to provide

the service?

• The professional email address of people using the CAST Highlight service

• The first name of people using the CAST Highlight service (optional),

• The last name of people using the CAST Highlight service (optional),

No sensitive personal data is necessary for CAST to provide the CAST Highlight service

Why does CAST needs to process Personal Data?

Their professional email address is used by people to log in to CAST Highlight. Without this

information, people can’t use the service provided by CAST Highlight

How does CAST collects Personal Data?

Collecting the professional email address, firstname and lastname of people using the

service is part of a CAST Highlight portfolio user provisioning.

User provisioning is not done by CAST but the individual designated as the portfolio

administrator at the customer company side.

The only account created by CAST is the portfolio administrator account.

Where is stored Personal Data?

The professional email address of people using the CAST Highlight service is stored in the

CAST Highlight database. It is encrypted in transit and in storage. It is never transferred to

another country nor shared with third parties.

Do people using CAST Highlight have the right to have their personal data rectified?

Yes, by contacting their company portfolio administrator

(cf. "How does CAST collects Personal Data").

Please be aware that deleting or altering the professional email address of people using

the CAST Highlight server will prevent them from keeping using the service.

People can get the contact details of their company portfolio manager by sending an email

to help@castsoftware.com.

How long does CAST store Personal Data?

Contractually, all data collect, processed, and stored by CAST Highlight is deleted 2 years

after the end of the contract. This delay may be shortened upon customer request.