Product Tutorials & Third-Party Tools

CURRENT VERSION

For best experience and most accurate Software Intelligence insights, make sure you’re using the latest released version prior to scanning your application with the Core Reader or the Command Line.

This page lists content and tools that will help you run and leverage CAST Highlight in the best conditions possible. For uncovered topics, don’t hesitate to read our product FAQ or contact our support team.

Code Reader & CLI Supported Versions - Important Notice

The CAST Highlight product team continuously works to bring you the best experience and Software Intelligence to help you make better decisions across your application portfolio. Since application analysis is core to the integrity of results and insights, it is strongly recommended you are always using the latest available versions of the Code Reader and CLI (Command Line Interface). To ensure users are getting the best experience (pattern/component detection improvements, bug fixes, etc.) and that the platform correctly processes scan results, we’re rolling out some rules on the minimum version of the Command Line to be used.

As of April 13th 2024, all scan results produced with a version of our Code Reader and CLI that are 6 months or more behind the current version won’t be processed by the SaaS platform (e.g., on April 13th, the minimum supported version will be 5.5.0).

For further guidance on where to download the latest versions of our Code Reader, CLI, Docker CLI, you can refer to our documentation website:

Must-see resources to get you started

Getting Started Guide

In this documentation, you’ll find all the necessary information that will drive your first steps on the Highlight platform: how to create an application or invite users, how to scan source code, supported technologies, etc.

Highlight Indicators & Methodology

In this slide presentation, you’ll find all the necessary information to understand how Highlight analytics and code insights are built, what they mean and how to interpret them, with concrete examples by technology stack.

Command Line Documentation
Highlight analyzers can now be run through a configurable command line, in order to automate source code scans and uploads (optionally). Want to get fresh analytics after each sprint or release, or even nightly build? It only takes minutes!
REST API Documentation
Highlight key metrics (e.g. health factor scores, lines of code, total cloud roadblocks, etc.) can be extracted from the platform to be integrated wherever it will make sense for your organization, using our public REST API.
Keyword Scanner Guide
This document explains how to use the Keyword Scan feature, the different use cases such as GDPR and how to leverage scan results at both application and portfolio levels.
Custom Indicator Guide
Everything you need to know to create, administrate and consume the custom indicators in CAST Highlight.

Resources by Feature

Feature Focus: Cloud Migration Wave Advisor

CAST Highlight helps users determine the ideal sequence of applications to move to the cloud by automatically segmenting a portfolio based on multiple dimensions. Learn in this article how the Cloud Migration Wave Advisor works.

Feature Focus: Cloud Migration Application Advisor

The Cloud Application Migration Advisor provides automated Cloud migration insights and recommendations based on a specific migration scenario in just a few clicks. See in this article how the feature works.

Feature Focus: How to exclude a Cloud Maturity Blocker from CAST Highlight results

In some specific contexts, CAST Highlight will identify CloudReady Blockers in the code of an application that are not actually cloud migration blockers if they are addressed through some other method (e.g., infrastructure configuration). This article explains how to exclude Blockers from the results of an application and how this impacts the CloudReady scores.

Feature Focus: Multi-Cloud Insights

CAST Highlight detects the use of vendor-specific PaaS services that could prevent or hinder an application from being deployed across multiple cloud platforms. This article describes the Multi-Cloud Insights feature we recently implemented.

Portfolio Advisor for Cloud, an automated and smart way to segment an application portfolio for Cloud migration

Based on a multi-dimensional analysis of CAST Highlight’s Software Intelligence insights, a simple click calculates the recommended Cloud migration segment (rehost, refactor, rebuild, etc.) for each application in a portfolio. Read this article to learn how this capability works and how to leverage it within your organization.

Feature Focus: Cloud Containerization Insights

CAST Highlight’s new insights on containerization will help you understand exactly where and how an application needs to change. This article explains the benefits of application containerization and how to get containerization insights from CAST Highlight’s dashboards, exports, and API.

Feature Focus: Cloud Service Recommendations, a step further in your Cloud journey

CAST Highlight excels at identifying code Blockers an application could encounter during a Cloud migration and recognizing cloud Boosters or effective PaaS service implementations in a code base that would make the move easier. The next step is to recommend specific PaaS services at both the portfolio and application levels that are good candidates to adopt after migration based on the technical characteristics of the application. This is now available in CAST Highlight for AWS and Azure and will save Chief Cloud Architects precious time. This article describes how the feature works and how to best leverage it in your organization.

