New releases of Parasoft Jtest & Parasoft dotTEST 10.4.2
By Kapil Bhandari
May 21, 2019
4 min read
Parasoft released the latest versions of its industry-leading Java and .NET development testing tools today, and they are filled with great new features to enable and enforce security and quality earlier in the development process!
Read on to learn more about today’s product releases and the 3 critical areas of software testing we are focusing on:
- Shifting left security testing and compliance, and integrating these activities into the daily development process.
- Aggregating and correlating test activities across the whole application suite for a real-time, personalized view of both quality and security.
- Going deeper with AI-driven unit testing, to not only augment positive testing scenarios (with new improvements added for Spring applications), but adding support for negative testing scenarios.
More on each of these areas below.
Integrating security and compliance into the daily development process
To address continually growing concerns over data breaches, various industries have issued regulations addressing cybersecurity and information security controls. Companies are now holding their software teams/vendors accountable for meeting standard application security policies, but even with regulations and policies in place, most companies are merely “checking the box” and demonstrating compliance via minimal standards due to the challenge and complexity of integrating security into their development process. As a result, organizations are at risk of not being compliant, and worse, being exploited via a breach.
To turn this around, today’s releases are designed to meet the need of security and compliance, by enabling organizations to integrate security testing and compliance earlier in the development process, shifting testing to the left, and addressing security and compliance requirements as early as possible.
The static analysis capabilities in Parasoft Jtest and Parasoft dotTEST have been enriched by providing users with a wide set of checkers that help assist in application security, along with meeting compliance with industry-specific standards, such as CWE, OWASP, PCI DSS, and UL 2900. Security teams or leads can enforce and distribute security policies for their organization’s needs, by utilizing Parasoft’s out-of-the-box test configurations for industry-specific standards or generating their own via customizations.
Development teams instantly receive the policies directly within their IDE and can ensure quality and security of their code by executing an analysis, either on-demand or automatically, within their development IDE, allowing them to see issues and fix them prior to check-in. In addition, these releases help developers become more familiar with security issues and how to address them correctly by providing context-specific training and tutorials for specific vulnerabilities identified in the code.
Parasoft extends this approach into the CI/CD pipeline to supercharge the build automation phase with a repeatable and consistent security process. This comprehensive analysis goes beyond the scope of the developer’s locally modified code and provides a safety-net to gate the delivery pipeline to ensure that insecure code does not get promoted to later stages.
Aggregating and correlating data across all testing activities for a real-time personalized view of quality and security
Additionally, all of the data from the security scan is aggregated into Parasoft’s centralized reporting and analytics dashboard. Here, users easily track the progress of their application’s quality, security, and compliance, along with viewing trending data and compliance reports, all in real-time. Users can easily generate audit reports for compliance at any time, giving them visibility into how compliant they are, right “now.”
This example OWASP-focused dashboard screenshot shows Parasoft’s reporting and analytics hub, which provides users with a comprehensive view of compliance, incorporating the OWASP risk assessment framework to help customers quickly identify areas with gaps/risk.
This feature enables managers and security leads to be agile and quickly course-correct to help mitigate risks. The vulnerabilities identified are then distributed back to the developer via the IDE integration, which completes the full circle, leading to a real-time security and compliance strategy that is aligned and helps achieve better software quality and security.
Going deeper with unit testing
The final area of focus for this release was around Java unit testing. As organizations start to evolve their codebase with initiatives like cloud migration, unit testing becomes key to ensure that new code is fully tested/covered, while ensuring legacy functionality continues to work.
Parasoft continues to broaden its unit testing scope and goes deeper in areas of positive and negative testing to address the changing codebase. In today’s Jtest release, Parasoft is helping developers create unit tests for more of the Spring framework, with expanded support for additional Spring types/annotations and giving users control over the amount of Spring integration testing they want to perform, regular unit tests vs Spring unit tests.
Jtest has also amped up its mocking ability by providing users with an easier and cleaner way to inject mocks into their code, with added support for Mockito’s @InjectMocks annotation. To further assist the developer, Jtest handles negative testing by identifying exception blocks that occur within the test execution. Developers are presented with recommendations for addressing these exceptions issues, as well as quick-fix actions to resolve them. All in all, these new capabilities allow users to quickly increase their code coverage, resulting in overall improvements to code quality.
The latest releases of Parasoft Jtest and Parasoft dotTEST continue to push the limits of what’s possible with test automation (and of course, as with every release, we’ve added many additional customer enhancements not mentioned here, that you can read all about in the release notes).
By enabling teams to overcome traditional bottlenecks associated with security and compliance, Parasoft users are able to be more agile with these activities, equipped with continuous feedback. Integrating security and compliance into the development process from the start is key to empowering teams with a process that is consistent throughout the development lifecycle, as well as repeatable in securing compliance.