Release date: April 15, 2020

In this release, we've focused on extending support for environments and frameworks, as well as enhancing our security compliance solution.

Support for Visual Studio Code

You can now leverage dotTEST's static analysis capabilities in Visual Studio Code IDE. dotTEST ships with an extension for Visual Studio Code, which allows you to run static code analysis, review the results directly in the IDE, suppress unwanted findings, and more. See Extension for Visual Studio Code for details.

Support for Source Control Management Systems

We've added support for:

  • Git 1.8, 1.9, 2.x
  • SVN 1.10, 1.11, 1.12, 1.13
  • Microsoft Team Foundation Server 2017, 2018, 2019

See Deprecated Support for Environments and Systems for information about deprecated and removed support for source control management systems.

Extended Support for C#

We've added support for features and enhancements of C# 8.0.

Extended Support for .NET Core

  • You can now analyze projects developed in .NET Core 3.1.
  • dotTEST now supports the portable format of PDB files when collecting coverage for .NET Core projects.

Extended Security Compliance Pack

The Security Pack now supports CWE 4.0. In addition, we've enhanced support for CWE Top 25 2019 and On the Cusp guidelines by adding new rules and updating the existing test configurations. See New and Updated Test Configurations below for details.

New Versioning Convention

All Parasoft products, including dotTEST, now follow a new versioning scheme: YYYY.release

New and Updated Test Configurations

We've added a new test configuration to help you detect weaknesses identified in Common Weaknesses Enumeration (CWE) 4.0:

  • CWE 4.0

We've updated the following test configurations to extend support for security standards:

  • CWE Top 25 2019
  • ​CWE Top 25 + On the Cusp 2019

Removed Test Configurations

  • CWE 3.4

New and Updated Static Analysis Rules

We've added the following rules:

Rule IDHeader
BD.SECURITY.IDENTITYAlways revert the impersonated user to the previous identity
BD.SECURITY.SENSLOGAvoid passing sensitive information to log methods
BD.SECURITY.TDALLOCValidate potentially tainted data before it is used to determine the size of memory allocation
BD.SECURITY.TDCODEValidate potentially tainted data before it is used in methods that generate code
BD.SECURITY.TDPASSWDProtect against using unprotected credentials
SEC.ALSIAvoid logging sensitive information
​​SEC.ATADo not use the Trace.Assert() method in production code
SEC.PBRTEAlways specify absolute path to execute commands​

We've updated the following rule by adding a parameter to let you customize the maximum line length:

  • BRM.MLL - Keep line length within predefined parameters

Deprecated Support for Environments and Systems

Support for the following environments and systems is now deprecated and will be removed in future releases.

Windows 7

Support for Windows 7 is deprecated, following the system's EOL.

 Source Control Management Systems

Support for the following SCMs is deprecated:

  • AccuRev
  • ClearCase
  • CVS
  • Serena Dimensions
  • StarTeam
  • Synergy CM
  • Visual Source Safe

In addition, we've removed support for Microsoft Team Foundation Server 2010.

Java 6

Support for Java 6 and lower is deprecated. In consequence, support environments that require Java 6 or lower will be removed for future releases.

Resolved Bugs and FRs

Bug/FR IDDescription
DT-12089Feature request to add a parameter for BRM.MLL-3
DT-13663Request to document how a scope of instrumentation for Application Coverage can be limited
DT-14665User should be able to use dotTEST on FIPS compliant environments
DT-14670OWASP2017.A1.VPPD: Handling of wrapper classes and method calls
DT-14706Incorrect list of .NET Core Supported Rules in the manual
DT-14707

Setup problem for PB.EMPTYMETHODS is reported on .NETCore project, though rule is supported

FA-7615 BD.EXCEPT.NR potential false positive
XT-37470New NLS implementation provides English version of (some) resources in Japan environment.

  • No labels