ASTQ Summit is live Nov 4! Hear industry leaders share how they're delivering continuous quality. Register Now »

X
.NET Static Analysis

.NET Static Code Analysis Tools

Powered by Parasoft dotTEST

C# and .NET Static Analysis With Parasoft dotTEST

Parasoft dotTEST verifies C# and VB.NET code quality and checks compliance with industry and security standards (such as OWASP, CWE, UL 2900 or PCI) by applying the most complete set of static analysis techniques to validate code and ensure defects are prevented at the earliest stage of the software development process.

How Does It Work?

Parasoft dotTEST provides the industry’s most comprehensive set of C# and .NET static analysis checkers that can be used to verify compliance with security standards, identify runtime problems early (i.e. null pointers, memory leaks, etc.), find code duplicates, and understand code complexity/structure to ensure your code is both reliable and maintainable.

Parasoft dotTEST uses multiple code parsing engines to analyze and gain deep understanding of the C# or .NET code in development, and applies over 450 different rules to quickly find critical violations in the code. The rules are prioritized and grouped into predefined configurations, allowing users to quickly understand and prioritize the analysis.

Static code analysis can be performed either in the IDE (Visual Studio) or using the command-line interface for automation and continuous integration scenarios. The results of the analysis can be accessed immediately within the IDE and from generated reports (HTML, PDF, XML) as well as being aggregated for further post-processing, reporting, and analytics from Parasoft’s award-winning Process Intelligence Engine.

As you scale across your team, dotTEST provides advanced capabilities for making C# and .NET static analysis a maintainable element of the development process by suppressing unwanted findings, prioritizing findings, assigning findings to developers, and more.

Features

Parasoft dotTEST identifies complex runtime problems early in the development stage, without the need to execute costly runtime tests. By analyzing execution paths through the code, dotTEST finds possible issues such as null pointer derefencing, division by zero, memory leaks, and more.

Parasoft dotTEST provides set of built-in rules for verifying compliance with standards like OWASP, CWE, PCI and more. Such analysis is recommended/required for regulated industries (automotive, medical, financial etc.).

Parasoft dotTEST’s highly customizable code analysis enables organizations and teams to create and implement customized test configurations to only include rules that are relevant to the organization’s specific guidelines and coding standards. Test configurations and static analysis rules can be customized on the developer’s desktop, directly in the IDE, or on a centralized reporting server to help teams enforce the same development strategies across the organization.

Parasoft users can review static analysis results conveniently and effectively, in the IDE and on a centralized reporting server that connects to other testing activities and enables post-processing, dynamic reporting dashboards, and historical data and trends.

Parasoft dotTEST’s set of built-in rules can be further augmented by enabling MCA rules in test configurations (almost 350 additional rules). Violations from MCA can be reported in the same way as any other built-in rule violation – viewed in the UI and processed in the centralized reporting server.

Benefit From the Parasoft Approach

The Most Complete Security and Compliance Analysis for .NET

Security is the number one concern for today's .NET applications. Whether the application is powering a medical device or driving an enterprise’s critical business workflows, it is necessary to ensure the code is secure and compliant with industry standards (such as OWASP and CWE). dotTEST provides the most complete security solution for .NET development teams, with both breadth of analysis and the reporting required to demonstrate compliance during audits.

Creating Efficient Team Workflows

Parasoft dotTEST seamlessly plugs into your team’s workflow, with an IDE integration that enables the developer to validate code before committing into source control, as well as command line automation, for validation and confirming compliance as part of the CI process. By centrally coordinating the configuration and communication of analysis in both IDE and CI, dotTEST is able to ensure that your team is on the same page, working as efficiently as possible.

A Complete View of Quality With Aggregation of Quality Practices

Parasoft dotTEST’s static analysis results are aggregated into Parasoft’s centralized reporting and analytics dashboard, with data from across your quality practices, from code analysis, through unit testing and automated functional testing of APIs and web applications, to complete coverage analysis. This not only provides a complete view of quality but enables the advanced analytics of Parasoft’s Process Intelligence Engine (PIE) that helps organizations accelerate with confidence.