Parasoft Jtest extension for Visual Studio Code

The Jtest extension for Visual Studio Code provides integration with the static analysis capabilities of Parasoft Jtest. It allows you to analyze your code and review the results directly in Visual Studio Code. The extension requires Parasoft Jtest to be installed and licensed.

• Features
• Requirements
• Getting Started
• Working with the Jtest Extension
• About Parasoft Jtest
• References
• Usage Data and Telemetry

Features

• Find bugs in your code to comply with coding best practices and industry-specific standards, such as CWE 4.15, CWE Top 25 + On the Cusp 2023, OWASP API Security Top 10-2023, DISA-ASD-STIG and more.
• Run static code analysis on your workspace, a project, or a single source file.
• Review analysis results in the Problems view and the code editor.
• Suppress unwanted findings.
• Load analysis results directly from external report files, such as CI execution reports.

Requirements

Before you test your code with the Jtest extension, you need to download, install, and license Parasoft Jtest.

For download and licensing information, or getting a free trial of Parasoft Jtest, please contact us at info@parasoft.com or via our website.

Getting Started

1. Ensure that Parasoft Jtest is installed and licensed.
   See Installing and licensing Jtest.
2. Open a folder in Visual Studio Code.
   To become familiar with the capabilities of the extension, you can use the demo project shipped with Parasoft Jtest in the examples directory.
3. Open the Command Palette and choose Jtest: Quick Start or click Jtest on the status bar at the bottom.
   The Quick Start menu offers easy access to the basic configuration options.
4. Choose Select Jtest installation folder... and select the location where Parasoft Jtest is installed.
5. Choose Select test configuration... and select a test configuration you want to use. A test configuration is a set of static analysis rules designed to cover an industry standard or best coding practices. By default, the Recommended Rules test configuration is configured. See Built-in test configurations for information about available test configurations.
6. Choose Set command line pattern which will execute code analysis... You must enter the command line pattern or select the example from the list which matches your project. Selected pattern can be later customized. See Integrating with Build Systems for information how to integrate with supported build systems.
7. Choose Analyze project... to run static analysis on the project you opened.
8. Review the results in the Problems view and the code editor.
   You can open the rule documentation to learn more about the problem. See Viewing Rule Documentation.

Working with the Jtest Extension

• Integrating with a Build System
• Running Static Analysis
• Suppressing Violations
• Explaining Violations Using AI
• Mapping Violation Severity
• Removing Violations from the Problems View
• Viewing Rule Documentation
• Importing Results from a Local File or URL
• Importing Results from DTP
• Importing Results from GitHub, GitLab and Azure DevOps
• Importing Code Coverage Results from a File

Integrating with a Build System

To analyze a project with Jtest extension, you need to enable Parasoft Jtest, which runs under the hood, to collect information about the project. Go to Extensions> Jtest> Extension Settings> Command Line Pattern and adjust the command line for running Jtest.

There are two main methods of performing the analysis:

• Analyzing a project during the build (if you use Maven or Gradle)

This method ensures that the analysis will be run on the actual project data. To perform it, provide a command line pattern for running the project build with Jtest plugin. See Integrating with Build Systems for information how to integrate with the supported build systems.

If the project build is run in another way or from another extension and the Jtest analysis is configured to be executed automatically by the build system, then you can load the generated results using Jtest: Import Results From ... > File.

• Analyzing a built project

To speed up the analysis, you can perform it on a built project by using the jtest.data.json file, which was generated by Jtest plugin during the build. If the file was not generated previously, append a jtest task to the project build command line with the property jtest.skip=true, as shown below:

gradle clean build jtest -Djtest.skip=true -I [path to jtest install folder]/integration/gradle/init.gradle

maven clean package jtest:jtest -Djtest.skip=true

The jtest.data.json file can be reused any time the project is analyzed. Analysis performed in this way is significantly faster, but it requires up-to-date project information. If the project dependencies or configuration settings (for example, Java version) are modified, the jtest.data.json file must be rebuilt to resolve changes properly.

To perform static analysis of a built project, ensure that the path to jtest.data.json file is specified in the command line pattern.

jtestcli -data [path to jtest.data.json] [Jtest options]

See Parasoft Jtest User Guide to learn more.

Running Static Analysis

• Analyzing a project
  To analyze all source files in a project, choose Jtest: Analyze Project from the Command Palette.

• Analyzing selected files
  To analyze selected files, right-click the file(s) you want to analyze in the Explorer view and choose Jtest: Analyze Selected File(s) from the menu.

• Analyzing the active file
  To analyze the file you are working on in the editor, click the Jtest: Analyze Active File icon in the upper right corner of Visual Studio Code or right-click anywhere in the code and choose Jtest: Analyze Active File from the menu.

