This release includes the following enhancements:
Release date: May 20, 2024
Upgrade Note
- DTP or License Server 2024.1 is required for licensing dotTEST 2024.1. You must upgrade to DTP or License Server 2024.1 before upgrading to dotTEST 2024.1 in order to license the product successfully.
- Connections to DTP and License Server must be over HTTPS. HTTP is no longer supported.
OpenAI Integration
- Recommendations for Flow Analysis violations have been enhanced with OpenAI integration.
- Precision in code references has been improved with OpenAI integration.
Code Coverage Enhancements
- Coverage can be automatically collected and displayed after running tests in the Test Explorer window in Visual Studio; see Collecting Coverage from Test Explorer Test Runs.
- The setup of application coverage for .NET 6+ applications has been simplified. It is no longer required to copy the dottest.Hooks assembly shipped with dotTEST to the application folder.
- Improved support for thread tracking in application coverage for multiuser mode.
Enhanced Precision in Test Impact Analysis
The test impact analysis capabilities in dotTEST have been made more precise. Impacted tests are now calculated based on modified methods rather than modified classes. Additionally, code changes that do not affect the code logic no longer result in tests being detected as impacted.
Security Compliance Pack Enhancements
- The Security Pack capabilities have been extended by Security CodeScan rules (3rd party rules).
- Support for CWE version 4.14 has been added and some configurations have been updated. See the New and Updated Test Configurations section below.
Static Analysis Enhancements
- Simplified presentation of one-line Flow Analysis violations.
- You can now use RuleWizard rules in Continuous Static Analysis.
Additional Updates
- Authentication can now be enabled for connecting to a standalone License Server if it is configured to require authentication; see Setting the Parasoft License and license.network.auth.enabled.
- You can now specify custom parameters to be added to the report.xml header using the report.xml.param{n}.key and report.xml.param{n}.value settings.
- The shipped JRE has been upgraded to version 17.0.10+7.
- The default report file names have changed for the following supported formats:
Report Format Before Now SARIF for Azure DevOps
report.sarif report_azure.sarif XSL Custom
report.html report_custom.html
For details, see Report File Names.
Deprecated Support
Deprecated Support for IDEs
Support for the following IDE is now deprecated:
- Visual Studio 2015
New and Updated Test Configurations
The following test configuration has been added:
- CWE 4.14
The following test configurations have been updated:
- Critical Rules - removal of deprecated and deleted rules
- Demo - removal of deleted rules
- Find Unimplemented Scenarios - removal of deprecated rules
- Flow Analysis Aggressive - removal of deprecated rules
- Flow Analysis Fast - removal of deprecated rules
- Flow Analysis - removal of deprecated rules
- IEC 62304 (Template) - removal of deleted rules
- Recommended Rules - removal of deprecated and deleted rules
- Recommended .NET Rules - removal of deprecated rules
- Security Assessment - removal of deprecated and deleted rules
- CWE Top 25 + On the Cusp 2022 - added new rules, removal of deprecated and deleted rules
- CWE Top 25 + On the Cusp 2023 - added new rules, removal of deprecated and deleted rules
- CWE Top 25 2022 - added new rules, removal of deprecated and deleted rules
- CWE Top 25 2023 - added new rules, removal of deprecated and deleted rules
- DISA-ASD-STIG - added new rules
- HIPAA - added new rules, removal of deprecated and deleted rules
- OWASP API Security Top 10-2019 - added new rules
- OWASP API Security Top 10-2023 - added new rules
- OWASP ASVS 4.0.3 - added new rules, removal of deprecated and deleted rules
- OWASP Top 10-2017 - added new rules
- OWASP Top 10-2021 - added new rules
- PCI DSS 4.0 - added new rules
- UL 2900 - added new rules, removal of deprecated and deleted rules
- VVSG 2.0 - added new rules, removal of deleted rules
The following test configuration has been removed:
- CWE 4.13
New and Updated Static Analysis Rules
The following rules have been added:
Rule ID | Header |
|---|---|
| SEC.WEB.HPWCS | Do not use hard-coded passwords in connection strings in configuration files |
| ROSLYN.SCS.* | A set of Security CodeScan rules |
The following rules have been updated:
Rule ID | Updates |
|---|---|
| TUG.NTU.AUPNT | .NET supported; CQA supported |
Updated Flow Analysis Rules
The following rule has been updated:
Rule ID | Updates |
|---|---|
| BD.PB.CC | Added a parameter to report on non-branching conditions. |
Removed Rules
Removed Rule | Suggested Rule |
|---|---|
| BD.PB.DEREF | BD.PB.CC |
| BD.PB.INTOVERF | BD.PB.INTWRAP, BD.PB.INTDL, BD.PB.INTVC |
| BD.PB.POVR | BD.PB.VOVR |
| CLS.ACNM | N/A |
| CLS.ARRD | N/A |
| CLS.ENFI | N/A |
| CLS.EVOL | N/A |
| CLS.EVTY | N/A |
| CLS.FIOL | N/A |
| CLS.GLBL | N/A |
| CLS.IDUN | N/A |
| CLS.MTV | N/A |
| CLS.PROL | N/A |
| CLS.UPN | N/A |
| CLS.UTN | N/A |
| CS.MLC | METRIC.NOPLIM |
| CS.OOM.MI | METRIC.MI |
| CS.SC | N/A |
| CS.USO | N/A |
| GC.DCGC | SEC.APDM |
| GC.UFID | BD.RES.LEAKS |
| OOM.CYCLO | METRIC.MCC |
| OOM.FCSF | METRIC.NOMCIM |
| OOM.LNMM | METRIC.NOMIT |
| OOM.LNPBD | METRIC.NOPUBMIT |
| OOM.LNPBM | METRIC.NOPUBMIT |
| OOM.LNPM | METRIC.NOPAR |
| OOM.LNPTD | METRIC.NOPROTMIT |
| OOM.LNPTM | METRIC.NOPROTMIT |
| OOM.LNPVD | METRIC.NOPRIVMIT |
| OOM.LNPVM | METRIC.NOPRIVMIT |
| OOM.MLCI | METRIC.IDOC |
| PB.BOXING | N/A |
| PB.CFSRLV | BD.RES.LEAKS |
| SEC.CDBC | BD.RES.LEAKS |
| SEC.CDBCLV | BD.RES.LEAKS |
| SEC.CDR | BD.RES.LEAKS |
| SEC.CDRLV | BD.RES.LEAKS |
| SEC.MSCPV | N/A |
| SPR.VPPD | SEC.VPPD |
| SPR.VPPDIMPL | SEC.VPPD |
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
| DT-21444 | TUG.NTU.AUPNT reports violation on used enum type |
| DT-21611 | DotTest and RuleWizard user's guide - Tutorial lessons |
| DT-21701 | dotTEST reports the same violation twice |
| DT-21779 | BankExample, .NET6 - Parsing error occurred |
| DT-21819 | OpenAI integration does not work in a specific project |
| DT-21878 | Files in a project not captured by dotTEST 2023.2.1 due to include option |
| DT-21906 | The list of rules from the documentation behaves differently and shows or does not "Setup problems" in report |
| FA-9724 | BD.PB.VOVR false positive for variable used in initializer of object of generic type |
| FA-9747 | BD.EXCEPT.NR false positive |
