Compliance departments need to be able to review code and compliance reports to ensure that the application is compliant with the company’s policies. The .NET compliance framework provides a way to generate reports that show the compliance status of the application.
What is a compliance report?
A compliance report can be generated at compile time. The .NET compliance framework generates a JSON file that contains details on the data classifications and redaction methods used in the application.
JSONCopy
{
"Name": "DataEntities",
"Types": [
{
"Name": "DataEntities.Order",
"Members": [
{
"Name": "CustomerAddress",
"Type": "string",
"File": "C:\\Developer\\mslearn-dotnet-cloudnative\\dotnet-compliance\\eShopLite\\DataEntities\\Order.cs",
"Line": "25",
"Classifications": [
{
"Name": "EUIIData"
}
]
},
{
"Name": "CustomerName",
"Type": "string",
"File": "C:\\Developer\\mslearn-dotnet-cloudnative\\dotnet-compliance\\eShopLite\\DataEntities\\Order.cs",
"Line": "21",
"Classifications": [
{
"Name": "EUIIData"
}
]
},
...
The report above is an example from the eShopLite.DataEntities project. It shows that the Order class has two properties that are classified as EUIIData.
JSONCopy
{
"Name": "Store",
"Types": [
{
"Name": "Store.Services.Log",
"Logging Methods": [
{
"Name": "LogOrders",
"Parameters": [
{
"Name": "logger",
"Type": "Microsoft.Extensions.Logging.ILogger",
"File": "C:\\Developer\\mslearn-dotnet-cloudnative\\dotnet-compliance\\eShopLite\\Store\\Services\\ProductService.cs",
"Line": "103"
},
{
"Name": "order",
"Type": "DataEntities.Order",
"File": "C:\\Developer\\mslearn-dotnet-cloudnative\\dotnet-compliance\\eShopLite\\Store\\Services\\ProductService.cs",
"Line": "103"
}
]
}
]
}
]
}
The report above is an example from the eShopLite.Store project. It shows that the LogOrders method in the ProductService class takes an Order object as a parameter for logging.
red hat certified specialist in linux performance tuning malaysia
Leave a Reply