Parasoft Jtest Extension for Microsoft Azure DevOps

This extension enables you to run code analysis with Parasoft Jtest and review analysis results directly in Azure Pipelines.

Parasoft Jtest is a testing tool that automates software quality practices for Java applications. It uses a comprehensive set of analysis techniques, including pattern-based static analysis, dataflow analysis, metrics, code coverage, and unit testing to help you verify code quality and ensure compliance with industry standards, such as CWE, OWASP, and CERT.

Request a free trial to receive access to Parasoft Jtest's features and capabilities.
See the user guide for information about Parasoft Jtest's capabilities and usage.

Please visit the official Parasoft website for more information about Parasoft Jtest and other Parasoft products.

Quick start
Example Pipelines
Configuring Analysis with Jtest
Task Parameters

Quick start

To analyze your code with Parasoft Jtest and review analysis results in Azure Pipelines, you need to customize your pipeline to include:

Integration with your build to determine the scope of analysis.
The task to run Jtest provided by this extension.
The task to upload the Jtest analysis report in the SARIF format.
The task to upload the Jtest analysis reports in other formats (XML, HTML, etc.) as pipeline artifacts.

Prerequisites

This extension requires Parasoft Jtest with a valid Parasoft license.
The SARIF SAST Scans Tab extension must be installed in your Azure DevOps organization.
We recommend that you execute the pipeline on a self-hosted runner with Parasoft Jtest installed and configured on the runner.

Installing Required Extensions

Sign into the Visual Studio Marketplace and click the Azure DevOps tab.
Use the search box to find the Jtest extension.
Select the extension and choose Get it free.
Select your organization from the drop-down menu and choose Install.
Repeat the above steps to install the SARIF SAST Scans Tab extension (if not already installed). This will add a Scans tab to each build result for displaying Jtest analysis results.

Adding the Run Jtest Task to a Pipeline

Add the Run Jtest (RunJtest) task to your pipeline to launch code analysis with Parasoft Jtest.

Depending on the build system you are using (Gradle, Maven, or Ant), you may need to adjust the workflow to collect the required input data for Jtest. See Parasoft Jtest User Guide for details.

# Runs code analysis with Jtest.      
- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    dataJson: 'build/jtest/jtest.data.json'

Uploading Analysis Results to Azure Pipelines

By default, the Run Jtest task generates analysis reports in the SARIF, XML, and HTML formats.

When you upload the SARIF report to Azure Pipelines, the results will be presented on the Scans tab. This allows you to review the results of code analysis with Parasoft Jtest directly in Azure Pipleines as part of your project.

To upload the SARIF report, modify your pipeline by adding the PublishBuildArtifacts task. Be sure to use CodeAnalysisLogs as the artifact name.

# Uploads analysis results in the SARIF format, so that they can be accessed in the 'Scans' tab.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports/report.sarif'
    ArtifactName: 'CodeAnalysisLogs'
    publishLocation: 'Container'

To upload reports in other formats (.xml, .html), modify your pipeline by adding another PublishBuildArtifacts task. We recommend using JtestReports as the artifact name.

# Uploads all report files (.xml, .html, .sarif) as build artifacts.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports'
    ArtifactName: 'JtestReports'
    publishLocation: 'Container'

Example Pipelines

The following examples show simple pipelines for Gradle and Maven projects. The examples assume that Jtest is run on a self-hosted runner (from the self-hosted-jtest pool) and the path to the jtestcli executable is available on $PATH.

Run Jtest with Gradle project


# This is an example pipeline to help you get started with the Run Jtest task for a Gradle project.

# Triggers the pipeline on push or pull request events but only for the master (main) branch.
trigger:
  - master
  - main

# Specifies the type of runner that the pipeline will run on.
pool:
  name: self-hosted-jtest

steps:
# Configures your Gradle project.  
- task: Gradle@3
  inputs:
    workingDirectory: '$(Build.Repository.LocalPath)'
    gradleWrapperFile: 'gradlew'
    gradleOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    jdkArchitectureOption: 'x64'
    tasks: 'build jtest'
    options: '-Djtest.skip=true -I path/to/jtest/integration/gradle/init.gradle'

# Runs code analysis with Jtest.   
- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    dataJson: 'build/jtest/jtest.data.json'

