How to Use Helix ALM with Klocwork
May 26, 2020

How to Use Helix ALM With Klocwork

Application Lifecycle Management
Static Analysis

Helix ALM is one of the most trusted modular suites for the different phases of development. And, Klocwork is a static code analyzer that has been designed to optimize DevOps processes, like CI/CD Pipelines. When paired together, the two solutions can provide your team with a scalable DevOps solution.

▶️ Video Tutorial: How to Use Static Analysis Within Application Lifecycle

Read along or jump ahead to the section that interests you the most:

➡️ Start Your Helix ALM Free Trial

➡️ Start Your Klocwork Free Trial

Back to top

What Is Helix ALM?

Helix ALM provides end-to-end traceability by linking your requirements, test cases, and issues — all in one platform. Its configurable workflow easily adapts to the way you already work, not the other way around. So testers, developers, and everyone else ensuring the quality of your product can work together seamlessly. 

Back to top

What Is Klocwork?

Klocwork is one of the most trusted static analyzers for C, C++, C#, Java, JavaScript, Python, and Kotlin. What’s more, with its Differential Analysis, connected desktop, and support for both CI/CD pipelines and Containerized Builds, Klocwork is the ideal static analyzer for DevOps.

Back to top

Why Helix ALM Users Should Use Klocwork

Helix ALM simplifies traceability for easier compliance, impact analysis, and risk management. By pairing it with Klocwork, Helix ALM users are able to quickly analyze their entire codebase to identify coding vulnerabilities and errors earlier in development as well as to ensure that coding standards were enforced.

Klocwork Complements Helix ALM by…

Differential Analysis

Using system context data from the server, Klocwork analyzes only the files that have changed while also providing Differential Analysis results as if the entire system had been analyzed. This provides you with the shortest possible analysis times of new and changed code.

Integration Analysis

Using system context data from the server, Klocwork provides a snapshot of the current health of your software project. After each Integrated Analysis, Klocwork provides a list of detected coding issues along with other reports on your code. By regularly running Integrated Analysis, you can improve code quality and ensure uniformity across your codebase.

Back to top

Why Klocwork Users Should Use Helix ALM

Software development teams use Klocwork to help ensure that their code is high quality, secure, and reliable. By pairing it with Helix ALM, Klocwork users can perform requirements management, issues management, and test case management in a single platform. Klocwork data is visible in requirements, making it part of the trace matrix.

Helix ALM Complements Klocwork by…

Single Source of Truth

With requirements, test cases, and issues housed in one tool, users never have to verify that they’re working with the most current information. Updated Klocwork data, like violations of requirements and fixed issues, also appear with your requirements in Helix ALM. You can extend and filter violation data, see updated issues, and more without leaving the platform.

Traceability

Helix ALM automatically tracks and links artifacts to create end-to-end traceability, providing impact analysis, easy reporting, and more. Because your static code analysis results from Klocwork are pulled into your requirements in Helix ALM, they become part of the automated traceability matrix.

How Helix ALM and Klocwork work together.
Back to top

How to Use Helix ALM with Klocwork

The integration comes in the form of a customizable python script that connects to the Klocwork API and gathers data from an analysis run. It then interacts with the Helix ALM API, where it raises the defects into its issue management.

Here is how to set up the integration.

1. Install Helix ALM

First, you’ll need to install Helix ALM.

If you’re not using Helix ALM yet, get started here >>

If you’re already a Helix ALM user, download the latest version here >>

2. Install Klocwork

Next, you’ll download Klocwork.

If you’re not using Klocwork yet, get started here >>

If you’re already a Klocwork user, download the latest version here >>

3. Get the Integration and Install Python

Get the integration and install Python.

Contact us to get the latest version of the integration script. It is designed to work with Python 3.6, however, other versions of Python 3.x should also work.

Install this on the machine where the script will run.

4. Configure Helix ALM

You are also able to add in custom fields specific to the issue type:

  • Klocwork Status — fixed drop down list matching Klocwork’s values (i.e. Analyze, Ignore, Fix, etc.)
  • Klocwork State — fixed drop down list matching Klocwork’s values (i.e. New, Existing, Fixed)
  • Klocwork ID — text string, which holds the unique Id for the issue

To add system fields with new values:

  • Product — Add “Klocwork”
  • Type — Add “Static Analysis”

You can also add an issue search query called “Klocwork Issues”, which gets any non-blank “Klocwork ID” fields.

5. Configure Klocwork

Each time you start a new project, you will need to configure Klocwork. To do so you will need to decide on what issues need importing across, for example:

  • All
  • All issues except those in third-party code
  • Only critical defects

Then, you can configure a view in Klocwork to match the issues that you want to pull across.

6. Deploy the Script to any Build Agents/Machines

The script is designed to be run after a Klocwork Integration Analysis has been performed. It can also update existing issues that have already been imported into Helix ALM.

7. Create a Helix ALM Authentication key for API Connections

If you’re configuring through Continuous Analysis, it will run after each Integration Analysis. The results will then be imported across any new issues and update existing issues within Helix ALM as long as they have been altered in the latest analysis.

8. Run the Klocwork Analysis and Then run the Script

Run the Klocwork integration analysis. Then after the load stage, run the ALMxKW.py script as per the readme. The issue(s) should now appear in Helix ALM and subsequent runs will update these.

Back to top

Get Started: Helix ALM and Klocwork

Start optimizing your DevOps process with Helix ALM and Klocwork today.

➡️ start your Klocwork free trial                    ➡️ start your Helix ALM free trial

Back to top