This release includes the following enhancements:

Release date: May 11, 2022

OpenID Connect Support

You can now authenticate on DTP via OpenID Connect to add a layer of security to your interactions with your DTP server. See Configuring OpenID Connect in the UI and Configuring OpenID Connect in the .properties File for details. Depending on your requirements, two methods are available to authenticate on the OpenID Connect server from the command line: device code and certificate. Device code authentication is enabled by default.

dotTEST Container Image at Docker Hub

We've added support for deploying dotTEST in a Docker container image, which allows you to leverage dotTEST's capabilities in a containerized environment to ensure consistency across the team and multiple development cycles. You can download a ready to use dotTEST container image from Docker Hub: https://hub.docker.com/r/parasoft/dottest. See also Deploying dotTEST in a Docker Container.

Support for Razor and Blazor Files

We've added support for analyzing Razor and Blazor files in .NET and .NET Core frameworks. To analyze the files you need to use .NET 5.0 SDK or later. For further details, see Known Limitations.

Support for Platforms

We've added support for:

  • Windows 11
  • Windows Server 2022

Support for IDEs

We've added support for Visual Studio 2022 (17.3) in the 2022.1.2 update.

Extended Security Compliance Pack

We've extended the Security Compliance Pack by adding support for the latest version of CWE and updating some configurations. See the New and Updated Test Configurations section below.

New and Updated Test Configurations

We've added the following test configuration:

  • CWE 4.6

We've updated the following test configurations:

  • OWASP Top 10-2021
  • DISA ASD STIG

Updated Static Analysis Rules

We've updated the following rules:

  • BRM.APNFT
  • CS.SERIAL.IDC
  • CS.SERIAL.RFINE
  • CS.SERIAL.UIS

Updated Flow Analysis Rules

We've updated the following rules:

  • BD.EXCEPT.AN
  • BD.EXCEPT.NR
  • BD.PB.CC
  • BD.PB.STRNULL

We've improved the violation message in the following rules, and as a result, suppressions associated with these rules on DTP may no longer be available:

  • BD.SECURITY.AUTH
  • BD.SECURITY.CUSTOM
  • BD.SECURITY.SENS
  • BD.SECURITY.TDALLOC
  • BD.SECURITY.TDCMD
  • BD.SECURITY.TDCODE
  • BD.SECURITY.TDFNAMES
  • BD.SECURITY.TDINPUT
  • BD.SECURITY.TDLDAP
  • BD.SECURITY.TDLOG
  • BD.SECURITY.TDNET
  • BD.SECURITY.TDPASSWD
  • BD.SECURITY.TDRESP
  • BD.SECURITY.TDRFL
  • BD.SECURITY.TDSQL
  • BD.SECURITY.TDSQLC
  • BD.SECURITY.TDXSS

Updated Code Metrics

We've updated the following metric:

  • METRIC.NORET

Other Changes

  • We've improved dotTEST's performance when running a test configuration containing Flow Analysis rules.
  • We've improved Flow Analysis rules accuracy when source code contains compiler-generated or class initialization code.
  • IPv6 is now supported.
  • You can now specify a custom name of your dotTEST report. See report.file.name.
  • Upgrading to 2022.1 might cause machine ID change on Windows. Verify your machine ID before requesting a new license from Parasoft. See Obtaining the Machine ID.
  • TFS SDK libraries are now no longer distributed as part of Parasoft. If you want TFS support to work on your machine, you need to install TFS SDK from vendor.

Removed Support

Removed Support for IDEs

Support for the following deprecated IDEs is now removed:

  • Visual Studio 2012
  • Visual Studio 2013

Removed Support for Native Test Runners

Support for the following native test runners is now removed:

  • MSTest V1 native runner (currently MSTest executes via VSTest)
  • NUnit 2 native runner (currently NUnit 2 executes via VSTest)

Removed Support for Development Platforms

Support for the following development platform is now removed:

  • .NET Core 2.x

Removed Support for Legacy Code Analysis

  • We've removed support for running legacy Code Analysis.

Removed dotTEST 9.x compatibility

  • We've removed support for test configuration settings compatible with dotTEST 9.x.

Known Limitations

.NET Core 2.x and .NET 6 can cause issues with collecting application coverage from .NET Core and .NET applications. See What if dotTEST cannot collect coverage information? for information about the workaround.

Resolved Bugs and FRs

Bug/FR IDDescription
DT-17978No Parasoft menu when selecting a website project (rather than a whole solution)
DT-18429Error when trying to collect application coverage with -multiuser switch
DT-18496Parameters for OldRunner rules are ignored
DT-18525Improve METRIC.NORET metric to count only true returns
FA-8668BD.RES.LEAKS reports false positive when resource in using statement is not assigned to any variable
FA-8739BD.PB.ARRAY false positive
FA-8824BD.SECURITY.TDALLOC potential false negative
XT-39618"Automatically import findings at a specific time" doesn't work





  • No labels