Static Analysis with Parasoft dotTEST

Parasoft dotTEST verifies C# and VB.NET code quality and checks compliance with industry and security standards (such as OWASP, CWE, UL 2900 or PCI) by applying the most complete set of static analysis techniques to validate code and ensure defects are prevented at the earliest point in the software development process.

dotTEST Static Analysis

How does it work?

Parasoft dotTEST provides the industry’s most comprehensive set of static analysis checkers and testing techniques that can be used to verify compliance with security standards, identify runtime problems early (i.e. null pointers, memory leaks, etc.), find code duplicates, and understand code complexity and structure to ensure your code is both reliable and maintainable. dotTEST uses multiple code parsing engines to analyze and gain deep understanding of the code in development, and applies over 450 different rules to quickly find critical violations in the code. The rules are prioritized and grouped into predefined configurations, allowing users to quickly understand and prioritize the analysis.

Static analysis can be performed either in the IDE (Visual Studio) or using the command-line interface for automation and continuous integration scenarios. The results of the analysis can be accessed immediately within the IDE and from generated reports (HTML, PDF, XML) as well as being aggregated for further post-processing, reporting, and analytics from Parasoft’s award-winning Process Intelligence Engine. Additionally, as you scale across your team, dotTEST provides advanced capabilities for making the static analysis a maintainable element of the development process by suppressing unwanted findings, prioritizing findings, assigning findings to developers, and more.


Parasoft dotTEST identifies complex runtime problems early in the development stage, without the need to execute costly runtime tests. By analyzing execution paths through the code, dotTEST finds possible issues such as null pointer derefencing, division by zero, memory leaks, and more.

Parasoft dotTEST provides set of built-in rules for verifying compliance with standards like OWASP, CWE, PCI and more. Such analysis is recommended/required for regulated industries (automotive, medical, financial etc.).

Parasoft dotTEST’s highly customizable code analysis enables organizations and teams to create and implement customized test configurations to only include rules that are relevant to the organization’s specific guidelines and coding standards. Test configurations and static analysis rules can be customized on the developer’s desktop, directly in the IDE, or on a centralized reporting server to help teams enforce the same development strategies across the organization.

Parasoft users can review static analysis results conveniently and effectively, in the IDE and on a centralized reporting server that connects to other testing activities and enables post-processing, dynamic reporting dashboards, and historical data and trends.

Parasoft dotTEST’s set of built-in rules can be further augmented by enabling MCA rules in test configurations (almost 350 additional rules). Violations from MCA can be reported in the same way as any other built-in rule violation – viewed in the UI and processed in the centralized reporting server.

Benefit from the Parasoft Approach

Want to learn more?

Parasoft dotTEST integrates with a wide variety of software, tools and frameworks,
so you can easily adopt and scale within your existing development environment.