Parasoft dotTEST Extension for Microsoft Azure DevOps

This extension enables you to run code analysis with Parasoft dotTEST and review analysis results directly in Azure Pipelines.

Parasoft dotTEST is a testing tool that automates software quality practices for C# and VB.NET applications. It uses a comprehensive set of analysis techniques, including pattern-based static analysis, dataflow analysis, metrics, code coverage, and unit testing to help you verify code quality and ensure compliance with industry standards, such as CWE or OWASP.

Request a free trial to receive access to Parasoft dotTEST's features and capabilities.
See the user guide for information about Parasoft dotTEST's capabilities and usage.

Please visit the official Parasoft website for more information about Parasoft dotTEST and other Parasoft products.

Quick start
Example Pipeline
Configuring Analysis with dotTEST
Task Parameters

Quick start

To analyze your code with Parasoft dotTEST and review analysis results on Azure Pipelines, you need to customize your pipeline to include:

The task to run dotTEST provided by this extension.
The task to upload the dotTEST analysis report in the SARIF format.
The task to upload the dotTEST analysis reports in other formats (XML, HTML, etc.) as pipeline artifacts.

Prerequisites

This extension requires Parasoft dotTEST with a valid Parasoft license.
The SARIF SAST Scans Tab extension must be installed in your Azure DevOps organization.
We recommend that you execute the pipeline on a self-hosted runner with the following components installed and configured on the runner:
- Visual Studio or Build Tools for Visual Studio to build your project
- Parasoft dotTEST

Installing Required Extensions

Sign in to the Visual Studio Marketplace and click the Azure DevOps tab.
Use the search box to find the dotTEST extension.
Select the extension and click Get it free.
Select your organization from the drop-down menu and choose Install.
Repeat the above steps to install the SARIF SAST Scans Tab extension (if not already installed). This will add a Scans tab to each build result for displaying dotTEST analysis results.

Adding the Run dotTEST Task to a Pipeline

Add the Run dotTEST (RunDotTEST) task to your pipeline to launch code analysis with Parasoft dotTEST.

# Runs code analysis with dotTEST.      
- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'

Uploading Analysis Results to Azure Pipelines

By default, the Run dotTEST task generates analysis reports in the SARIF, XML, and HTML formats

When you upload the SARIF report to Azure Pipelines, the results will be presented on the Scans tab. This allows you to review the results of code analysis with Parasoft dotTEST directly in Azure Pipelines as part of your project.

To upload the SARIF report, modify your pipeline by adding the PublishBuildArtifacts task. Be sure to use CodeAnalysisLogs as the artifact name.

# Uploads analysis results in the SARIF format, so that they can be accessed in the 'Scans' tab.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports/report.sarif'
    ArtifactName: 'CodeAnalysisLogs'
    publishLocation: 'Container'

To upload reports in other formats (.xml, .html), modify your pipeline by adding another PublishBuildArtifacts task. We recommend using DottestReports as the artifact name.

# Uploads all report files (.xml, .html, .sarif) as build artifacts.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'report/*.*'
    ArtifactName: 'DottestReports'
    publishLocation: 'Container'

Example Pipeline

The following example shows a simple pipeline. The example assumes that dotTEST is run on a self-hosted runner (from the self-hosted-dottest pool) and the path to the dottestcli executable is available on PATH.

# This is a basic workflow to help you get started with the Run dotTEST task.

# Triggers the pipeline on push or pull request events but only for the master (main) branch.
trigger:
- master
- main

# Specifies the type of runner that the pipeline will run on.
pool:
  name: self-hosted-dottest

steps:

# Runs code analysis with dotTEST.  
- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'

# Uploads analysis results in the SARIF format, so that they can be accessed in the 'Scans' tab.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'report/report.sarif'
    ArtifactName: 'CodeAnalysisLogs'
    publishLocation: 'Container'

# Uploads all report files (.xml, .html, .sarif) as build artifacts.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'report'
    ArtifactName: 'DottestReports'
    publishLocation: 'Container'

Configuring Analysis with dotTEST

You can configure analysis with Parasoft dotTEST in one of the following ways:

By customizing the Run dotTEST task directly in your Azure pipeline. See Task Parameters for a complete list of available parameters.
By configuring options in Parasoft dotTEST tool. We recommend creating a dottestcli.properties file that includes all the configuration options and adding the file to dotTEST's working directory - typically, the root directory of your repository. This allows dotTEST to automatically read all the configuration options from that file. See Parasoft dotTEST User Guide for details.