List of Cloud Service Recommendations

Using Software Intelligence, CAST Highlight combines detected code patterns, technologies and OSS components and contextual characteristics of an application to help cloud architects identify the best cloud services to adopt for their custom apps from Cloud vendors. Below is the list of Cloud services from Cloud Service Providers that CAST Highlight supports for recommendations.

Feature Focus: Cloud Maturity Effort Estimate

This is probably the most anticipated metric since we launched the Cloud Maturity feature three years ago: getting an estimate of the effort required to remove Cloud blockers CAST Highlight detects across hundreds of patterns. This article describes how to use this new metric and how to build your own Cloud effort profile.

Feature Focus: CISA’s Known Exploited Vulnerability Insights

CAST Highlight now incorporates CISA’s KEV (Known Exploited Vulnerabilities) database to complement CVE information and help organizations prioritize vulnerability remediation efforts. See in this article how to access and use this new software intelligence.

Feature Focus: OSS Component Lifespan Insights

CAST Highlight automatically calculates a lifespan status on open-source software (OSS) components. This status identifies whether a component is active, possibly deprecated, or immature. See in this article how the feature works and how to leverage this new SCA insight for more informed decisions.

Feature Focus: SBOM Import

By importing SBOMs in CycloneDX format, CAST Highlight can instantly analyze every component, check for known vulnerabilities, identify any licensing issues, and highlight any outdated components. It’s like having a super-powered microscope that can instantly see all the tiny details that you might miss, without even having to scan the source code or binaries. And that’s the interesting part of this SBOM importing capability. Let’s see how it works.

Feature Focus: Proprietary Component Governance

Software Composition Analysis (SCA) has become an essential part of modern software development, with a primary focus on analyzing and managing the risks associated with open-source software (OSS) components. However, the importance of proprietary components in software applications cannot be overlooked. These homegrown components are the backbone of many software systems and contribute significantly to a business as they are not open-source and publicly available, by definition. In this tutorial, we will explain the significance of governing proprietary components and how CAST Highlight’s SCA capabilities help you address this requirement.

Feature Focus: SCA Advanced Snapshot Comparison

CAST Highlight can perform a fine-grain comparison two snapshots of a scanned application and automatically identify which open-source software (OSS) components have been added, removed or upgraded. See in this article how the feature works and how it can help you better understand changes to the Open Source Safety scores over time.

Feature Focus: Component License Compatibility

When dealing with Open Source license compatibility, verifying legal term compatibility between third-party components and their respective dependencies could turn into a never-ending nightmare when done manually, increasing the legal risk of a license conflict. CAST Highlight allows users to define license compatibility rules between licenses and automatically detect and report possible license conflicts in […]

Feature Focus: Safe OSS Component Version Recommender

CAST Highlight automatically recommends quick and ideal component upgrade scenarios to remove vulnerabilities. See in this article how the Safe OSS Component Version Recommender feature works.

Indicators & Methodology: Changes in CAST Highlight’s default open source license risk profile

Now that CAST Highlight enables users to leverage license rulebooks for automatically building their license risk profiles , the default license risk profile in the product will follow this same model going forward. This change updates the accuracy of the default license risk template that comes out of the box with CAST Highlight to be more aligned with current open source licensing practices while still providing flexibility to fully customize the template for any scenario. As a result, some licenses may experience a change in risk levels which will impact some of the CAST Highlight scores related to open source license risk. However, it is possible to keep the current default license risk profile if desired. This change will be effective as of June 25, 2022. This post describes all of the details.

Feature Focus: Automated Email Notifications of New Component Vulnerabilities

The recent security vulnerabilities reported in the Log4J and Spring4Shell open source components reminded us of an important reality — security is often a critical race from the time of a vulnerability disclosure to its remediation. CAST Highlight has added a new capability that automatically sends email notifications as soon as a new vulnerability impacting one of your applications is published, without having to re-scan them. This article explains how it works.

Feature Focus: Open Source License Rulebooks

CAST Highlight now displays open source licenses terms, permissions, and constraints in a user-friendly manner: the license rulebooks. This article explains how to access this information from the dashboard to quickly understand the legal implications of OSS component licenses.