To cancel the analysis before it completes, choose Jtest: Cancel Running Analysis from the Command Palette or click Running Jtest... in the status bar at the bottom and confirm when prompted.

By default, the open editors are automatically saved before analysis. To disable automatic file saving, go to Extensions> Jtest> Extension Settings> Save Before Run.

Suppressing Violations

You can suppress a violation to prevent it from being reported in subsequent analysis runs.

1. Right-click a violation in the Problems view.
2. Enter the reason for suppression when prompted.
3. Choose where you want to store the suppression. The following options are available in Jtest extension:

• Use suppression file - The suppression will be added to a parasoft.suppress file in the same directory where the source file is located.
• Use in-code suppressions - The suppression will be added as a comment in the source file (only available for Java files).

Alternatively, you can hover over a violation in the code editor to open the Quick Fix... menu and choose Suppress violation for [rule_ID] from the menu.

You can configure the Jtest extension to always store suppressions either in code or in suppression files, without prompting you to choose. Go to Extensions> Jtest> Extension Settings> Suppression Type to configure your preference.

See Suppressing the Reporting of Findings to find out more about suppressing static analysis violations reported by Jtest.

Explaining Violations Using AI

You can leverage Parasoft AI assistant to explain static analysis violations and receive suggestions for fixing them. The assistant is integrated with GitHub Copilot Chat.

Requirements:

To use this feature, ensure that you have the following installed:

1. Complete Parasoft Jtest Installation, including HTML rules documentation and a valid license for LLM Integration. For more information, refer to Installing and licensing Jtest.
2. GitHub Copilot Chat Extension for Visual Studio Code (github.copilot-chat).
3. Oracle Java Extension for Visual Studio Code (oracle.oracle-java).

How to Use:

Option 1: From the Problems View

1. Right-click on a violation in the Problems view.
2. Select Explain violation of [rule_ID].

The explanation will be displayed in the Chat View.

Option 2: From the Code Editor

1. Hover over the code that contains the violation to bring up the Quick Fix... menu.
2. Select Explain violation of [rule_ID] from the list of available options.

The explanation will be displayed in the Chat View.

Option 3: Using the Chat View

You can also invoke the explain command directly from the Chat View. Use the following pattern:

@jtest /explain rule_ID file.ext:startLine:startColumn

AI Guidance Disclaimer

This extension includes features that allow you to interact with an AI model using GitHub Copilot Chat to assist in code development. While the AI aims to provide helpful and accurate suggestions, AI-generated answers can sometimes be incorrect or incomplete. Always verify the AI-generated code, recommendations, or explanations before applying them to your project to ensure they meet your requirements and standards.

Additionally, be aware that your organization may control or limit certain features of GitHub Copilot Chat. Depending on your organization's policies, responses from the AI may be filtered or restricted based on content or compliance requirements. Ensure you are familiar with your organization's policies on AI usage and data handling.

Mapping Violation Severity

By default, all Jtest's violations are presented in the Problems View as Warnings. You can map Jtest severity levels (1-5) to Visual Studio Code severity levels (Error/Warning/Information/Hint). Go to Extensions> Jtest> Extension Settings> Severity Mapping to configure your mapping. Be sure to restart Visual Studio Code to apply the changes.

Removing Violations from the Problems View

• Removing one violation
  Choose Remove violation of [rule_ID] from the Quick Fix menu.

• Removing all violations
  Choose Jtest: Remove All Violations from the Command Palette.

Viewing Rule Documentation

You can find out more about a reported problem in the documentation for the static analysis rule that was violated. Select a violation in the Problems view or the code editor and choose Show documentation for [rule_ID] from the Quick Fix menu.

Importing Results from a Local File or URL

You can import analysis results to Visual Studio Code from an external XML report file generated by Jtest during analysis (report.xml,coverage.xml, artifacts.zip). This may be particularly useful to import Jtest static analysis results generated by CI pipelines.

You can choose the following options from the Command Palette to import results:

• Choose Jtest: Import Results From ... > File and navigate to a local local report file.
• Choose Jtest: Import Results From ... > URL and enter the URL of a remote report file. You can provide a HTTP or HTTPS URL that does not require authentication.

Importing Results from DTP

If your organization uses Parasoft DTP in the development testing workflow, you can import analysis results to Visual Studio Code directly from DTP.

First import:

1. Choose Jtest: Import Results From ... > DTP from the Command Palette.
2. Enter the full address of your DTP. Examples: dtp.acme.com, dtp.acme.com:8443, https://dtp.acme.com:443/deployment/root.
3. Enter your DTP user name.
4. Enter your password.
5. Select a filter. Filters are identifiers used in DTP for organizing data; see the DTP User Guide for details. The import will begin immediately.