Examples

This section includes practical examples of how the Run dotTEST task can be customized directly in the YAML file of your pipeline.

Configuring the Path to the dotTEST Installation Directory

If dottestcli executable is not on PATH, you can configure the path to the installation directory of Parasoft dotTEST by configuring the installDir parameter:

- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'
    installDir: 'c:\Program Files\Parasoft\dotTEST\2021.2'

Configuring a dotTEST Test Configuration

Code analysis with dotTEST is performed by using a test configuration - a set of static analysis rules that enforce best coding practices. Parasoft dotTEST ships with a wide range of build-in test configurations. To specify a test configuration directly in your pipeline, add the testConfig parameter to the Run dotTEST task and specify the URL of the test configuration you want to use:

- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'
    testConfig: 'builtin://OWASP Top 10-2017'

Alternatively, you can provide the workspace-relative path to the .properties file where your test configuration is defined:

- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'
    testConfig: '.\.dottest\MyTestConfig.properties'

Defining the Scope for Analysis

By default, the Run dotTEST task analyzes all solutions in your repository. To modify the default scope for analysis, you can configure dotTEST with one of the available scope parameters to analyze selected solutions, projects, or source files. In the following example, the scope of analysis is narrowed down to the solutions in the src directory.

- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'
    solution: '.\src\*.sln'

In addition, the project and website parameters allow you to specify the path to a project or a website directory when the solution is not provided. See Task Parameters for details.

Configuring Parameters with Multiple Values

Regular configuration of dotTEST allows you to specify certain parameters more than once to configure multiple values. However, in Azure Pipelines, one parameter can be specified only once per extension. Instead of specifying the same parameter multiple times, provide a list of values for it:

- task: RunDotTEST@1
  inputs:
    workingDir: '$(System.DefaultWorkingDirectory)'
    solution: |
      .\src1\MySln1.sln
      .\src2\MySln2.sln

Failing the Pipeline When Code Analysis Findings Are Detected

To configure your pipeline to fail when dotTEST code analysis findings are detected, specify the additional parameter -fail. Ensure the pipeline will continue on error by configuring the continueOnError: true option.

- task: RunDotTEST@1
  workingDir: '$(System.DefaultWorkingDirectory)'
  inputs:
    fail: true
  continueOnError: true

Task Parameters

The following inputs are available for this extension:

Input	Description
`exclude`	Specifies the file system paths to files to exclude from analysis. Supports ANT-style wildcards.
`fail`	Fails the command with exit code 2 if any findings are reported.
`installDir`	Specifies the path to the dotTEST installation directory, which contains the dotTEST executable. If not specified, `dottestcli.exe` must be added to `PATH`.
`include`	Specifies file system paths to files to include in analysis. Supports ANT-style wildcards. If not specified, all files are analyzed.
`nobuild`	Disables the build of the tested solutions or projects.
`out`	Specifies the path to the location where console output is saved.
`project`	Specifies the path to project(s) to be analyzed when no solution is provided. Supports ANT-style wildcards.
`projectConfig`	Specifies the project configuration, for example `Debug`.
`property`	Specifies a single configuration setting in the `key=value` format.
`publish`	Publishes report to DTP.
`reference`	Specifies the path to additional assemblies required to resolve dependencies of the analyzed projects. Supports ANT-style wildcards.
`reportDir`	Specifies the path to the directory where the report will be created. The default is `report`.
`resource`	Specifies a solution-relative path to a project in a solution, a directory of files in a project, or a file.
`settings`	Specifies the path to a settings file.
`showsettings`	List all settings that are currently used.
`solution`	Specifies the path to the solution to be analyzed. Supports ANT-style wildcards. The default is '.*.sln'.
`solutionConfig`	Specifies the solution configuration (for example, `Debug`).
`targetPlatform`	Specifies the target platform of the solution configuration (for example, `Any CPU`) or project configuration (for example, `AnyCPU`).
`testConfig`	Specifies the URL of the test configuration to be used for analysis. The default is `builtin://Recommended .NET Core Rules`.
`testTagFilter`	Specifies test to run that are tagged with specific issue tracking types/IDs.
`website`	Specifies the full path to the website directory to be analyzed when the solution is not provided.
`workingDir`	Specifies the path to the working directory. The default is `$(System.DefaultWorkingDirectory)`.

dotTEST

Parasoft