Feature Focus: How to automatically generate a License Risk Profile based on the CAST Highlight license rulebook

In CAST Highlight, you can manually or automatically create custom License Risk profiles that will specify the level of risk of licenses detected in the Open Source components your applications use. This article explains how to define a License Risk profile that can be automatically generated based on the license terms (rulebook).

Feature Focus: Portfolio Advisor for Open Source, an automated and smart way to segment an application portfolio better prioritizing third-party component risks

We are very proud to present the Portfolio Advisor for Open Source which joins the growing family of Portfolio Advisors that have already been released for Cloud and Technical Debt. This capability automatically segments a portfolio of applications and identifies Open Source risk priorities for each application by combining unique Software Intelligence insights. Learn more about how the capability works in this article.

Analyze Open Source weaknesses before they become known vulnerabilities with CAST Highlight’s OSSIDB

While it is important to ensure that your application is not exposed to known vulnerabilities from the National Vulnerability Database (NVD), a hacker could exploit software weaknesses that are not referenced yet in the NVD. CAST Highlight now identifies these security flaws on popular Open Source components as a result of CAST’s unique understanding of software structural quality. This article explains how it works and describes how to use this capability for making more informed decisions about Open Source risk.

Good practices when defining the scope of a code scan

In this post, we have compiled a few good practices to keep in mind when scanning a code base with CAST Highlight in order to let you consume the most consistent software analytics possible, depending on your use case (software health, open source detection for license compliance or vulnerability checks, etc.).

Feature Focus: Preventing the Use of Risky OSS Components Across the Enterprise

CAST Highlight scans your applications and automatically detects the third-party components in use along with consolidated metadata such as vulnerabilities (CVEs), licenses, version release date, etc. that may put your organization at risk. However, spotting a weak Open Source component while the application is already in production may be too late as the component is already integrated in your app, possibly for years. The challenge is to prevent the selection of a dangerous library at the earliest stage possible, well before it is referenced or implemented in your applications. This product post describes the new Component Catalog feature that allows users to search components and manage approved and unauthorized components across your portfolio.

Open Source Safety

Open Source Safety indicates the use of 3rd-party components that comply with security, license and age requirements.

Feature Focus: How to manage third-party components and vulnerabilities in SCA results

CAST Highlight recently introduced new Software Composition Analysis (SCA) features that help users better manage, filter and tag detected Open Source components and related vulnerabilities across application portfolios. This article describes each of these features and how to use them to get the most accurate and actionable insights.

Software Composition in Highlight: How Open Source component detection works

CAST consolidates a unique database made of 94M+ Open Source components and 9B+ file fingerprints. This article details the concept and steps in Highlight to automatically retrieve the true origin of your source code, whether it is for license compliance, vulnerability or obsolescence verification.

How OSS licenses are mined and detected in Highlight’s Software Composition Analysis feature

CAST has developed unique algorithms to mine and detect licenses from Open Source components to let you get a (more accurate) sense of IP and legal impacts your software is exposed to. Here is how it works.

Explore your OSS dependencies. Visually!

Software Composition Analysis is often perceived as a complex discipline, especially when you consider all its aspects such as license compliance, security vulnerability and technology obsolescence. This is particularly true when your application has about 100 or 200 Open Source components and you start digging into their own dependencies to try spotting hidden risks. The mission of the new OSS Dependency Explorer in Highlight is to make this exercise as easy and interactive as possible by consolidating Software Intelligence in a very visual way. See how in this post.

Transitive Dependencies: How much can you trust friends of your friends?

Friends of your friends are not necessarily your friends. In this post, we’ll see why it is important to get visibility on dependencies of the Open Source components your apps are using and how to manage security and license information of these transitive dependencies in CAST Highlight’s Software Composition Analysis dashboards.

Feature Focus: Green Effort Estimate

This article explains how Green Effort estimate is calculated and how to customize the effort profile.

Feature Focus: Green Impact score calculation

CAST Highlight introduced a new indicator for estimating the green impact of a software application. This article explains how the Green Impact score is calculated in CAST Highlight.

Methodology Update: Threshold Change in Health Factors (June 2021)

In CAST Highlight’s June 2021 version, we updated the thresholds used for coloring Software Health indicators (green, orange and red) to reflect current values in the benchmark repository, which is now comprised of 12K representative applications.

