How does it work?
Parasoft Jtest provides a comprehensive set of static analysis checkers and testing techniques that can be used to verify compliance with security standards (OWASP, CWE, CERT, PCI, etc.) and custom coding standards (using built-in or user-defined custom rules), find runtime problems early and without executing code (e.g. null pointer exceptions, array out of bound), identify code duplication, and understand complexity and code structure (leveraging 40+ industry-accepted code metrics).
Jtest employs a state-of-the-art Java code parsing engine to analyze and understand the code under test and find code defects indicated by rule violations. It ships with over 1000 different checkers that cover general best practices (Effective Java, The Java Programming Language) and industry standards (OWASP, CWE, CERT, PCI, etc.), as well as specialized bug-finders (such as null pointer exception, resource leaks, deadlocks, division by zero, array out of bound and more).
To help users understand which static analysis rules to use, Jtest organizes and associates metadata to the rules, providing:
- Built-In Test Configurations: Pre-defined rule sets allow users to perform static analysis quickly and conveniently.
- Rule Categories: Each rule belongs to a rule category (i.e. Optimization, Security, Exceptions, API ) to helps users quickly understand how rules might benefit their testing priorities.
- Severity Levels: Each rule is assigned with a severity level to help users better understand the potential impact of the rule violation.
Static code analysis can be performed in the IDE (Eclipse, IntelliJ, NetBeans), from the command line, or using build system plugins (Ant, Maven, Gradle) for automation and Continuous Integration scenarios. The results of the analysis can be accessed immediately (in the IDE, or with HTML/XML/PDF reports) or accessed by Parasoft’s Process Intelligence Engine for post-processing, reporting, and advanced analytics. Jtest provides advanced capabilities for making static analysis a maintainable element of the development process, such as suppressing unwanted findings, prioritizing and assigning findings to developers, and much more.