Perforce Klocwork is a modern static code quality analysis tool for C/C++/Java/JS/C#, leveraging leading-edge deep data flow analysis technology to statically identify software runtime defects, errors, and security vulnerabilities across classes and files, and accurately pinpoint the code stack trace where errors occur. By detecting issues related to coding standards, security, and structure, Klocwork can rapidly improve code quality from the early stages of a project. Klocwork supports various development models, including waterfall, agile, DevOps/DevSecOps, and more, meeting the requirements of common R&D standards. Klocwork can be seamlessly integrated into software development and testing processes, covering the entire R&D workflow. Analysis processes can be fully automated on the Klocwork Server side on a scheduled or on-demand basis, with test results published in real-time to the development team. All test results, quality trends, and remediation status can be viewed and tracked on Klocwork's reporting platform.
Klocwork is suitable for applications of all sizes, supporting large projects with millions or even tens of millions of lines of code. It offers fast analysis speeds, high accuracy, and ease of use. With these significant advantages, Klocwork has become a widely used static analysis tool in industries such as defense, aerospace, communications, power electronics, automotive electronics, and energy.
Core Values
-
Automatically find code defects and quickly improve software quality
-
Static scanning software security vulnerabilities, improving software security
-
Coding rule analysis ensures consistency in code style
-
Accelerate development speed and seamlessly integrate into the R&D process.
-
Covering large-scale team-based applications from point to surface
-
Suitable for large-scale code detection
-
Significantly reduce the workload of manual code review
Advantages and Highlights
-
Klocwork supports automated scanning of more than 1,000 types of code defects, including null pointers, resource and memory leaks, uncaught exceptions, division by zero, and more, to comprehensively detect code quality issues
-
Klocwork provides comprehensive security rule scanning capabilities, supporting standards such as CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961. It has strong deep data flow analysis capabilities, high accuracy, and low false negative rates
-
Supports customization and enabling/disabling/suppressing of rules
-
Klocwork natively supports over 50 common compilation development environments through integration with third-party commercial parsers
-
Supports integration with CI/CD tools and perfectly fits fast-paced development models such as DevOps/DevSecOps
-
Modern B/S+C/S deployment methods facilitate team-based deployment and expansion
-
Klocwork supports static detection of software application security vulnerabilities, including SQL injection, data corruption, buffer overflow, weak code implementation, and many other common application security vulnerabilities
-
Klocwork supports static analysis of millions or even tens of millions of lines of code, with fast analysis speeds
-
Fully supports multiple development languages, including various mainstream standards or versions of C/C++, Java, JS, and C#, etc
-
Klocwork offers a wide range of third-party integrations and supports popular IDEs such as Eclipse, Visual Studio, and IntelilJ Idea
-
Klocwork focuses on code defect analysis and security vulnerability detection, while also providing coding rules and code structure detection functions to meet the needs of various scenarios
-
Klocwork provides a variety of reports and dashboards to facilitate project management and test result tracking
Key Features
-
Software Quality Defect Detection
-
Security Vulnerability Scanning
-
Encoding Rule Scanning
-
Rule Customization
-
Support DevOps
-
Team Deployment and Reporting
-
Certification and Authentication
-
Software Quality Defect Detection Klocwork leverages its leading deep data flow analysis capabilities to detect common errors, quality defects, and risky code in C/C++/Java/JS/C# software, identify problem locations across classes and files, and display complete stack traces. The types of errors Klocwork can detect include null pointers, array out-of-bounds access, memory and resource leaks, uninitialized access, deadlocks, uncaught exceptions, division by zero, and unreachable code, among other common error types, which can be further broken down into over 1,000 specific check items. Klocwork supports static analysis for software with millions or even tens of millions of lines of code, offering fast analysis speeds, high accuracy, and minimal false negatives. Klocwork enables development teams to identify potential quality defects in code early in the development process, known as “shift left,” thereby increasing the adoption rate of static analysis tools, shortening project testing cycles, and significantly reducing the cost of fixing defects later in the process.
-
Security Vulnerability Scanning
Klocwork's data flow analysis engine can comprehensively scan software for security coding standards and vulnerabilities, covering security standards such as CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961, effectively ensuring the security of software systems. The types of security vulnerabilities detected by Klocwork include common software application security vulnerabilities such as SQL injection, cross-site scripting, data tampering, and insecure code. Klocwork's security vulnerability scanning functionality supports applications developed in multiple languages, including C/C++, Java, JS, and C#. By utilizing Klocwork's security vulnerability scanning functionality, organizations can meet the security compliance audit requirements of critical information security domains such as automotive cybersecurity, financial services, and government utilities.
-
Encoding Rule Scanning
Klocwork includes a variety of common coding rule sets designed to ensure software quality, such as MISRA C/C++, AutoSAR C++14, and JSF AV C++. Using Klocwork for coding standard compliance checks serves two purposes: first, to meet industry compliance requirements or code review needs; second, to prevent common code quality defects by applying best-practice programming standards from the outset of each line of code development, thereby avoiding dangerous, unsafe, or unreasonable code and ensuring code quality from the source.