Good practices when defining the scope of a code scan

In this post, we have compiled a few good practices to keep in mind when scanning a code base with CAST Highlight in order to let you consume the most consistent software analytics possible, depending on your use case (software health, open source detection for license compliance or vulnerability checks, etc.).

Software Health

Definition Software Health indicates how your application complies with programming best practices that increase resiliency, improve agility and reduce complexity. Software Health score is the straight average of Software Resiliency, Software Agility and Software Elegance scores. Thresholds Thresholds used for Software Health categories: Low/Red: below 53.0 Medium/Orange: from 53.0 to 75.0 High/Green: above 75.0

Software Resiliency

Definition Software Resiliency indicates programming best practices that make software bullet-proof, more robust and secure. This index is derived from technology-specific code analysis which searches for the presence of code patterns and bad programming practices which may compromise the reliability of the software in the short term. Higher the Software Resiliency, lower is the likelihood [...]

Software Agility

Definition Software Agility indicates the easiness of a development team to understand and maintain an application. This index is derived from technology-specific code analysis which searches for the presence of embedded documentation and code readability good practices.   Thresholds Thresholds used for Software Agility categories: Low/Red: below 54.0 Medium/Orange: from 54.0 to 69.0 High/Green: above 69.0   Code Insights [...]

Software Elegance

Definition Software Elegance measures the ability to deliver software value with less code complexity. A low Software Elegance score indicates decreased quality in the code resulting in higher defects which may become costly to fix in the mid-term.   Thresholds Thresholds used for Software Elegance categories: Low/Red: below 39.0 Medium/Orange: from 39.0 to 70.0 High/Green: above 70.0   Code Insights [...]

Feature Focus: Re-calculate Software Health scores in real-time based on folder exclusions

This article explains how to use the CAST Highlight feature that allows users to re-calculate the Software Health scores and sizing metrics of an application in real-time based on specific folder exclusions directly in the user interface.

Feature Focus: Enhanced Technical Debt Estimates

Technical Debt is useful measure to analyze the health of an application portfolio and start prioritizing and quantifying remediation effort. We recently revisited and enhanced the Technical Debt calculation in CAST Highlight to increase estimate accuracy, to make it more flexible, and to deliver more actionable insights. Read this article to learn more about these enhancements, the impact on current results and the features it enables. This change will take effect on December 12, 2020.

Feature Focus: Portfolio Advisor for Technical Debt

We recently enhanced the Technical Debt calculation in CAST Highlight which has enabled new possibilities to visualize and analyze the Technical Debt of an application portfolio. One such scenario is automated prioritization of recommended remediation efforts using the new Portfolio Advisor for Technical Debt. This article explains how the Portfolio Advisor for Technical Debt works and how to use it to build informed action plans for tackling Technical Debt across an application portfolio.

ROAR Index

The ROAR (Ranking of Application Risks) index is a composite metric that takes into account the three main Highlight software health factors (Software Resiliency, Software Agility and Software Elegance) with a weighted average formula, balanced with the Business Impact of the application. And that’s probably the most important part of the formula here, since it mixes both technical […]

Software Maintenance Estimates

Definition Based on COCOMO II (Constructive Cost Model - Post Architecture), the Software Maintenance Effort calculated by Highlight estimates the ideal level of effort in order to maintain an application in good operational conditions, expressed in FTE (Full-Time Equivalent). This indicator is derived both from the Software Maintenance survey and the software quality analysis which are [...]

Backfired Function Points

Definition Back-Fired Function Points (BFP) estimate the number of function points of an application. This code-derived metric is based on the lines of code, weighted by an abacus for a given technology. The abacus is taken from QSM (Quantitative Software Management).   Example An application is composed of 3 different technologies: Java (100K lines of code) PL/SQL […]

How to estimate size and health of high frequency code iterations using the delta analysis feature

The "Application Trends" feature (also known as delta analysis) dramatically increases the value of using Highlight in an Agile context. In a nutshell, Highlight now computes software health scores and metrics of scanned source files based on their status, whether they have been added or modified during the last iteration. This post will explain how [...]

