JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
General

GUI Reference: Management Reports

Management Reports provide user-customizable overviews of information from the CodeSonar hub in a variety of formats.

Management report templates are securable resources.

Management Reports are available for all analyses, independent of the language or languages involved.

Availability

Management report functionality is available in the Reports sections of the GUI Home / Project Tree, Analysis, and Project pages.

The following annotated screenshot fragment shows the different parts of the expanded Reports section.

annotated screenshot fragment: show Reports expansion

menu of templates Use this menu to select a template for editing or generating a report. The menu lists:
edit link Click to edit the selected template.
new link Click to create a new template.
permissions link Click to navigate to the Report Template Role-Permissions page for the selected template. (The link will be greyed out if you do not have permission to access this page.)
view ... report links Click to generate a report based on the selected template. See Generating Reports for information about the available report formats.
show ... options links For HTML and PDF reports, choose formatting options before generating a report. See Generating Reports for information about the available options.

Scope

Each management report template is associated with one or more scopes. These scopes determine the set of information that will be included in the report, and which page or pages the template will be available from.

Template Scope Template Availability Generated Report Contains [*]
Analysis Analysis Information from a single analysis, including all warnings and files from that analysis.
Project Project Information from a single project, including all analyses of that project.
Latest Analyses Home Information from the most recent analysis of every project on the hub.
All Analyses Home Information from every analysis of every project on the hub.

[*] The report contents can be refined from the starting points shown in this table by applying additional constraints to each report element, as described in the following section.

Report Elements

A report can contain multiple elements from any of several categories.

Text

Arbitrary text (which may include metavariables) can be included throughout the report. The management report template editor provides a range of available formats; text elements are edited using the text editing dialog.

Table

As with tables in the CodeSonar GUI, tables in management reports present summaries of various hub information along with hyperlinks to corresponding search results.

The management report template editor provides a range of predefined tables. Functionality for customizing tables is provided by the table editing dialog, including:

Metavariables can be used in table titles, and in constraints specified on the rows and columns of the table.

Chart

As with charts in the CodeSonar GUI, tables in management reports present graphical summaries of various hub information along with hyperlinks to corresponding search results.

The management report template editor provides two predefined charts. Functionality for customizing charts is provided by the chart editing dialog, including:

Metavariables can be used in charts titles, and in constraints specified on the chart data in the search tab of the chart editing dialog.

Repeating Section

One of the main building blocks of the management report tool is the repeating section (or just "section"). A repeating section in a report template defines structure and content for describing the properties of a single CodeSonar artifact: for example, one file, one analysis, or one project. When it generates a report from the template, CodeSonar will iterate over the set of files (analyses, projects) associated with the section, producing one instance of the templated section for each. By default, all files (analyses, projects) in the enclosing scope are iterated over: use the iterations tab of the section editing dialog to specify a different set. (For non-nested sections, the enclosing scope is the scope of the report; otherwise it is the scope of the section that is the immediate parent.)

Sections can contain any combination of report elements, including other sections. For example, a report could contain a repeating section that iterates over every analysis of a project, nested inside a repeating section that iterates over every project on the hub.

The management report template editor provides functionality for adding sections to a report template; functionality for customizing sections is provided by the section editing dialog.

Every section has a section metavariable that is available inside the section (including in any sections nested inside it)

We use the following terminology.

section type the kind of artifact that is being iterated over. The most common section types are file, analysis, and project; these are available directly from the report elements menu. Other section types can be selected in the section type tab of the section editing dialog.
section type property a basic property associated with the section type. For example, file properties include basename and language, file-granularity metrics, the analysis in which the file was analyzed, and the number of warnings issued in the file.
section property a property that New sections have a small set of default section properties; users can add, remove, and modify properties using the properties tab of the section editing dialog. A single section may have multiple section properties derived from the same section type property: for example, a user could define section properties "Null Dereference Count" and "Buffer Overrun Count", both derived from the Warnings property but with different constraints.
repeating file section
(repeating analysis section,
repeating project section)		 a repeating section whose section type is file (analysis, project). May also be referred to as "file section" ("analysis section", "project section").
section iteration a single concrete instantiation of the section structure with information from a specific file (analysis, project).

Other

Elements that do not fall into one of the previous categories are grouped under "Other" in the report elements menu of the management report template editor:

Report Metavariables

Management report elements can make use of metavariables. These metavariables are referred to by name in report templates, then instantiated to concrete values when reports are generated.

