This release includes the following enhancements:

Release date: October 25, 2021

New External Systems Integrations

We've added enhancements to help you streamline your workflows with CI systems. You can now conveniently review results reported by dotTEST directly in Azure Pipelines or GitLab.

Integration with Azure DevOps

We've added the dotTEST extension for Azure DevOps, which allows you to easily integrate dotTEST with your Azure DevOps pipeline. The extension provides a task for running analysis with dotTEST and generating the dotTEST report in the Azure DevOps-specific SARIF format. The analysis results are then displayed in build results for each execution of your pipeline. See https://marketplace.visualstudio.com/items?itemName=parasoft.dottest-azure-devops for details.

Integration with GitLab

You can now integrate with GitLab by modifying your GitLab workflow to run analysis with dotTEST and generate the analysis report in the SAST format. This allows you to review results  reported by dotTEST as code vulnerabilities in GitLab. See https://gitlab.com/parasoft/dottest-gitlab for details.

Enhanced dotTEST Extension for Visual Studio Code

We've extended the capabilities of dotTEST extension for Visual Studio Code. You can now import analysis results from your repository in Azure DevOps. See Visual Studio Code Marketplace for details about the dotTEST extension for Visual Studio Code.

Extended Security Compliance Pack

We've extended the Security Pack by adding support for the latest versions of CWE and OWASP Top 10. See the New and Updated Test Configurations section below.

Accepting the Parasoft EULA

You will be prompted by the installation wizard to accept the terms of the Parasoft End User License Agreement (EULA) while installing dotTEST or the Parasoft Plugin for Visual Studio. The Parasoft EULA is available in the dotTEST installation directory and at https://www.parasoft.com/license.

If you install dotTEST from a ZIP distribution, you must manually enable the acceptance setting in your configuration file: parasoft.eula.accepted=true.

If you install the Parasoft Plugin for Visual Studio in a silent (non-interactive) mode, you must run the installer with the following command to accept the EULA: /acceptEula=yes.

New and Updated Test Configurations

We've added the following test configurations:

  • CWE 4.5
  • CWE Top 25 2021
  • CWE Top 25 + On the Cusp 2021
  • OWASP Top 10-20211

1This is a preview version of the test configuration, which is not part of Parasoft Compliance Pack solution. Reviewing rule violations using the compliance extensions on DTP is not supported.

Removed Test Configurations

  • CWE 4.4
  • CWE Top 25 2020
  • CWE Top 25 + On the Cusp 2020

Updated Static Analysis Rules

We've updated the following rules and metrics:

  • BD.EXCEPT.NR
  • BD.PB.DEREF
  • BD.PB.EVIPT
  • BD.PB.VOVR
  • BD.PB.ZERO
  • BD.TRS.MUTEX
  • CMUG.MU.AUPM
  • CS.PB.CEB
  • METRIC.CC
  • METRIC.ECC
  • METRIC.MCC
  • METRIC.SCC
  • SEC.WEB.UAA

Due to RuleWizard optimizations, violations reported by custom rules you created with RuleWizard may not be fully consistent with previous releases.

Other Changes

  • dotTEST can now run Flow Analysis of Visual Basic projects using the new generation of the parser. If you've used the old parser for running Flow Analysis, remove the following setting from your .properties file: flowanalysis.newparser.enabled=false

  • You can now connect with the dotTEST's coverage agent via the  HTTPS protocol. See Connecting with the Coverage Agent via HTTPS.
  • When you run analysis from Visual Studio, source code is compiled using the native Visual Studio build mechanism. As a result, all open source files are automatically saved.
  • We've improved dotTEST's performance when running in the CQA mode.
  • If the tested solution includes a project(s) whose solution-relative path contains the double-dot notation (/../), static analysis results reported by dotTEST 2021.2 may be inconsistent with the results reported by previous dotTEST versions. If this occurs, please contact Parasoft Support.
  • Addressed log4j vulnerability CVE-2021-44228 in version 2021.2.1.

Resolved Bugs and FRs

Bug/FR IDDescription
DT-16440Wrong product version in Japanese dotTEST 2020.2.1 Installer
DT-16969 dotTEST CS.PB.CEB false positive for switch expressions in .NET Core 3.0
DT-17238Form code file is not excluded by scope.path.reject.wildcard setting
DT-17242CS.PB.CEB false positive
DT-17584NRE in Old Runner analysis (Runner exits before it gets work)
DT-17623METRIC.NBD - metric doesn't report violation when "for" loop is used
FA-6073(case #66668) BD.TRS.MUTEX false positive.
FA-6074(case #66667) BD.PB.CC false positive. 
FA-7638Undetected violations - BD.EXCEPT.NR, BD.PB.ZERO. 
FA-8368BD.PB.VOVR - does not report violation when "On Error GoTo" is used.
FA-8414False positive - BD.PB.EVIPT.
FA-8485BD.EXCEPT.NR false positive
XT-39219

Plugin installation fails due to mixed assembly mode error in Visual Studio.

  • No labels