What is a line of code and how Highlight counts them

Sometimes, this question is raised by new users: how CAST Highlight counts lines of code compared to classic static code analysis tools and how to explain possible differences. While there is no truer or better methodology than another for counting lines of code, the most important in order to get consistent results is to use […]

Feature Focus: Scanning Docker Images

Containerization has become increasingly popular in modern applications, with Docker images providing a lightweight and portable way of packaging and deploying software. However, scanning source code of custom applications is not enough to guarantee the security of a containerized application. CAST Highlight has developed a new capability that allows users to scan the contents of a Docker image to identify potential risks and vulnerabilities. See how the capability works.

Feature Focus: How to use Command Line’s .properties file

To simplify use of the CAST Highlight command line and scale code scan deployments across CI/CD pipelines, you can use the .properties files. This tutorial explains how.

Feature Focus: API/CLI User Token Management

CAST Highlight’s API is now used extensively across our user base for various scenarios such as building custom reports or integrating our insights into third-party products (e.g., MEGA, Alphabet, Azure DevOps, and Atlassian JIRA to name a few). Hence, there was a need for a more secure and flexible way to manage user access. This article describes how to create, manage, and use OAuth2 tokens to work with the CAST Highlight API or the command line interface (CLI).

Tutorial: How to run our Docker scan image from Azure DevOps pipelines

As you may know, we recently published on Docker Hub an image that you can run as a container which includes everything you need to scan your application with CAST Highlight’s analyzers without having to worry about the libraries you need to install, the compatibility of your OS, etc. One of the big advantages of Docker is that it’s now available from almost all popular CI/CD tools such as Jenkins, Bamboo, Azure DevOps, etc. In this tutorial, you’ll learn how to use our Docker image from Azure DevOps.

How to import / export apps, domains and users in bulk from Excel

This post explains how to easily import or export a list of users, domains and applications in bulk from an Excel file with CAST Highlight, without any API skills required.

Run Highlight code scans into your CI/CD environments

The concept of a scriptable command line is one of the pillars of Devops and the benefit of automation has made tasks like Cloud deployment, environment provisioning, database backup and software build more reliable and a huge time saver for developers. As many Devops heads say “throw away any piece of software you couldn’t run automatically”. Needless to say that a command line has now become a must-have in Highlight to continuously scan code and build software analytics.

Highlight integrates into your ecosystem using our public API

The recent product release of CAST Highlight introduces our public API to let you share unprecedented Software Analytics and code-level health metrics with the rest of your technology ecosystem as well as automate actions on our platform. In this article we’ll review the API and what kind of new consumption usages it enables for Highlight [...]

Tutorial: How to build custom indicators using JIRA metrics and Highlight’s API

In this tutorial post, we’ll see how to use CAST Highlight’s API to import external metrics and automatically consolidate a custom indicator. With a few steps and basic scripting skills, you’ll be able to create a custom indicator based on the ratio between the number of open bugs in JIRA vs. the number of total issues. This is just an example to illustrate how you could combine Highlight’s Software Intelligence analytics with any result from other products in order to get an evermore comprehensive view on your application portfolio.

How to integrate Highlight’s Command Line in a Jenkins Pipeline

As the Highlight command line is a real hit across users who want to automate the scan of their code bases, we thought it could be helpful to provide a series of templates and code samples for the different build tools where you would integrate our code scans. The script below illustrates how to integrate the command line within a Jenkins pipeline.

How to scan a Git repo with the Command Line (using Apache Ant)

Let’s in this article how to clone a repository from Github and run Highlight’s analyzers from Apache Ant, and upload scan results to the portal and quickly get unprecedented software Analytics.

How to configure a Keyword Scan for GDPR (or anything else)

In this product tutorial, we’ll see how to configure and take advantage of the Keyword Scan feature to support a GDPR assessment of your application portfolio. The feature can be used to search for any kind of keywords (API secret token or passwords in clear text for instance) but really makes sense in a GDPR initiative. Does your codebase manipulate PII data? You’ll get some hints very soon with CAST Highlight.

How to detect apps using Oracle’s JDK 1.8 (and others) at the portfolio level

As you probably already know, Oracle announced a major change of their release and support rules for Java. This article is not meant to explain how that’s going to work now, but long story short you’ll have to either a) update your JDK very fast; b) be exposed to unpatched (and perhaps vulnerable) Java versions […]

Feature Focus: AI Advisor

The CAST Highlight product team is always striving to make the user experience seamless and productive. Today, we’re excited to announce the launch of a new capability that will deeply impact the way you interact with the product: the AI Advisor. See in this article how to set it up and use it.