Subsequent imports:

1. Choose Jtest: Import Results From ... > DTP from the Command Palette.
2. Choose one of the following options:
   • Import results using previous settings immediately starts the import using the data you configured for the previous import.
   • Update settings... allows you to update the data for import (DTP host name, user name, password, filter).

The imported results are added to the current list of problems in the Problems view.

If you want to delete the previously entered credentials, choose Jtest: Clear Saved Credentials... > DTP.

Importing Results from GitHub, GitLab and Azure DevOps

You can import analysis results from GitHub, GitLab and Azure DevOps if the workflow for your GitHub project or the pipeline for your GitLab or Azure DevOps project is customized to run Jtest.

• See https://github.com/marketplace/actions/run-parasoft-jtest for details on how to modify your GitHub workflow to run Jtest.
• See https://gitlab.com/parasoft/jtest-gitlab for details on how to modify your GitLab pipeline to run Jtest.
• See https://marketplace.visualstudio.com/items?itemName=parasoft.jtest-azure-devops for details on how to modify your pipeline in Azure DevOps to run Jtest.

To import results from GitHub:

1. Choose Jtest: Import Results From ... > GitHub from the Command Palette.
2. Sign in to your GitHub account when prompted by Visual Studio Code. The prompt will not appear if you've already signed in.

To import results from GitLab:

1. Choose Jtest: Import Results From ... > GitLab from the Command Palette.
2. Enter the host and token associated with your GitLab account. The prompt will not appear if you've already entered this information.

If you want to delete the previously entered credentials, choose Jtest: Clear Saved Credentials... > GitLab.

To import results from Azure DevOps:

1. Choose Jtest: Import Results From ... > Azure DevOps from the Command Palette.
2. Install the Azure Account extension when prompted and sign in to your Azure DevOps account. The prompts will not appear if the extension is already installed and you're signed in.

The import will begin immediately if the artifact that contains the report.xml file with analysis results is automatically detected. Otherwise, you will be asked to enter additional information to specify the report file from which you want to import results. Depending on your GitHub/GitLab/Azure DevOps account, you may need to specify the repository and branch where the results are stored, the workflow / pipeline that generates the artifact with results, the name of the artifact, and the report file.

Importing Code Coverage Results from a File

You can import code coverage results to Visual Studio Code from an external XML report file generated by Jtest (coverage.xml). This may be particularly useful to import code coverage results generated by CI pipelines.

To import coverage from a file:

• Choose Jtest: Import Coverage From XML File... from the Command Palette and navigate to a coverage XML file (coverage.xml).

The imported coverage results are added to the active code editor as line highlights.

To manage coverage highlights:

1. Choose Jtest: Show Coverage... from the Command Palette
2. Select Line Coverage to enable coverage highlights or None to remove coverage highlights.

About Parasoft Jtest

Parasoft Jtest uses a comprehensive set of static analysis techniques, including pattern-based analysis, dataflow analysis, metrics, and more, to help you verify code quality and ensure compliance with industry standards.

Installing and Licensing Jtest

If you do not have Parasoft Jtest installed, request a download link and a license at our website.

To install and license Parasoft Jtest:

1. Extract the contents of the installation package to a desired location. The jtest directory containing all Jtest files will be created.
2. Open the jtestcli.properties configuration file in the installation directory.
3. Customize the following license settings to configure a local license:
   • jtest.license.use_network=false
   • jtest.license.local.password=[the password you received from Parasoft]

For information about a network license and other details, see Setting the Parasoft License.

Customizing Parasoft Jtest

You can customize Parasoft Jtest by configuring the settings in the jtestcli.properties file shipped in the installation directory. Alternatively, you can use the jtestcli.properties file in your working directory to configure project-specific settings:

1. Open the Command Palette and choose Jtest: Quick Start or click Jtest on the status bar at the bottom.
2. Choose Add local configuration file.... This will copy the jtestcli.properties file from the installation directory to the working directory of your project and open the file in the Visual Studio Code editor.
3. Modify project-specific configuration settings.

You can reopen the file by choosing Open local configuration file... from the Quick Start menu.

See Parasoft Jtest Configuration Settings for the list of available settings.

Parasoft Jtest Documentation

See Parasoft Jtest User Guide to learn more about the product.

References

• Parasoft Jtest User Guide
• Available test configurations
• Integrating with Build Systems

Usage Data and Telemetry

Please help us improve Parasoft products by sending us usage data. The data will be used to improve the product’s user experience. You can change this setting at any time - this extension respects the telemetry.enableTelemetry and telemetry.telemetryLevel settings, which you can learn more about at https://code.visualstudio.com/docs/supporting/faq#_how-to-disable-telemetry-reporting.
Parasoft will not collect any personally identifiable information that could potentially identify a specific individual. See Parasoft Privacy Policy to learn more.

---

About

Jtest extension for Visual Studio Code - Copyright (C) 2024 Parasoft Corporation