Global Metavariables

The global metavariables are available at all locations in the report template.

Metavariable Interpretation
{{AUTHOR}} The username of the signed-in user who generated the report. If the report was generated in an anonymous session, defaults to "None".
{{DATE}} The date and time at which the report was generated, using the date display format specified for the hub.
{{CSO_VERSION}} The version number of the CodeSonar installation that the hub is using.
{{CSO_LICENSEE}} The entity to whom the CodeSonar installation is licensed.
{{F()}} A counter intended for use in chart ("figure") titles: starts at 1 and increments by 1 each time it is used.
{{REPORT_SCOPE}} The scope in which the report was generated. The possible values are as follows.
last most recent analyses
all all analyses
pid:P the project whose Project ID is P
aid:A the analysis whose Analysis ID is A
{{S()}} A counter intended for use in section titles: value starts at 1 and increments by 1 each time it is used.
{{T()}} A counter intended for use in table titles: value starts at 1 and increments by 1 each time it is used.
{{VAR}} Provides a mechanism for users to define and use custom metavariables. For some usage examples, see the predefined Project Report template.

For example, suppose a report template with project scope had the following paragraph text.

CodeSonar Hub Report
Generated by {{AUTHOR}}, on {{DATE}},
showing analyses for {{REPORT_SCOPE}},
using CodeSonar {{CSO_VERSION}}, licensed to {{CSO_LICENSEE}}

Then if user alex generates a report from this template, the corresponding report text will be (something) like the following.

CodeSonar Hub Report
Generated by alex, on 02/25/14 13:58:30,
showing analyses for pid:5,
using CodeSonar 9.2p0, licensed to Company, Inc.

Section Metavariables

Every repeating section has a corresponding section metavariable that is available inside the section (including any included sections).

Section metavariables differ from global metavariables in several respects:

Repeating Section Type Section Metavariable Corresponds To
File an analyzed file
Analysis an analysis
Project a project

For example, suppose a project section included the following paragraph text.

{{project.Name}} has Project ID = {{project.PID}}.

Then if a user generates a report from this template, the corresponding report text will be (something) like the following.

ProjectX has Project ID = 6.

[...]

MyLittleProject has Project ID = 7.

[...]

ProjectX-beta has Project ID = 12.

[...]

(This example uses default project section properties.)

Generating Reports

In general terms, a management report is generated by

The process for generating a management report is outlined in Task: Generate a Management Report.

There are various options for disseminating a generated report.

Method Applies To Notes
URL specification HTML, PDF, XML Generate the report, then copy and paste the URL from your browser's address bar. The URL format will be 
          http://hub_location/report/<scope>-<template_id>.<ext>?<option_string>
where
  • <scope> describes the scope in which the report was generated, and
  • <template_id> is the unique identifier of the report template that was applied,
  • <ext> is one of { html, pdf, xml}, and
  • <option_string> encodes any specified report generation options.

When distributing the URL for a management report, be aware that:

  • The hub must be running in order for users to access the URL.
  • Whenever a user accesses a report URL, the report will be freshly generated. The report may therefore have different contents: for example, because analyses have been added to (or deleted from) the hub. Similarly, metavariables such as {{AUTHOR}} and {{DATE}} will generally be instantiated differently.
File saving and electronic distribution HTML, PDF, XML Use your browser's file saving functionality to save the generated report. (For HTML reports, this will be easiest if you have generated the report as a single page)

This approach ensures that all readers of the report will see exactly the same contents.
Printing and physical distribution PDF (You can also print HTML and XML reports, but most users will never want to do so)

Report Formats

Format Options Notes
XML none The XML schema for management reports is report.xsd.
HTML
  • Paging:
    • Single Page : the entire report is generated as a single HTML page.
    • Multiple Pages : the report is generated as a set of one or more HTML pages. Each Heading 1 in the report starts a new page.
 The report includes an Outline sidebar with shortcut links to each Heading 1, Figure (Chart), and Table.

The generated report provides hypertext navigation to other locations in the CodeSonar GUI. In particular, table rows link to search results, as do chart bars/slices/points.
PDF
  • Page size: A4, Legal, Letter, or 11x17 (inches).
  • Orientation: Landscape or Portrait.
 If your PDF viewer includes an outline tool, the outline will provide shortcut links to each Heading 1, Figure (Chart), and Table.