Feature Focus: Personalized User Home Pages

CAST Highlight enables you to define the content of your home page by adding widgets that display the insights that matter the most to you. Learn how to use the feature in this article.

Feature Focus: Portfolio Advisor for Software Maintenance

Managing an application portfolio is like leading a 🏀 basketball team. Just like a coach needs to carefully balance their team’s offense and defense to win games (and hopefully the playoffs), a technology leader needs to manage their application portfolio to ensure applications are performing at their best. Our new capability, the Portfolio Advisor for Software Maintenance, acts like a coach’s playbook, helping you identify which areas of your team need attention and which applications are performing well. See how the feature works.

Feature Focus: Continuous Improvement Tracker

Are you tired of feeling lost in a maze when it comes to governing your application portfolio? Like a person wandering through a labyrinth, you navigate through complex systems without a clear sense of direction or progress. You have a general idea of where you want to go, but you lack a tangible roadmap and a way to measure your progress. CAST Highlight’s new capability, the Continuous Improvement Tracker, creates a clear path through your portfolio governance journey. Learn how the capability works in this article.

Feature Focus: Analysis Snapshot Comparison

Understand the present of your applications by looking through the lens of the past. CAST Highlight now allows users to compare key metrics and KPIs between different analysis snapshots of a scanned application. See how to use the feature in this article.

Feature Focus: Portfolio Management Optimization

CAST Highlight’s product team has entirely revisited the Portfolio Management screen to increase performance and allow portfolio managers to do more faster. This article explains how the new screen works.

Feature Focus: Delete Application Snapshots in Bulk

CAST Highlight enables you to easily search, filter and delete application snapshots across your application portfolio. See how the feature works in this article.

Feature Focus: Discussion Threads on Application Results

CAST Highlight now allows you to add comments about application results, organized by insight category (Cloud readiness, score and size trends, Open Source risks, etc.) with the application-level discussion thread feature. Learn in this article how to use this new product capability.

Feature Focus: Custom Portfolio Segmentation

Similar to the recent Portfolio Advisors for Cloud and Open Source, this capability allows portfolio managers to create their own custom portfolio segmentations based on a combination of Software Intelligence insights available in CAST Highlight. This article describes how it works and how to use this capability.

Feature Focus: How to use Github Actions to scan your applications with CAST Highlight

Github Actions are workflows that you can use on your repositories based on specific triggers. This is the perfect place to run CAST Highlight scans in an automated fashion. This article explains how to get a CAST Highlight action from Github Action marketplace and customize it to your needs.

Feature Focus: Data Retention Policy and Notifications

Some of our clients use CAST Highlight to analyze their applications and generate Software Intelligence insights on a weekly or daily basis. Over time, this generates a significant amount of data available in the CAST Highlight portal. In order to improve clarity in results and maintain an optimized user experience, CAST Highlight has implemented a scan retention policy. This article explains the retention policy and how to preview application snapshot changes in your portfolio, if the policy is applicable.

Feature Focus: Event logs

As a Portfolio Manager of CAST Highlight, you may need to know and understand the different actions which occurred in the portfolio. The Audit Logs feature allows you to list main user events such as application creation, change in the User Token configuration, etc. See in this article how this feature works.

Feature Focus: Enhanced Technical Debt Estimates

Technical Debt is useful measure to analyze the health of an application portfolio and start prioritizing and quantifying remediation effort. We recently revisited and enhanced the Technical Debt calculation in CAST Highlight to increase estimate accuracy, to make it more flexible, and to deliver more actionable insights. Read this article to learn more about these enhancements, the impact on current results and the features it enables. This change will take effect on December 12, 2020.

Best practices on how to setup CAST Highlight campaigns for optimal results

CAST Highlight allows you to consolidate Software Intelligence analytics at the portfolio level, in a lightning-fast manner thanks to a simple workflow. However, onboarding hundreds of apps in a few days may require a bit of preparation to ensure your campaigns will be well-architected and optimized for future iterations. This article details the key criteria you should consider, the common pitfalls to avoid, and best practices to implement before starting.

