In today’s releases, we added JUnit 5 support to Parasoft Jtest’s unit testing capabilities, as well as support for the latest CWE security guidelines for Java and .NET (C/C++test support for the latest version of CWE will be added in the upcoming release in two weeks). We’ve also packed in traceability reporting from test results and static analysis findings to several popular requirements management and agile planning systems, providing clear-as-day visibility of your overall test coverage.
For more information about these features, read on below!
The CWE is a comprehensive list of over 800 programming errors, design errors, and architectural errors that can lead to exploitable vulnerabilities. Previously updated in 2011, the 2019 CWE Top 25 Most Dangerous Software Errors is a targeted list of the most widespread and critical errors that can be exploited to create the most serious security consequences in software.
Since its release, the Top 25 list has been a widely-adopted security standard throughout a variety of industries. For organizations that are serious about cybersecurity, the “On the Cusp” list adds an additional 15 items and for teams working with IoT or medical devices. Both the Top 25 and “On the Cusp” are also an integral part of UL 2900 (Software Cybersecurity for Network-Connectable Products) compliance, which is recognized by the FDA for network-connected medical device cybersecurity.
All of Parasoft’s static analysis tools are certified by MITRE as CWE-compatible. But with out-of-the-box test configurations and CWE compliance reports, the latest releases provide the most comprehensive support on the market for the 2019 CWE Top 25 and “On the Cusp” security standards.
Teams can easily understand which static analysis checker is associated with which CWE item during configuration, remediation, and reporting. With Parasoft’s unique CWE-centric model, all the checkers are named based on the associated CWE ID, removing the need for time-consuming mapping when configuring, reporting, and remediating issues.
CWE compliance reports provide an ongoing, continuous view of CWE compliance status, with interactive dashboards, widgets, and reports that provide insight into CWE risk and technical impact associated with your code. See an example dashboard below:
Say the words “testing framework” to a Java programmer, and chances are they are thinking of JUnit. This release of Jtest includes support for JUnit 5, the latest version of the massively popular Java testing framework. The new architecture introduced in JUnit 5 unleashed several features, such as lambda support for assertions and the ability to select and filter test suites defined in separate classes, that are all supported in Parasoft Jtest.
JUnit 5 is also backwards compatible with JUnit 4, so you can seamlessly integrate your existing JUnit 4 tests into the JUnit 5 framework and continue using Jtest functionality, such as automatic unit test creation and advanced mocking, to create and maintain new and existing tests. Parasoft Jtest’s unit testing features, such as automatic test creation, quick-fix actions, and the ability to clone and mutate tests to extend coverage, are all supported for JUnit 5 . . . and 4.
Testing and analyzing your code with the latest and greatest frameworks and guidelines are great, but it’s only part of a complete software development solution. A complete view of test coverage also depends on the ability to centrally aggregate test results and static analysis violations and bind them to requirements, stories, defects, issues, and other work items stored in your application lifecycle management (ALM) or enterprise agile planning (EAP) system.
To expedite traceability within your development organizations, we’ve implemented new integrations with several ALM and EAP systems:
Development starts when work items have been defined in these ALM/EAP systems. Parasoft then aggregates test and static analysis results as the code moves through the development pipeline. If a test failure or static analysis violation is detected, users can create additional work items in the ALM/EAP system, directly from Parasoft’s Test and Violation Explorers.
As automated tests (e.g., JUnit unit tests or functional tests created with Parasoft SOAtest) are created to verify functionality, they can be associated with the work item. Parasoft correlates the test artifacts with work items and presents the data in traceability widgets and reports to provide visibility into your test coverage, and also sends the results back into the original system of record to set the status of the work items.
Integration with these systems is only the beginning — more ALMs, as well as refinements to the integration, are planned for the 2020 releases:
Finally, as part of Parasoft’s ongoing commitment to providing capabilities for the latest Microsoft development environment, Parasoft dotTEST 10.4.3 includes support for Visual Studio 2019. Support for C# 8 and .NET Core are scheduled for the Q1 2020 release.
Next year is right around the corner, and we’ll be continuing these themes, with AI-powered innovations that address challenges of static application security testing, and help you achieve your code coverage targets from unit testing… Stay tuned and keep reading the blogs to find out more!
VP of Products at Parasoft, Mark is responsible for ensuring that Parasoft solutions deliver real value to the organizations adopting them. Mark has been with Parasoft since 2004, working with a broad cross-section of Global 2000 customers, from specific technology implementations to broader SDLC process improvement initiatives.