This release includes the following enhancements:

Release date: November 8, 2022

Android Support

  • Support has been added for running static analysis for Gradle Android builds from CI/CD and CLI for Java language.
  • Experimental support has been added for unit test execution, monitoring and coverage collection for Android projects. Full support will be added in a future release.
  • A new Android Guidelines test configuration has been added. It is based on the following standard: https://google.github.io/styleguide/javaguide.html.

Parasoft Findings for SonarQube

The Parasoft Findings Plugin for SonarQube has been introduced. The plugin allows you to view static analysis test results within SonarQube. For details, see Parasoft Findings for SonarQube. The plugin can be downloaded from the Parasoft marketplace: https://customerportal.parasoft.com/lightningportal/s/marketplacedetails?id=a703g0000000KoZAAU.

Support for Parallel Builds

In addition to functionalities introduced in 2022.1, Jtest now supports test impact analysis for Gradle and Maven parallel builds.

New and Updated Test Configurations

The Security Compliance Pack has been extended by adding support for the following test configurations:

  • CWE 4.9 (accuracy improved and number of duplicated findings reduced)
  • CWE Top 25 2022 
  • CWE Top 25 + on the Cusp 2022
  • CERT for Java Guidelines
  • HIPAA
  • PCI-DSS 4.0
  • VVSG 2.0

The following test configuration has been updated:

  • CERT for Java

New and Updated Static Analysis Rules

The following rule has been added:

Rule IDHeader
SECURITY.ESD.WSUse secure communication with 'wss' (WebSocket Secure) instead of 'ws'

The following rules have been updated:

Rule IDUpdates

JUNIT.AHLOD

The rule has been updated to support JUnit 5.

PB.CLP

Rule behavior has been improved.

PB.OVAM

Rule behavior has been improved.

Updated Flow Analysis Rules

The following rules have been updated:

Rule IDUpdates

BD.SECURITY.ARRAY

The rule has been re-implemented to improve accuracy.

BD.PB.CC

A parameter has been added to allow reporting violations on constant values, and the definition of constant value has been extended.

Unit Test Assistant Enhancements

  • The Unit Test Assistant preferences contain a new option "Only add test cases that increase coverage" that is enabled by default. When this option is deselected, Jtest may add unit tests that do not add to the overall coverage of the code but that have additional variations in the unit tests that are created. You can deselect this option if you want to see whether Jtest can generate additional interesting test cases with variations on test setup. See Configuring Preferences.
  • The Unit Test Assistant has improved support for initializing variables whose type is a subclass of java.lang.Number.

Support for IDEs

The following IDEs are now supported:

  • IntelliJ 2022.1
  • IntelliJ 2022.2
  • Eclipse 2022-06 (4.24)
  • Eclipse 2022-09 (4.25)

Additional Updates

  • The mechanism of finding and analyzing project resource files has been improved. As a result, after upgrade many new violations may be reported against files in resource folders by rules that check XML or properties files, since those files were not previously being analyzed. If this happens, you can address the new violations in one of the following ways:
    • Fix or suppress each violation as appropriate.
    • Reconfigure rule properties to reflect how you want the rules configured.
    • Disable the rules if they do not need to be applied.
  • All required dependencies are now automatically resolved by Maven by the time jtest-maven-plugin is run. As a result, you may notice that more dependencies are resolved during Jtest plugin execution than during the test goal execution.
  • OIDC authentication with OKTA is now supported for both IDE and CLI-based workflows. See Configuring OpenID Connect in the UI and Configuring OpenID Connect in the .properties File.
  • General improvements to the Flow Analysis engine may cause some differences in the violations reported by Flow Analysis rules compared to the previous version.
  • The performance of the scope analysis with Git integration has been improved.

Resolved Bugs and FRs

Bug/FR IDDescription
FA-9042False positive of BD.PB.REVOBJ on local variable
FA-9072Missing information that ObjectUtils.isEmpty method is null checking method
FA-9150Incorrect simulation of a loop where the condition contains a array element access
JT-48330Scope of analysis restricted to src folders in plugin

  • No labels