The following table includes the test configurations shipped in the <INSTALL_DIR>\configs\builtin directory.
This group includes universal static analysis test configurations. See Security Compliance Pack for test configurations that enforce security coding standards.
| Built-in Test Configuration | Description |
|---|---|
| Android Guidelines | Includes rules recommended for Android developers, based on Google Java Style Guide (available at https://google.github.io/styleguide/javaguide.html). |
| Code Smells | Rules based on the Code Smells document (available at http://xp.c2.com/CodeSmell.html) by Kent Beck and Martin Fowler. |
| Critical Rules | Includes most Severity 1 rules, as well as rules in the Flow Analysis Fast configuration. |
| Demo Configuration | Includes rules for demonstrating various techniques of code analysis. May not be suitable for large code bases. |
| Find Duplicated Code | Applies static code analysis rules that report duplicate code. Duplicate code may indicate poor application design and lead to maintainability issues. |
| Find Memory Problems | Includes rules for finding memory management issues in the code. |
| Find Unused Code | Includes rules for identifying unused/dead code. |
| Flow Analysis Standard | Detects complex runtime errors without requiring test cases or application execution. Defects detected include using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code. This requires a special Flow Analysis license option. |
| Flow Analysis Aggressive | Includes rules for deep flow analysis of code. Significant amount of time may be required to run this configuration. |
| Flow Analysis Fast | Includes rules for shallow depth of flow analysis, which limits the number of potentially acceptable defects from being reported. |
| Internationalize Code | Applies static code analysis to expose code that is likely to impede internationalization efforts. |
| Metrics | Computes values for several code metrics. |
| Recommended Rules | The default configuration of recommended rules. Covers most Severity 1 and Severity 2 rules. Includes rules in the Flow Analysis Fast configuration. |
| Thread Safe Programming | Rules that uncover code which will be dangerous to run in multi-threaded environments— as well as help prevent common threading problems such as deadlocks, race conditions, a missed notification, infinite loops, and data corruption. |
| TDD Best Practices | The TDD (Test Driven Development) Best Practices configuration includes rules based on the Code Smells document (available at http://xp.c2.com/CodeSmell.html), rules that check whether the JUnit test classes are comprehensive for the tested class, and rules from the Critical Rules test configuration. |
| JUnit 4 Best Practices | Includes rules that help you improve the quality of your JUnit 4 unit tests. |
| JUnit 5 Best Practices | Includes rules that help you improve the quality of your JUnit 5 unit tests. |
This compliance pack includes test configurations that help you enforce security coding standards and practices. See Compliance Packs Rule Mapping for information how the standards are mapped to Jtest's rules.
Security Compliance Pack requires dedicated license features to be activated. Contact Parasoft Support for more details on licensing.
Some test configurations in this category have a corresponding "Compliance" extension on DTP, which allows you to view your security compliance status, generate compliance reports, and monitor the progress towards your security compliance goals. See the "Extensions for DTP" section in the DTP documentation for the list of available extensions, requirements, and usage. |
| Built-in Test Configuration | Description |
|---|---|
| CWE 4.17 | Includes rules that find issues identified in the CWE standard v4.17.
|
| CWE Top 25 2024 | Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard v.2024.
|
| CWE Top 25 2023 | Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard v.2023.
|
| CWE Top 25 + On the Cusp 2024 | Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard or included on the CWE Weaknesses On the Cusp list v.2024.
|
| CWE Top 25 + On the Cusp 2023 | Includes rules that find issues classified as Top 25 Most Dangerous Programming Errors of the CWE standard or included on the CWE Weaknesses On the Cusp list v.2023.
|
| DISA-ASD-STIG | Includes rules that find issues identified in Application Security and Development STIG (Security Technical Implementation Guide) provided by Defense Information Systems Agency. See also DISA-ASD-STIG Known Limitation. |
| HIPAA | Includes rules that find issues identified by the HIPAA (Health Insurance Portability and Accountability Act) regulations. |
OWASP API Security Top 10-2023 | Includes rules that find issues identified in OWASP’s API Security Top 10 - 2023.
|
| OWASP API Security Top 10-2019 | Includes rules that find issues identified in OWASP’s API Security Top 10 - 2019.
|
| OWASP ASVS 4.0.3 | Includes rules that enforce the requirements defined in the ASVS (Application Security Verification Standard). |
| OWASP Top 10-2021 | Includes rules that find web application security risks identified in the OWASP Top 10 - 2021.
|
| OWASP Top 10-2017 | Includes rules that find web application security risks identified in the OWASP Top 10 - 2017.
|
| PCI DSS 4.0 | Includes rules that find issues identified in PCI Data Security Standard version 4.0. |
| PCI DSS 3.2 | Includes rules that find issues identified in PCI Data Security Standard version 3.2. |
| CERT for Java | Checks rules for the CERT standard. This standard provides guidelines for secure coding. |
| CERT for Java Guidelines | Checks rules and recommendations for the CERT standard. This standard provides guidelines for secure coding. |
| UL 2900 | Includes rules that find issues identified in the UL-2900 standard. |
| VVSG 2.0 | Includes rules that enforce the specifications and requirements defined in Voluntary Voting System Guidelines 2.0. |
This group includes test configurations that allow you to run and collect coverage data for unit tests.
| Built-in Test Configuration | Description |
|---|---|
| Calculate Application Coverage | Processes the application coverage data to generate a coverage.xml file. See Application Coverage. |
| Unit Tests | Includes the unit test execution data in the generated report file |
The following rule mappings for the CWE standard are included:
The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.