This release includes the following enhancements:

Release date: October 25, 2021

New External Systems Integrations

We've added enhancements to help you streamline your workflows with CI systems. You can now conveniently review results reported by dotTEST directly in Azure Pipelines or GitLab.

Integration with Azure DevOps

We've added the dotTEST extension for Azure DevOps, which allows you to easily integrate dotTEST with your Azure DevOps pipeline. The extension provides a task for running analysis with dotTEST and generating the dotTEST report in the Azure DevOps-specific SARIF format. The analysis results are then displayed in build results for each execution of your pipeline. See https://marketplace.visualstudio.com/items?itemName=parasoft.dottest-azure-devops for details.

Integration with GitLab

You can now integrate with GitLab by modifying your GitLab workflow to run analysis with dotTEST and generate the analysis report in the SAST format. This allows you to review results  reported by dotTEST as code vulnerabilities in GitLab. See https://gitlab.com/parasoft/dottest-gitlab for details.

Enhanced dotTEST Extension for Visual Studio Code

We've extended the capabilities of dotTEST extension for Visual Studio Code. You can now import analysis results from your repository in Azure DevOps. See Visual Studio Code Marketplace for details about the dotTEST extension for Visual Studio Code.

Extended Security Compliance Pack

We've extended the Security Pack by adding support for the latest versions of CWE and OWASP Top 10. See the New and Updated Test Configurations section below.

Accepting the Parasoft EULA

You will be prompted by the installation wizard to accept the terms of the Parasoft End User License Agreement (EULA) while installing dotTEST or the Parasoft Plugin for Visual Studio. The Parasoft EULA is available in the dotTEST installation directory and at https://www.parasoft.com/license.

If you install dotTEST from a ZIP distribution, you must manually enable the acceptance setting in your configuration file: parasoft.eula.accepted=true.

If you install the Parasoft Plugin for Visual Studio in a silent (non-interactive) mode, you must run the installer with the following command to accept the EULA: /acceptEula=yes.

New and Updated Test Configurations

We've added the following test configurations:

• CWE 4.5
• CWE Top 25 2021
• CWE Top 25 + On the Cusp 2021
• OWASP Top 10-2021¹
  

¹This is a preview version of the test configuration, which is not part of Parasoft Compliance Pack solution. Reviewing rule violations using the compliance extensions on DTP is not supported.

Removed Test Configurations

• CWE 4.4
• CWE Top 25 2020
• CWE Top 25 + On the Cusp 2020

Updated Static Analysis Rules

We've updated the following rules and metrics:

• BD.EXCEPT.NR
• BD.PB.DEREF
• BD.PB.EVIPT
• BD.PB.VOVR
• BD.PB.ZERO
• BD.TRS.MUTEX
• CMUG.MU.AUPM
• CS.PB.CEB
• METRIC.CC
• METRIC.ECC
• METRIC.MCC
• METRIC.SCC
• SEC.WEB.UAA

Due to RuleWizard optimizations, violations reported by custom rules you created with RuleWizard may not be fully consistent with previous releases.

Other Changes

• dotTEST can now run Flow Analysis of Visual Basic projects using the new generation of the parser. If you've used the old parser for running Flow Analysis, remove the following setting from your .properties file: flowanalysis.newparser.enabled=false

• You can now connect with the dotTEST's coverage agent via the  HTTPS protocol. See Connecting with the Coverage Agent via HTTPS.
• When you run analysis from Visual Studio, source code is compiled using the native Visual Studio build mechanism. As a result, all open source files are automatically saved.
• We've improved dotTEST's performance when running in the CQA mode.
• If the tested solution includes a project(s) whose solution-relative path contains the double-dot notation (/../), static analysis results reported by dotTEST 2021.2 may be inconsistent with the results reported by previous dotTEST versions. If this occurs, please contact Parasoft Support.

Resolved Bugs and FRs