This release includes the following enhancements: Release date: December 4, 2023 OpenAI IntegrationSupport for .NET 8Support for .NET 8 has been added. See Supported Frameworks. Support for C# 12dotTEST can now analyze code written in C# 12. Code Coverage Enhancements- Test impact analysis workflows in dottestcov now support using a baseline report containing metadata about lines of code that can be covered generated via dottestcli. Previously, test impact analysis workflows only supported using a baseline report where this metadata was collected by scanning applicat
- The dottestcov application can now be run on .NET Framework 4.7.2 (in addition to .NET 6 runtime).
Enhanced Static Analysis- The RuleWizard engine has been modernized to run on Roslyn infrastructure enabling support for .NET 8.
- The accuracy of the following rules has been improved as they are now executed via Roslyn infrastructure:
- APSC_DV.001460.IIDC
- APSC_DV.001460.UIS
- CS.IFD.DNPTHIS
- CS.OOM.CAST2CONCRETE
- CS.SERIAL.IIDC
- CS.SERIAL.UIS
- CS.SMC
- CS.TRS.LOCKSETGET
- CWE.502.IIDC
- CWE.502.UIS
- OWASP_ASVS_403.V1_5_2.IIDC
- OWASP_ASVS_403.V1_5_2.UIS
- OWASP_ASVS_403.V5_5_1.IIDC
- OWASP_ASVS_403.V5_5_1.UIS
- OWASP2017.A8.IIDC
- OWASP2017.A8.UIS
- OWASP2021.A8.IIDC
- OWASP2021.A8.UIS
- SEC.AUSD
New and Updated Test ConfigurationsThe Security Compliance Pack has been extended by adding support for the following test configurations: - CWE 4.13
- CWE Top 25 2023
- CWE Top 25 + On the Cusp 2023
- OWASP API Security Top 10-2023
The following test configurations have been updated: - CWE Top 25 + On the Cusp 2022
- DISA-ASD-STIG
- HIPAA
- OWASP ASVS 4.0.3
- UL 2900
The following test configurations have been removed: - CWE 4.10
- CWE Top 25 + On the Cusp 2021
- CWE Top 25 2021
Updated Static Analysis RulesThe following rules have been updated: Rule ID | Updates |
---|
CS.SERIAL.IIDC | Added support for .NET and CQA. | CS.SERIAL.UIS | The performance of the rule has been improved. Added support for many serialization methods. Added support for .NET and CQA. The placement of existing violations may change to become more accurate. | SEC.WEB.UAA | Added support to allow reporting violations on derived attributes. |
Updated Flow Analysis RulesThe following rule has been updated: Rule ID | Updates |
---|
BD.PB.ARRAY | Fixed false negatives. | BD.PB.VOVR | Added a parameter to allow reporting on unused values assigned to function parameters. Added a parameter to allow reporting on unused and overwritten initial values of function parameters. |
Additional Updates- You can now configure so that it runs in a FIPS-compliant mode. See Configuring FIPS Mode.
- The support for analyzing Razor/Blazor projects in Parasoft Plugin has been improved.
- The shipped JRE has been upgraded to version 11.0.20.1+1.
- Visual Studio Code users can now configure the mapping of severity levels (1-5) to VS Code severity levels (Error/Warning/Information/Hint) and filter the violations inside VS Code based on severities using a text pattern.
- It is now possible to suppress a finding in the next line. See Next Line Suppression.
Resolved Bugs and FRsBug/FR ID | Description |
---|
DT-12932 | User should see warnings for dependencies missing from project scope | DT-17632 | CS.NG.VAR.PNCFV - reports violation on local function | DT-18774 | No violation on razor file: rules CS.PB.DEFSWITCH, BD.EXCEPT.NR | DT-20571 | An error occurs when performing static analysis in Visual Studio 2022(17.2.4) | DT-20732 | Report.xml is not generated and Source Control service is unavailable | DT-20911 | The issue with rule CS.SEC.WEB.UAA and authorization attribute | DT-21320 | SymbolsParser exception on specific syntax | FA-9478 | BD.PB.CC false positive on comparing nullable value type object with primitive value | FA-9552 | BD.PB.ARRAY - potential false negative | XT-41333 | Empty file in report is marked as not checked but was tested | XT-41729 | Incorrectly generated PDF reports from CLI in Japanese env |
Deprecated RulesDeprecated Rule | Suggested Rule |
---|
BD.PB.POVR | BD.PB.VOVR | CLS.ACNM | N/A | CLS.ARRD | N/A | CLS.ENFI | N/A | CLS.EVOL | N/A | CLS.EVTY | N/A | CLS.FIOL | N/A | CLS.GLBL | N/A | CLS.IDUN | N/A | CLS.MTV | N/A | CLS.PROL | N/A | CLS.UPN | N/A | CLS.UTN | N/A | PB.BOXING | N/A | SEC.MSCPV | N/A |
|