The following table includes the test configurations shipped in the <INSTALL_DIR>\configs\builtin directory.

Static Analysis

This group includes universal static analysis test configurations. See Security Compliance Pack for test configurations that enforce security coding standards.

Built-in Test ConfigurationDescription
Android GuidelinesIncludes rules recommended for Android developers, based on Google Java Style Guide (available at https://google.github.io/styleguide/javaguide.html).
Code SmellsRules based on the Code Smells document (available at http://xp.c2.com/CodeSmell.html) by Kent Beck and Martin Fowler.
Critical Rules

Includes most Severity 1 rules, as well as rules in the Flow Analysis Fast configuration.

Demo ConfigurationIncludes rules for demonstrating various techniques of code analysis. May not be suitable for large code bases.
Find Duplicated CodeApplies static code analysis rules that report duplicate code. Duplicate code may indicate poor application design and lead to maintainability issues.
Find Memory ProblemsIncludes rules for finding memory management issues in the code.
Find Unused CodeIncludes rules for identifying unused/dead code.
Flow Analysis StandardDetects complex runtime errors without requiring test cases or application execution. Defects detected include using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code. This requires a special Flow Analysis license option.
Flow Analysis AggressiveIncludes rules for deep flow analysis of code. Significant amount of time may be required to run this configuration.
Flow Analysis FastIncludes rules for shallow depth of flow analysis, which limits the number of potentially acceptable defects from being reported.
Internationalize CodeApplies static code analysis to expose code that is likely to impede internationalization efforts.
MetricsComputes values for  several code metrics. 
Recommended Rules

The default configuration of recommended rules. Covers most Severity 1 and Severity 2 rules. Includes rules in the Flow Analysis Fast configuration.

Thread Safe ProgrammingRules that uncover code which will be dangerous to run in multi-threaded environments— as well as help prevent common threading problems such as deadlocks, race conditions, a missed notification, infinite loops, and data corruption.
TDD Best PracticesThe TDD (Test Driven Development)  Best Practices configuration includes rules based on the Code Smells document (available at http://xp.c2.com/CodeSmell.html), rules that check whether the JUnit test classes are comprehensive for the tested class, and rules from the Critical Rules test configuration.
JUnit 4 Best PracticesIncludes rules that help you improve the quality of your JUnit 4 unit tests.
JUnit 5 Best PracticesIncludes rules that help you improve the quality of your JUnit 5 unit tests.

Security Compliance Pack

This compliance pack includes test configurations that help you enforce security coding standards and practices. See Compliance Packs Rule Mapping for information how the standards are mapped to Jtest's rules.

(info) Security Compliance Pack requires dedicated license features to be activated. Contact Parasoft Support for more details on licensing.

Displaying compliance results on DTP

Some test configurations in this category have a corresponding "Compliance" extension on DTP, which allows you to view your security compliance status, generate compliance reports, and monitor the progress towards your security compliance goals. See the "Extensions for DTP" section in the DTP documentation for the list of available extensions, requirements, and usage.

Built-in Test ConfigurationDescription
CWE 4.17

Includes rules that find issues identified in the CWE standard v4.17.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

CWE Top 25 2024

Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard v.2024.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

CWE Top 25 2023

Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard v.2023.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

CWE Top 25 + On the Cusp 2024

Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard or included on the CWE Weaknesses On the Cusp list v.2024.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

CWE Top 25 + On the Cusp 2023

Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard or included on the CWE Weaknesses On the Cusp list v.2023.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

DISA-ASD-STIG

Includes rules that find issues identified in Application Security and Development STIG (Security Technical Implementation Guide) provided by Defense Information Systems Agency. See also DISA-ASD-STIG Known Limitation.

HIPAAIncludes rules that find issues identified by the HIPAA (Health Insurance Portability and Accountability Act) regulations.

OWASP API Security Top 10-2023

Includes rules that find issues identified in OWASP’s API Security Top 10 - 2023.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

OWASP API Security Top 10-2019

Includes rules that find issues identified in OWASP’s API Security Top 10 - 2019.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

OWASP ASVS 4.0.3

Includes rules that enforce the requirements defined in the ASVS (Application Security Verification Standard).

OWASP Top 10-2021

Includes rules that find web application security risks identified in the OWASP Top 10 - 2021.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

OWASP Top 10-2017

Includes rules that find web application security risks identified in the OWASP Top 10 - 2017.

(info) This test configuration is part of Parasoft Compliance Pack solution that allows you to monitor compliance with industry standards using the "Compliance" extensions on DTP.

PCI DSS 4.0Includes rules that find issues identified in PCI Data Security Standard version 4.0.
PCI DSS 3.2Includes rules that find issues identified in PCI Data Security Standard version 3.2.
CERT for JavaChecks rules for the CERT standard. This standard provides guidelines for secure coding.
CERT for Java GuidelinesChecks rules and recommendations for the CERT standard. This standard provides guidelines for secure coding.
UL 2900 Includes rules that find issues identified in the UL-2900 standard.
VVSG 2.0Includes rules that enforce the specifications and requirements defined in Voluntary Voting System Guidelines 2.0.

Unit Testing and Collecting Coverage

This group includes test configurations that allow you to run and collect coverage data for unit tests.

Built-in Test ConfigurationDescription
Calculate Application CoverageProcesses the application coverage data to generate a coverage.xml file. See Application Coverage.
Unit TestsIncludes the unit test execution data in the generated report file

Compliance Packs Rule Mapping

The following rule mappings for the CWE standard are included:

The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.



  • No labels

Need assistance? Visit our support page