Tutorial: How to run our Docker scan image from Azure DevOps pipelines

As you may know, we recently published on Docker Hub an image that you can run as a container which includes everything you need to scan your application with CAST Highlight’s analyzers without having to worry about the libraries you need to install, the compatibility of your OS, etc. One of the big advantages of Docker is that it’s now available from almost all popular CI/CD tools such as Jenkins, Bamboo, Azure DevOps, etc. In this tutorial, you’ll learn how to use our Docker image from Azure DevOps.

Feature Focus on Application Links

Unless you clearly understand the boundaries and technical interactions of each of your applications across your entire portfolio, it is a real challenge to consolidate the various software links, especially when you have hundreds or even thousands of apps. However, anticipating and estimating the impact of a change in the application landscape is key, whatever the use case you’re currently handling (Cloud migration / application modernization, portfolio rationalization, etc.).

The Power is Yours: Custom Indicators

In case you missed it, the CAST Highlight last release notes announced many great new capabilities. We’re proud and excited to include Software Composition Analysis (SCA) as a compelling new feature, which brings a new angle to our Application Portfolio Analysis foundation. In addition to SCA, this release includes another game-changing capability – custom indicators. This blog will cover how to implement and use this great new feature.

Feature Focus: Extending Software Intelligence insights by leveraging the Custom Dashboards feature

CAST Highlight comes with a series of dashboards that combine Software Intelligence analytics to help you better manage your application portfolio and make informed decisions. While application portfolio rationalization, software health monitoring, Cloud readiness assessment, and Open Source risk management are typical use cases that are supported through our set of out-of-the-box data visualizations, some advanced users may want to extend the product boundaries and analyze their application portfolio using unique dimensions. This article describes the Custom Dashboards feature.

Tutorial: How to build custom indicators using JIRA metrics and Highlight’s API

In this tutorial post, we’ll see how to use CAST Highlight’s API to import external metrics and automatically consolidate a custom indicator. With a few steps and basic scripting skills, you’ll be able to create a custom indicator based on the ratio between the number of open bugs in JIRA vs. the number of total issues. This is just an example to illustrate how you could combine Highlight’s Software Intelligence analytics with any result from other products in order to get an evermore comprehensive view on your application portfolio.

Language localization in CAST Highlight dashboards

CAST Highlight dashboards are available in different languages. This article shows how localization is managed and how to switch from a language to another.

Feature Focus: How to use Application Tags?

Tags are a very powerful complement to domains and other filters (technologies, survey questions, etc.) as they provide an extra layer of flexibility to organize and visualize your portfolio. This article explains how to create and manage them to filter, segment and organize your application portfolio in CAST Highlight

 

Technology Coverage

Detection & Sizing Metrics
Ada
ASP.Net
Assembler
C#
C/C++
CICS
CLIST NEW
Clojure
COBOL
Coffeescript
Coldfusion
DB2
Dart
Delphi
Easytrieve NEW
EGL NEW
Erlang
F#
Fortran
Go
Groovy
IMS
Java
JavaScript
JCL
JSP
Kotlin
Lisp
Lua
MariaDB
Matlab
Microsoft Transact-SQL
MySQL
Natural Adabas
Objective-C
Oracle PL/SQL
PHP
PL1
PostgreSQL
Python
R
REXX
RPG3 NEW
RPG4 NEW
Ruby
Rust
Salesforce ApEx
SAP (Abap)
Scala
Shell/Korn SHELL/BASH scripts
SmallTalk
Swift
TypeScript
VB.Net
VB6
VBScript
Visual Basic
Software Composition
Ada
ASP.Net
Assembler
C#
C/C++
CICS
CLIST NEW
Clojure
COBOL
Coffeescript
Coldfusion
DB2
Dart
Delphi
Easytrieve NEW
EGL NEW
Erlang
F#
Fortran
Go
Groovy
IMS
Java
JavaScript
JCL
JSP
Kotlin
Lisp
Lua
MariaDB
Matlab
Microsoft Transact-SQL
MySQL
Natural Adabas
Objective-C
Oracle PL/SQL
PHP
PL1
PostgreSQL
Python
R
REXX
RPG3 NEW
RPG4 NEW
Ruby
Rust
Salesforce ApEx
SAP (Abap)
Scala
Shell/Korn SHELL/BASH scripts
SmallTalk
Swift
TypeScript
VB.Net
VB6
VBScript
Visual Basic
Software Health
ASP.Net
C#
C/C++
Clojure
COBOL
Go
Groovy
Java
JavaScript
JSP
Kotlin
Microsoft Transact-SQL
Objective-C
Oracle PL/SQL
PHP
PL1
Python
Ruby
SAP (Abap)
Scala
Shell/Korn SHELL/BASH scripts
Swift
TypeScript
VB.Net
VB6
VBScript
Visual Basic
Cloud Maturity
C#
C++
Clojure
COBOL
Docker
Go
Java
JavaScript
Kotlin
Microsoft Transact-SQL
Oracle PL/SQL
PHP
Python
Ruby
Scala
Swift
TypeScript
VB.Net
Green Software Insights
C#
C/C++
Clojure
COBOL NEW
Java
JavaScript
Kotlin NEW
Microsoft Transact-SQL
PHP
PL/SQL
Python
Scala
TypeScript
VB/VB.Net

