Product Tutorials & Third-Party Tools


For best experience and most accurate Software Intelligence insights, make sure you’re using the latest released version prior to scanning your application with the Local Agent or the Command Line.

This page lists content and tools that will help you run and leverage CAST Highlight in the best conditions possible. For uncovered topics, don’t hesitate to read our product FAQ or contact our support team.

Must-see resources to get you started

Getting Started Guide

In this documentation, you’ll find all the necessary information that will drive your first steps on the Highlight platform: how to create an application or invite users, how to scan source code, supported technologies, etc.

Highlight Indicators & Methodology

In this slide presentation, you’ll find all the necessary information to understand how Highlight analytics and code insights are built, what they mean and how to interpret them, with concrete examples by technology stack.

Keyword Scanner Guide
This document explains how to use the Keyword Scan feature, the different use cases such as GDPR and how to leverage scan results at both application and portfolio levels.
Custom Indicator Guide
Everything you need to know to create, administrate and consume the custom indicators in CAST Highlight.

Video Tutorials


Introduction (part 1)

Get a quick overview about CAST Highlight. Understand its missions, how it works as well as the use cases it supports.


Analytics Consumption (part 2)

This tutorial walks you through the Analytics Consumption and describes several portfolio insights.


Portfolio Configuration (part 3)

This tutorial demonstrates the main portfolio management capabilities to administrate the platform and the assessment campaigns.


Application Assessment (part 4)

This tutorial assists your first steps as a Contributor and walks you through the application onboarding process.

Other “How To” videos

Highlight tools for DevOps and CI/CD integration


Rest API

Highlight key metrics (e.g. health factor scores, lines of code, total cloud roadblocks, etc.) can be extracted from the platform to be integrated wherever it will make sense for your organization, using our public REST API.


Command Line for Automated Scan

Highlight analyzers can now be run through a configurable command line, in order to automate source code scans and uploads (optionally). Want to get fresh analytics after each sprint or release, or even nightly build? It only takes minutes!


Highlight Extensions & Integrations

Do you want to continuously scan source code and track Highlight analytics from favorite CI/CD tool? Highlight comes with extensions for Azure Devops. More plugins to be added soon…

Product Posts & Tutorials

Explore your OSS dependencies. Visually!

Software Composition Analysis is often perceived as a complex discipline, especially when you consider all its aspects such as license compliance, security vulnerability and technology obsolescence. This is particularly true when your application has about 100 or 200 Open Source components and you start digging into their own dependencies to try spotting hidden risks. The mission of the new OSS Dependency Explorer in Highlight is to make this exercise as easy and interactive as possible by consolidating Software Intelligence in a very visual way. See how in this post.

Feature Focus on Application Links

Unless you clearly understand the boundaries and technical interactions of each of your applications across your entire portfolio, it is a real challenge to consolidate the various software links, especially when you have hundreds or even thousands of apps. However, anticipating and estimating the impact of a change in the application landscape is key, whatever the use case you’re currently handling (Cloud migration / application modernization, portfolio rationalization, etc.).

Tutorial: How to build custom indicators using JIRA metrics and Highlight’s API

In this tutorial post, we’ll see how to use CAST Highlight’s API to import external metrics and automatically consolidate a custom indicator. With a few steps and basic scripting skills, you’ll be able to create a custom indicator based on the ratio between the number of open bugs in JIRA vs. the number of total issues. This is just an example to illustrate how you could combine Highlight’s Software Intelligence analytics with any result from other products in order to get an evermore comprehensive view on your application portfolio.

Transitive Dependencies: How much can you trust friends of your friends?

Friends of your friends are not necessarily your friends. In this post, we’ll see why it is important to get visibility on dependencies of the Open Source components your apps are using and how to manage security and license information of these transitive dependencies in CAST Highlight’s Software Composition Analysis dashboards.

Good practices when defining the scope of a code scan

In this post, we have compiled a few good practices to keep in mind when scanning a code base with CAST Highlight in order to let you consume the most consistent software analytics possible, depending on your use case (software health, open source detection for license compliance or vulnerability checks, etc.).

Software Composition in Highlight: How Open Source component detection works

CAST consolidates a unique database made of 44M+ Open Source components and 5B+ file fingerprints. This article details the concept and steps in Highlight to automatically retrieve the true origin of your source code, whether it is for license compliance, vulnerability or obsolescence verification.

How OSS licenses are mined and detected in Highlight’s Software Composition Analysis feature

CAST has developed unique algorithms to mine and detect licenses from Open Source components to let you get a (more accurate) sense of IP and legal impacts your software is exposed to. Here is how it works.

How to detect apps using Oracle’s JDK 1.8 (and others) at the portfolio level

As you probably already know, Oracle announced a major change of their release and support rules for Java. This article is not meant to explain how that’s going to work now, but long story short you’ll have to either a) update your JDK very fast; b) be exposed to unpatched (and perhaps vulnerable) Java versions […]

The Power is Yours: Custom Indicators

In case you missed it, the CAST Highlight last release notes announced many great new capabilities. We’re proud and excited to include Software Composition Analysis (SCA) as a compelling new feature, which brings a new angle to our Application Portfolio Analysis foundation. In addition to SCA, this release includes another game-changing capability – custom indicators. This blog will cover how to implement and use this great new feature.

How to estimate size and health of high frequency code iterations using the delta analysis feature

The "Application Trends" feature (also known as delta analysis) dramatically increases the value of using Highlight in an Agile context. In a nutshell, Highlight now computes software health scores and metrics of scanned source files based on their status, whether they have been added or modified during the last iteration. This post will explain how [...]

How to configure a Keyword Scan for GDPR (or anything else)

In this product tutorial, we'll see how to configure and take advantage of the Keyword Scan feature to support a GPDR assessment of your application portfolio. The feature can be used to search for any kind of keywords (API secret token or passwords in clear text for instance) but really makes sense in a GPDR [...]

How to run the Highlight Command Line from Apache Ant

Let’s in this article how to clone a repository from Github and run Highlight’s analyzers from Apache Ant, and upload scan results to the portal and quickly get unprecedented software Analytics.

How to integrate Highlight’s Command Line in a Jenkins Pipeline

As the Highlight command line is a real hit across users who want to automate the scan of their code bases, we thought it could be helpful to provide a series of templates and code samples for the different build tools where you would integrate our code scans. The script below illustrates how to integrate the command line within a Jenkins pipeline.

Highlight integrates into your ecosystem using our public API

The recent product release of CAST Highlight introduces our public API to let you share unprecedented Software Analytics and code-level health metrics with the rest of your technology ecosystem as well as automate actions on our platform. In this article we’ll review the API and what kind of new consumption usages it enables for Highlight [...]

Run Highlight code scans into your CI/CD environments

The concept of a scriptable command line is one of the pillars of Devops and the benefit of automation has made tasks like Cloud deployment, environment provisioning, database backup and software build more reliable and a huge time saver for developers. As many Devops heads say “throw away any piece of software you couldn’t run automatically”. Needless to say that a command line has now become a must-have in Highlight to continuously scan code and build software analytics.

Highlight Tutorial: Code Scan with the Local Agent

This tutorial demonstrates your first steps with CAST Highlight as a Contributor: How to activate your account How to download/install the Local Agent How to configure & scan your applications How to upload results to the platform How to access & answer the survey as an Application Owner  

Highlight Tutorial: First steps to manage your application portfolio

This tutorial demonstrates your first steps in the Highlight platform as a Portfolio Manager: How to activate your account How to create and manage domains to structure your portfolio How to invite/enroll users to the platform How to create an application How to attach applications and users to domains How to launch your first scan campaign […]