This release includes the following enhancements:
Release date: October 25, 2021
New External Systems Integrations
We've added enhancements to help you streamline your workflows with CI systems. You can now conveniently review results reported by dotTEST directly in Azure Pipelines or GitLab.
Integration with Azure DevOps
We've added the dotTEST extension for Azure DevOps, which allows you to easily integrate dotTEST with your Azure DevOps pipeline. The extension provides a task for running analysis with dotTEST and generating the dotTEST report in the Azure DevOps-specific SARIF format. The analysis results are then displayed in build results for each execution of your pipeline. See https://marketplace.visualstudio.com/items?itemName=parasoft.dottest-azure-devops for details.
Integration with GitLab
You can now integrate with GitLab by modifying your GitLab workflow to run analysis with dotTEST and generate the analysis report in the SAST format. This allows you to review results reported by dotTEST as code vulnerabilities in GitLab. See https://gitlab.com/parasoft/dottest-gitlab for details.
Enhanced dotTEST Extension for Visual Studio Code
We've extended the capabilities of dotTEST extension for Visual Studio Code. You can now import analysis results from your repository in Azure DevOps. See Visual Studio Code Marketplace for details about the dotTEST extension for Visual Studio Code.
Extended Security Compliance Pack
We've extended the Security Pack by adding support for the latest versions of CWE and OWASP Top 10. See the New and Updated Test Configurations section below.
Accepting the Parasoft EULA
You will be prompted by the installation wizard to accept the terms of the Parasoft End User License Agreement (EULA) while installing dotTEST or the Parasoft Plugin for Visual Studio. The Parasoft EULA is available in the dotTEST installation directory and at https://www.parasoft.com/license.
If you install dotTEST from a ZIP distribution, you must manually enable the acceptance setting in your configuration file: parasoft.eula.accepted=true.
If you install the Parasoft Plugin for Visual Studio in a silent (non-interactive) mode, you must run the installer with the following command to accept the EULA: /acceptEula=yes
.
New and Updated Test Configurations
We've added the following test configurations:
- CWE 4.5
- CWE Top 25 2021
- CWE Top 25 + On the Cusp 2021
- OWASP Top 10-20211
1This is a preview version of the test configuration, which is not part of Parasoft Compliance Pack solution. Reviewing rule violations using the compliance extensions on DTP is not supported.
Removed Test Configurations
- CWE 4.4
- CWE Top 25 2020
- CWE Top 25 + On the Cusp 2020
Updated Static Analysis Rules
We've updated the following rules and metrics:
- BD.EXCEPT.NR
- BD.PB.DEREF
- BD.PB.EVIPT
- BD.PB.VOVR
- BD.PB.ZERO
- BD.TRS.MUTEX
- CMUG.MU.AUPM
- CS.PB.CEB
- METRIC.CC
- METRIC.ECC
- METRIC.MCC
- METRIC.SCC
- SEC.WEB.UAA
Due to RuleWizard optimizations, violations reported by custom rules you created with RuleWizard may not be fully consistent with previous releases.
Other Changes
dotTEST can now run Flow Analysis of Visual Basic projects using the new generation of the parser. If you've used the old parser for running Flow Analysis, remove the following setting from your .properties file:
flowanalysis.newparser.enabled=false
- You can now connect with the dotTEST's coverage agent via the HTTPS protocol. See Connecting with the Coverage Agent via HTTPS.
- When you run analysis from Visual Studio, source code is compiled using the native Visual Studio build mechanism. As a result, all open source files are automatically saved.
- We've improved dotTEST's performance when running in the CQA mode.
- If the tested solution includes a project(s) whose solution-relative path contains the double-dot notation (/../), static analysis results reported by dotTEST 2021.2 may be inconsistent with the results reported by previous dotTEST versions. If this occurs, please contact Parasoft Support.
- Addressed log4j vulnerability CVE-2021-44228 in version 2021.2.1.
Resolved Bugs and FRs
Bug/FR ID | Description |
---|---|
DT-16440 | Wrong product version in Japanese dotTEST 2020.2.1 Installer |
DT-16969 | dotTEST CS.PB.CEB false positive for switch expressions in .NET Core 3.0 |
DT-17238 | Form code file is not excluded by scope.path.reject.wildcard setting |
DT-17242 | CS.PB.CEB false positive |
DT-17584 | NRE in Old Runner analysis (Runner exits before it gets work) |
DT-17623 | METRIC.NBD - metric doesn't report violation when "for" loop is used |
FA-6073 | (case #66668) BD.TRS.MUTEX false positive. |
FA-6074 | (case #66667) BD.PB.CC false positive. |
FA-7638 | Undetected violations - BD.EXCEPT.NR, BD.PB.ZERO. |
FA-8368 | BD.PB.VOVR - does not report violation when "On Error GoTo" is used. |
FA-8414 | False positive - BD.PB.EVIPT. |
FA-8485 | BD.EXCEPT.NR false positive |
XT-39219 | Plugin installation fails due to mixed assembly mode error in Visual Studio. |