Video Tutorials

4620

Introduction (part 1)

Get a quick overview about CAST Highlight. Understand its missions, how it works as well as the use cases it supports.

3636

Analytics Consumption (part 2)

This tutorial walks you through the Analytics Consumption and describes several portfolio insights.

3635

Portfolio Configuration (part 3)

This tutorial demonstrates the main portfolio management capabilities to administrate the platform and the assessment campaigns.

3634

Application Analysis (part 4)

This tutorial assists your first steps as a Contributor and walks you through the application onboarding process.

Highlight tools for DevOps and CI/CD integration

4912

Rest API

Highlight key metrics (e.g. health factor scores, lines of code, total cloud roadblocks, etc.) can be extracted from the platform to be integrated wherever it will make sense for your organization, using our public REST API.

4914

Command Line for Automated Scan

Highlight analyzers can now be run through a configurable command line, in order to automate source code scans and uploads (optionally). Want to get fresh analytics after each sprint or release, or even nightly build? It only takes minutes!

8637
CLI Docker Image for Code Scans
Use our official Docker image that includes everything you need to scan your source code with CAST Highlight and makes easier and smoothier the integration within your CI/CD environments.
9248
Extensions for Azure DevOps

Do you want to continuously scan source code and track Highlight analytics from favorite CI/CD tool? Highlight comes with extensions for Azure Devops. More plugins to be added soon…

9247
Extensions for Atlassian
Do you want to scan source code from Atlassian BitBucket and create ticket on Software Intelligence finding from Atlassian Jira? Highlight comes with out-of-the-box extensions available from their marketplace.

9246
Cloud Maturity Extension for Visual Studio Code
Modernize software faster by shifting left application Cloud Maturity analysis. This Cloud Maturity extension for Visual Studio Code identifies Cloud Blockers and line numbers directly within the developer’s environment.
9246
SCA Extension for Visual Studio Code
Shift left open source risks to address them earlier in the development cycle with the new CAST Highlight VS Code extension for SCA. Developers can now view Open Source risks such as security vulnerabilities or license issues directly in their IDE.
9246
Green Impact Extension for Visual Studio Code
Make software greener by identifying Green Deficiency code patterns with corresponding line numbers directly within the VS Code developer environment. Use of this extension requires an active CAST Highlight subscription and it can only be used on source code of applications already being analyzed within CAST Highlight.
9245
SCA Browser Extension
Get Open Source component information (vulnerabilities, license risk, allow/deny status, available versions, etc.) directly in Chrome when visiting repository pages on npmjs, nuget, github, packagist websites.

Product Posts & Tutorials

Feature Focus: AI Advisor
Read more
Feature Focus: Cloud Migration Wave Advisor
Read more
Feature Focus: CISA’s Known Exploited Vulnerability Insights
Read more
Feature Focus: Personalized User Home Pages
Read more
Feature Focus: OSS Component Lifespan Insights
Read more
Feature Focus: Custom Cloud Service Recommendations
Read more
Feature Focus: SBOM Import
Read more
Feature Focus: Scanning Docker Images
Read more
Feature Focus: Portfolio Advisor for Software Maintenance
Read more
Feature Focus: Continuous Improvement Tracker
Read more
Feature Focus: Proprietary Component Governance
Read more
Feature Focus: SCA Advanced Snapshot Comparison
Read more
CAST Highlight is a leader in Application Portfolio Management on G2
Review CAST Highlight on G2