Management Report Templates

A management report template specifies the abstract structure of a report: which elements it will contain, and in what order. Management reports are then generated by applying a template to a selected set of information.

CodeSonar ships with a set of predefined templates, and provides functionality for creating additional templates, editing existing template, and importing and exporting templates.

Creating Templates The process is outlined in Task: Create a New Management Report Template.
Editing The process is outlined in Task: Edit an Existing Management Report Template.
Importing and Exporting CodeSonar provides template import/export functionality based on JSON files. Use the Import and Export buttons in the report template editor toolbar to access this functionality.

Predefined Templates

CodeSonar provides a set of predefined templates for common reporting scenarios.

Note that the predefined templates are protected from overwriting and are not securable resources. If you wish to make a template based on modifications to one of the predefined templates, specify a different name in order to save it.

Template Name Scope Notes
Hub Report All Analyses A summary table describing all projects on the hub, followed by a repeating project section with analysis summary and metric tables covering recent analyses of each project.
Project Report Project Charts and tables summarizing warning counts, file counts, and metrics for recent analyses of the project.
Metrics Over Time Report Project Charts showing the values of various analysis-granularity metrics for all analyses of the project.
Analysis Report Analysis Charts and tables summarizing warning, file, and metric information for the analysis.
Warning Class Category Reports

Warning class category reports summarize analysis results with respect to a particular set of warning categories (typically an entire taxonomy).

They contain a section for each category in the set, with charts and tables describing the analysis warnings whose warning classes are closely mapped to that category. A summary section at the beginning provides an overview of the analysis alerts and parse log; the full parse log is displayed at the end of the report.
(See the note on historic analyses, below.)
AUTOSAR C++ 2014 Report Analysis Analysis warnings related to AUTOSAR AP 18-10 rules (taxonomy AUTOSARC++14).
CERT-C Report Analysis Analysis warnings related to rules and recommendations in the SEI CERT C Coding Standard (taxonomy CERT-C).
CERT-C++ Report Analysis Analysis warnings related to rules and recommendations in the SEI CERT C++ Coding Standard (taxonomy CERT-CPP).
CERT Java Report Analysis Analysis warnings related to rules and recommendations in the SEI CERT Oracle Coding Standard for Java (taxonomy CERT-Java).
CWE Top 25 2025 Report Analysis Analysis warnings related to each of the 2025 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
CWE Top 25 2024 Report Analysis Analysis warnings related to each of the 2024 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
CWE Top 10 KEV Weaknesses 2024 Report Analysis Analysis warnings related to each of the 2024 CWE Top 10 KEV Weaknesses (a subset of the CWE taxonomy).
CWE Top 25 2023 Report Analysis Analysis warnings related to each of the 2023 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
CWE Top 25 2022 Report Analysis Analysis warnings related to each of the 2022 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
CWE Top 25 2021 Report Analysis Analysis warnings related to each of the 2021 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
CWE Top 25 2020 Report Analysis Analysis warnings related to each of the 2020 CWE Top 25 Most Dangerous Software Weaknesses (a subset of the CWE taxonomy).
DISA v6 r1 Report Analysis Analysis warnings related to 'findings' in the DISA Application Security and Development STIG version 6, release 1 (taxonomy DISA-6r1).
DISA v5 r3 Report Analysis Analysis warnings related to 'findings' in the DISA Application Security and Development STIG version 5, release 3 (taxonomy DISA-5r3).
DISA v4 r3 Report Analysis Analysis warnings related to 'findings' in the DISA Application Security and Development STIG version 4, release 3 (taxonomy DISA-4r3).
DISA v3 r10 Report Analysis Analysis warnings related to 'findings' in the DISA Application Security and Development STIG version 3, release 10 (taxonomy DISA-3r10).
ISO IEC TA 17961 Report Analysis Analysis warnings related to one or more ISO/IEC TS 17961 rules ("C Secure Coding Rules Technical Specification", taxonomy TS17961).
JPL Report Analysis Analysis warnings related to JPL rules (taxonomy JPL).
MISRA C 2025 Report Analysis Analysis warnings related to MISRA C:2025 rules and directives (taxonomy MisraC2025).
MISRA C 2023 Report Analysis Analysis warnings related to MISRA C:2023 rules and directives (taxonomy MisraC2023).
MISRA C 2012 Report Analysis Analysis warnings related to MISRA C:2012 rules and directives (taxonomy Misra2012).
MISRA C 2004 Report Analysis Analysis warnings related to MISRA C:2004 rules (taxonomy Misra2004).
MISRA C++ 2023 Report Analysis Analysis warnings related to MISRA C++:2023 rules (taxonomy MisraC++2023).
MISRA C++ 2008 Report Analysis Analysis warnings related to MISRA C++:2008 rules (taxonomy MisraC++2008).
OWASP Top Ten 2025 Report Analysis Analysis warnings related to the OWASP Top 10 2025 (taxonomy OWASP-2025).
OWASP Top Ten 2021 Report Analysis Analysis warnings related to the OWASP Top 10 2021 (taxonomy OWASP-2021).
OWASP Top Ten 2017 Report Analysis Analysis warnings related to the OWASP Top Ten 2017 (taxonomy OWASP-2017).
Power of 10 Report Analysis Analysis warnings related to "Power of Ten" rules (taxonomy POW10).
Warning Class Category Severity Reports