# Uploads analysis results in the SARIF format, so that they can be accessed in the 'Scans' tab.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports/report_azure.sarif'
    ArtifactName: 'CodeAnalysisLogs'
    publishLocation: 'Container'

# Uploads all report files (.xml, .html, .sarif) as build artifacts.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports'
    ArtifactName: 'JtestReports'
    publishLocation: 'Container'

Run Jtest with Maven project


# This is an example pipeline to help you get started with the Run Jtest task for a Maven project.

# Triggers the pipeline on push or pull request events but only for the master (main) branch.
trigger:
  - master
  - main

# Specifies the type of runner that the pipeline will run on.
pool:
  name: self-hosted-jtest

steps:
# Configures your Maven project.  
- task: Maven@4
  inputs:
    workingDirectory: '$(Build.Repository.LocalPath)'
    mavenPomFile: 'pom.xml'
    mavenOptions: '-Xmx3072m'
    javaHomeOption: 'JDKVersion'
    jdkVersionOption: '1.8'
    jdkArchitectureOption: 'x64'
    goals: 'install jtest:jtest'
    options: '-Djtest.skip=true'

# Runs code analysis with Jtest.   
- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    dataJson: 'target/jtest/jtest.data.json'


# Uploads analysis results in the SARIF format, so that they can be accessed in the 'Scans' tab.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports/report_azure.sarif'
    ArtifactName: 'CodeAnalysisLogs'
    publishLocation: 'Container'

# Uploads all report files (.xml, .html, .sarif) as build artifacts.
- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: 'reports'
    ArtifactName: 'JtestReports'
    publishLocation: 'Container'

Configuring Analysis with Jtest

You can configure analysis with Parasoft Jtest in one of the following ways:

By customizing the Run Jtest task directly in your Azure pipeline. See Task Parameters for a complete list of available parameters.
By configuring options in Parasoft Jtest tool. We recommend creating a jtestcli.properties file that includes all the configuration options and adding the file to Jtest's working directory - typically, the root directory of your repository. This allows Jtest to automatically read all the configuration options from that file. See Parasoft Jtest User Guide for details.

Examples

This section includes practical examples of how the Run Jtest task can be customized directly in the YAML file of your pipeline.

Configuring the Path to the Jtest Installation Directory

If jtestcli executable is not on $PATH, you can configure the path to the installation directory of Parasoft Jtest, by configuring the installDir parameter:

- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    installDir: 'opt/parasoft/jtest'

Defining the Scope for Analysis

You can configure the dataJson parameter to provide the path to a JSON file that defines the scope of analysis. Parasoft Jtest User Guide for details.

- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    dataJson: 'target/jtest/jtest.data.json'

Configuring a Jtest Test Configuration

Code analysis with Jtest is performed by using a test configuration - a set of static analysis rules that enforce best coding practices or compliance guidelines. Parasoft Jtest ships with a wide range of built-in test configurations. To specify a test configuration directly in your pipeline, add the testConfig parameter to the Run Jtest task and specify the URL of the test configuration you want to use:

- task: RunJtest@1
  inputs:
    workingDir: '$(Build.Repository.LocalPath)'
    testConfig: 'builtin://Demo Configuration'

Failing the Pipeline When Code Analysis Findings Are Detected

To configure your pipeline to fail when Jtest code analysis findings are detected, specify the additional parameter -fail. Ensure the pipeline will continue on error by configuring the continueOnError: true option.

- task: RunJtest@1
  workingDir: '$(Build.Repository.LocalPath)'
  inputs:
    fail: true
  continueOnError: true

Task Parameters

The following inputs are available for this extension:

Input	Description
`installDir`	Installation folder of Parasoft Jtest. If not specified, the `jtestcli` executable must be added to `$PATH`.
`workingDir`	Working directory for running Jtest. If not specified, `$(System.DefaultWorkingDirectory)` will be used.
`dataJson`	The JSON data file with input scope for analysis. This parameter is obligatory and must be manually configured for the `Run Jtest` task.
`testConfig`	Test configuration to be used for code analysis. The default is `builtin://Recommended Rules`.
`reportDir`	Output folder for reports from code analysis. If not specified, report files will be created in the `reports` folder.
`reportFormat`	Format of reports from code analysis. The default is `xml,html,sarif-azure`.
`additionalParams`	Additional parameters for the `jtestcli` executable.

Jtest

Parasoft