This release includes the following enhancements: Release date: November 4October 30, 2024 Support for Additional LLM ProvidersThe LLM integration support in dotTEST has been expanded beyond OpenAI and Azure OpenAI to include any LLM provider with a chat completions endpoint compatible with the OpenAI REST API. This allows users enhanced privacy by integrating with locally deployed models instead of cloud-based models. See OpenAI Integration for more information. AI Integration Enhancements- You can now apply AI-recommended fixes directly to your code, with a difference editor that allows you to review the changes and either apply the fix in full or select a part of it to apply. See Generating a Suggested Fix.
- Visual Studio Code plugin now supports AI-generated fixes to resolve static analysis violations. See Generating a Suggested Fix.
Live Static AnalysisYou can continuously monitor code quality through Live Static Analysis. The Live Static Analysis functionality allows you to automatically analyze your code in the background as you make changes to your code. dotTEST will notify you when the code you are working on does not comply with your development policy; see see Live Static Analysis. Static Analysis Enhancements- Enhanced stability and performance of Static Analysis engine.
- Support for reporting multiple violations in configuration files has been added.
Code Coverage Enhancements- By default, coverage is not collected for test classes in the IDE (this can be changed in the settings). See dottest.unit_testing.testing_projects.
- Coverage wizard now supports collecting coverage for standalone applications tested by multiple users in parallel.
In-File Suppressions Enhancements- Added the ability to easily customize the location of suppression files in both the CLI and IDE.
- Enhancements to suppression definitions:
- You can now use a file path containing wildcards for the file attribute.
- You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.
For details, see Defining Suppressions in Suppression Files. Security Compliance Pack EnhancementsSupport for CWE version 4.15 has been added and some configurations have been updated. See the section below. | Anchor |
|---|
| new_configs_dottest |
|---|
| new_configs_dottest |
|---|
|
New and Updated Test ConfigurationsThe Security Compliance Pack has been extended by adding support for the following test configuration: The following test configurations have been updated:(TBA) - Critical Rules
- CWE Top 25 + On the Cusp 2023
- HIPAA
- OWASP ASVS 4.0.3
- OWASP Top 10-2021
- Recommended Rules
- Security Assessment
- UL 2900
The following test configuration has been removed: New and Updated Static Analysis RulesThe following rules have been added: Rule ID | Header |
|---|
| BD.PB.TMTC | Specify name for thread | | SEC.WEB.GEL | Log global exceptions in ASP.NET Core applications | | SEC.WEB.RHTTPS | Redirect from HTTP to HTTPS |
The following rules have been updated: Rule ID | Updates |
|---|
| CS.PFEL | .NET support, Live Static Analysis support | | CS.CMUG.PRU.FSPP | .NET support, Live Static Analysis support | | CS.PE.VFFP | .NET support, Live Static Analysis support | | CS.BRM.RFINE | .NET support, Live Static Analysis support | | CS.SERIAL.SOIS | .NET support, Live Static Analysis support |
Updated Flow Analysis RulesThe following rule has been updated: Rule ID | Updates |
|---|
| BD.PB.TMTC | Ensure that the method body used in ThreadStart/ParameterizedThreadStart is wrapped in a 'try-catch' block |
IDE Integration- Enhanced Visual Studio support for tracking newly added and deleted files in projects.
- Consolidated VSCode import commands into a single command for enhanced efficiency.
- Enhanced the reliability of importing results for multi-project solutions in VSCode.
Additional Updates- Improved look and feel for Visual Studio IDE.
- Support for Git versions up to 2.46 has been added.
- The shipped JRE has been upgraded to version 21.
- A new DTP Details profile has been added to the Findings View, allowing you to display additional metadata (including AI-generated metadata) for violations imported from DTP in the Findings view.
- AI recommendations for unsupported rules (Metrics and Code Duplicates) are now disabled.
Deprecated SupportDeprecated Support for EnvironmentsSupport for the following environment is now deprecated and will be removed in a future release: Deprecated Support for RulesRulesThe following rule is deprecated and will be removed in future releases: The following rules are Support for the following rules is deprecated for VB.NET and will be removed in future releases: - ARRU.DNUNGIF
- ARRU.NGLVD
- ARRU.NNGCLC
- BRM.BOOLNEGNAME
- BRM.COLLPLURALNAME
- BRM.ISPREFIX
- BRM.LONGNAMES
- CLS.ACAC
- CLS.CONV
- CLS.ENTY
- CLS.NOOO
- CLS.NOPT
- CLS.PRMT
- CLS.TYPR
- CMUG.MU.VALRETURN
- CMUG.PRU.DPAV
- CS.PB.INVOKE
- CT.RANDDOUBLE
- EXCEPT.NCNRE
- GC.RCCB
- INTER.TOLOWERTOUPPER
- OOM.LNDM
- OPU.NOREFEQUAL
- OPU.NOSTATICEQUAL
- PB.PUBLICCTOR
- PB.CONSOLEWRITE
- PB.OF
- PB.STRIDX
- SEC.AASV
- SEC.ACPST
- SEC.ADSVSP
- SEC.AFNRO
- SEC.ALBM
- SEC.APTIF
- SEC.ASNRF
- SEC.AUIC
- SEC.AUMS
- SEC.AUPS
- SEC.DMSC
- SEC.HPTR
- SEC.MCMF
- SEC.SMIII
- SEC.USSCR
- SERIAL.GETOBJ
- SPR.ENFL
- SPR.PEO
Removed SupportRemoved Support for IDEsSupport for the following IDE is now removed: Resolved Bugs and FRsBug/FR ID | Description |
|---|
| DT-22297 | OpenAI displays insufficient information | | DT-22403 | DISA STIG version support in doc | | DT-22677 | OpenAI for VB project is not available |
|