Warning class category severity reports summarize analysis results with respect to a particular set of warning categories (typically an entire taxonomy), but with a little more detail than warning class category reports.

The report is divided into sections by severity category (as specified by the corresponding standard or rule set), then into subsections for each category that has one or more closely mapped CodeSonar warning classes. These subsections contain information about the category and its related warning classes, along with a (possibly-empty) table containing warnings of those classes that were issued by the analysis.
(See the note on historic analyses, below.)

A summary at the top of the report lists the number of warnings reported in each severity category.
DISA v6 r1 Severity Report Analysis Severity report for 'findings' in the DISA Application Security and Development STIG version 6, release 1 (taxonomy DISA-6r1).
DISA v5 r3 Severity Report Analysis Severity report for 'findings' in the DISA Application Security and Development STIG version 5, release 3 (taxonomy DISA-5r3).
DISA v4 r3 Severity Report Analysis Severity report for 'findings' in the DISA Application Security and Development STIG version 4, release 3 (taxonomy DISA-4r3).
DISA v3 r10 Severity Report Analysis Severity report for 'findings' in the DISA Application Security and Development STIG version 3, release 10 (taxonomy DISA-3r10).

Note on historic analyses

If an analysis was performed by a CodeSonar version from before mappings for a particular taxonomy were supported, the warnings issued by that analysis will not be associated with categories from that taxonomy. This means that if you create a warning class category report or warning class category severity report for that analysis and taxonomy, the warning class tables and charts will not contain any information.

To resolve this, you can re-analyze the same code with a newer version of CodeSonar that supports the taxonomy you are interested in, then create a report on the new analysis.

Permissions

CodeSonar permissions apply to management report templates and management report contents as follows.

Report: Availability Users can only view or preview reports generated from templates which they have REPORTTEMPLATE_READ permission.
Report: Contents The information included in a management report (including a report preview) depends on the user's permissions for the various resources involved.
Template: Saving If a user attempts to save a template with name N, behavior depends on whether or not the user has REPORTTEMPLATE_EXISTS permission for any existing saved template T with the same name N. If there are multiple such templates, CodeSonar considers only the most recently modified one.
  • YES: If the user has REPORTTEMPLATE_WRITE permission for T and specifies that they wish to overwrite, CodeSonar will overwrite the definition of T with the new template.
    • If the user does not specify overwrite, they will not be able to save a template with name N.
  • NO: CodeSonar creates a new saved template with name N. This can result in a situation where multiple saved templates have the same name.
When a user creates a new template T, the user's default role is assigned all REPORTTEMPLATE_* permissions for T.

The predefined templates cannot be overwritten.
Template: Import/Export Permissions are not applied directly to report template import and export operations. The ability to save a template after importing it will depend on save permissions; template export functionality is only exposed when templates are viewed.
Template: Existence Lists of templates will only include:
Template: Viewing Users can only open:
Template: Deleting Deleting a report template requires REPORTTEMPLATE_EXISTS and REPORTTEMPLATE_DELETE permission for that template. The predefined templates cannot be deleted.

More on Management Reports

 

To report problems with this documentation, please visit https://support.codesecure.com/.