This release includes the following enhancements:
Release date: October 30, 2024
Support for Additional LLM Providers
The LLM integration support in dotTEST has been expanded beyond OpenAI and Azure OpenAI to include any LLM provider with a chat completions endpoint compatible with the OpenAI REST API. This allows users enhanced privacy by integrating with locally deployed models instead of cloud-based models. See LLM Integration for more information.
AI Integration Enhancements
- You can now apply AI-recommended fixes directly to your code, with a difference editor that allows you to review the changes and either apply the fix in full or select a part of it to apply. See Generating a Suggested Fix.
- Visual Studio Code plugin now supports AI-generated fixes to resolve static analysis violations. See Generating a Suggested Fix.
Live Static Analysis
You can continuously monitor code quality through Live Static Analysis. The Live Static Analysis functionality allows you to automatically analyze your code in the background as you make changes to your code. dotTEST will notify you when the code you are working on does not comply with your development policy; see Live Static Analysis.
Static Analysis Enhancements
- Enhanced stability and performance of Static Analysis engine.
- Support for reporting multiple violations in configuration files has been added.
Code Coverage Enhancements
- By default, coverage is not collected for test classes in the IDE (this can be changed in the settings). See dottest.unit_testing.testing_projects.
- Coverage wizard now supports collecting coverage for standalone applications tested by multiple users in parallel.
In-File Suppressions Enhancements
- Added the ability to easily customize the location of suppression files in both the CLI and IDE.
- Enhancements to suppression definitions:
- You can now use a file path containing wildcards for the file attribute.
- You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.
For details, see Defining Suppressions in Suppression Files.
New and Updated Test Configurations
The Security Compliance Pack has been extended by adding support for the following test configuration:
- CWE 4.15
The following test configurations have been updated:
- Critical Rules
- CWE Top 25 + On the Cusp 2023
- HIPAA
- OWASP ASVS 4.0.3
- OWASP Top 10-2021
- Recommended Rules
- Security Assessment
- UL 2900
The following test configuration has been removed:
- CWE 4.14
New and Updated Static Analysis Rules
The following rules have been added:
Rule ID | Header |
|---|---|
| BD.PB.TMTC | Specify name for thread |
| SEC.WEB.GEL | Log global exceptions in ASP.NET Core applications |
| SEC.WEB.RHTTPS | Redirect from HTTP to HTTPS |
The following rules have been updated:
Rule ID | Updates |
|---|---|
| CS.PFEL | .NET support, Live Static Analysis support |
| CS.CMUG.PRU.FSPP | .NET support, Live Static Analysis support |
| CS.PE.VFFP | .NET support, Live Static Analysis support |
| CS.BRM.RFINE | .NET support, Live Static Analysis support |
| CS.SERIAL.SOIS | .NET support, Live Static Analysis support |
Updated Flow Analysis Rules
The following rule has been updated:
Rule ID | Updates |
|---|---|
| BD.PB.TMTC | Ensure that the method body used in ThreadStart/ParameterizedThreadStart is wrapped in a 'try-catch' block |
IDE Integration
- Enhanced Visual Studio support for tracking newly added and deleted files in projects.
- Consolidated VSCode import commands into a single command for enhanced efficiency.
- Enhanced the reliability of importing results for multi-project solutions in VSCode.
Additional Updates
- Improved look and feel for Visual Studio IDE.
- Support for Git versions up to 2.46 has been added.
- The shipped JRE has been upgraded to version 21.
- A new DTP Details profile has been added to the Findings View, allowing you to display additional metadata (including AI-generated metadata) for violations imported from DTP in the Findings view.
- AI recommendations for unsupported rules (Metrics and Code Duplicates) are now disabled.
Deprecated Support
Deprecated Support for Environments
Support for the following environment is now deprecated and will be removed in a future release:
- .NET CLR 2.0
Deprecated Rules
The following rule is deprecated and will be removed in future releases:
- PB.TMTC
The following rules are deprecated for VB.NET and will be removed in future releases:
- ARRU.DNUNGIF
- ARRU.NGLVD
- ARRU.NNGCLC
- BRM.BOOLNEGNAME
- BRM.COLLPLURALNAME
- BRM.ISPREFIX
- BRM.LONGNAMES
- CLS.ACAC
- CLS.CONV
- CLS.ENTY
- CLS.NOOO
- CLS.NOPT
- CLS.PRMT
- CLS.TYPR
- CMUG.MU.VALRETURN
- CMUG.PRU.DPAV
- CS.PB.INVOKE
- CT.RANDDOUBLE
- EXCEPT.NCNRE
- GC.RCCB
- INTER.TOLOWERTOUPPER
- OOM.LNDM
- OPU.NOREFEQUAL
- OPU.NOSTATICEQUAL
- PB.PUBLICCTOR
- PB.CONSOLEWRITE
- PB.OF
- PB.STRIDX
- SEC.AASV
- SEC.ACPST
- SEC.ADSVSP
- SEC.AFNRO
- SEC.ALBM
- SEC.APTIF
- SEC.ASNRF
- SEC.AUIC
- SEC.AUMS
- SEC.AUPS
- SEC.DMSC
- SEC.HPTR
- SEC.MCMF
- SEC.SMIII
- SEC.USSCR
- SERIAL.GETOBJ
- SPR.ENFL
- SPR.PEO
Removed Support
Removed Support for IDEs
Support for the following IDE is now removed:
- Visual Studio 2015
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
| DT-22297 | OpenAI displays insufficient information |
| DT-22403 | DISA STIG version support in doc |
| DT-22677 | OpenAI for VB project is not available |