-
Rule Customization
Klocwork supports users in customizing static analysis rules according to their own needs. Based on the customization interface provided by Klocwork, users can create a set of static analysis rules that comply with existing enterprise development standards, thereby replacing manual code reviews with automated processes and accelerating product development speed. The graphical rule customization tool provided by Klocwork is easy to use, ensuring implementation efficiency. Klocwork's rule customization functionality is applicable to multiple development languages, including C/C++, Java, and C#.
-
Support DevOps
Klocwork offers a wealth of features to meet the rapid iteration requirements of DevOps/DevSecOps development processes. Klocwork was designed and developed from the outset with the principles of continuous integration (CI) and continuous delivery (CD) in mind. Klocwork supports plugin integration with CI/CD systems such as Jenkins, seamlessly integrating static code analysis into daily continuous integration workflows, significantly reducing the complexity of implementing static analysis tools. Klocwork supports differential analysis, which uses system context data from the Klocwork Server to analyze only the files that have changed, while also providing differential analysis results as if the entire system had been analyzed, thereby significantly reducing the time required for each static analysis. Additionally, Klocwork provides a complete REST API and data interfaces in XML/JSON/PDF formats, and can run in cloud containers and cloud build systems, supporting on-demand configuration, thereby offering maximum flexibility and convenience for analyzing using internal or external cloud services. Klocwork's support for DevOps enables earlier detection of every line of code and ensures that test results are promptly addressed through its review/commenting, task tracking, and quality trend analysis features.
-
Team Deployment and Reporting
Klocwork supports large-scale team collaboration and deployment, integrating code version servers, build servers, developer desktops, and the Klocwork reporting platform to form a complete code static analysis and quality management platform solution. Klocwork provides rich reports and dashboards. The Klocwork Portal dashboard centrally stores analysis data, trends, static metrics, and analysis configurations for code repositories across the entire organization, which users can access via a web browser. Klocwork's dashboards support high customization, enabling developers, managers, and other stakeholders to:
1) define global or project-specific QA, security goals, and rule configurations;
2) control access permissions and approval workflows;
3) view trend charts and metric data to monitor project quality, progress, and predictions;
4) generate compliance and security reports;
5) prioritize defects detected by Klocwork based on severity, location, and lifecycle;
6) Distinguish and manage new issues separately from legacy code;
7) Push backlogged issues to the change control system; 8) Import and integrate QAC analysis results into Klocwork SAC to view and manage comprehensive analysis results in a single dashboard.
-
Certification and Authentication
Klocwork has been certified and validated by TÜV SÜD, an internationally recognized third-party certification body, for compliance with multiple industry standards, including IEC 61508, ISO 26262, EN 50128, IEC 60880, and IEC 62304. Klocwork provides users with tool certification certificates and safety manuals, eliminating the need for users to conduct their own tool validation. Klocwork also supports compliance with the DO-178B/C airworthiness standards and can provide a complete airworthiness certification package for tools in accordance with the DO-330 standard. Klocwork's certifications are continuously updated with product version iterations, ensuring that all users can promptly access the latest certification reports.
Supported Environments
Installation platforms supported by Klocwork
Mainstream versions of host operating systems for Windows/Linux/Solaris
C/C++ compiler series supported by Klocwork
Analog Devices Blackfin and TigerSHARC | Microtec |
Archelon | Microware Ultra C for OS-9 |
ARM CC | Mono Headset SDK |
CADUL C for Intel 80X86 | Motorola DSP563 |
CEVA (NVIDIA) | Nintendo Cafe Platform |
Clang | Nvidia CUDA |
CodeWarrior Freescale S12 | NXP StarCore Freescale |
Compiler caching tools | Panasonic MN101E/ MN101L |
CodeWarrior Freescale S12 | Cosmic |
Paradigm | Embarcadero |
Plan 9 | Fujitsu FR |
QNX qcc | GNU |
Renesas | IAR Renesas R32C |
GNU | Renesas |
Green Hills | Rowley Crossworks |
Hexagon Tools | Sony Orbis Clang PS4 |
HI-CROSS+ Motorola HC16 | Sony SN Systems PS2, PS3 and PSVita |
HI-TECH C | Sun Studio |
Hitachi ch38 | Synopsys ARC MetaWare |
HiveCC | Target Chess |
IAR | Tasking |
IBM XL | Tensilica Xtensa |
ImageCraft AVR | TI ARP32 |
Intel iC-386 | TI msp430 |
Keil CA51, C166 and C251 | TI tms32 |
Marvell | TriMedia tmcc |
MetaWare | Watcom |
Metrowerks CodeWarrior | WinAVR |
Microchip MPLAB | Wind River Diab / GCC |
Microsoft Visual Studio | ZiLOG eZ80 |
Related
