Klocwork: Best Static Code Analyzer for Developer Productivity, SAST, and DevOps/DevSecOps

Klocwork static code analysis and SAST tool for C, C++, C#, Java, and JavaScript identifies software security, quality, and reliability issues helping to enforce compliance with standards.

Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality.


READ DATASHEET

Secure, Safe, and Reliable Code

C, C++, C#, Java, and JavaScript

DevSecOps and AppSec

industry-energy

Speed, Productivity, and Compliance

Klocwork Key Features

Find Security Vulnerabilities with SAST

Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities – helping to find and fix security issues early and proving compliance to internationally recognized security standards.

  • DevSecOps: Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy.
  • Security Standards:  CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961.
  • Security Vulnerability Detection: SQL Injection, Tainted Data, Buffer Overflow, Vulnerable Coding Practices, and many more.
  • Bug, Quality Issue, and Code Smell Detection: Null Pointer Dereferences/Exceptions, Memory/Resource Leaks, Uncaught Exceptions, and many more.
Image KW Key Features SAST

DevOps Ready

Klocwork tools are designed with Continuous Integration and Continuous Delivery foremost in our thinking, which makes it easy to include static code analysis as part of your CI/CD pipelines.

Differential Analysis: Using system context data from the Klocwork Server, it is possible to analyze only the files that changed while also providing differential analysis results as if the entire system had been analyzed. This provides you with the shortest possible analysis times.

Easy to Automate: Klocwork tools have common command line interfaces, the Klocwork defect data can be accessed via a REST API and all output formats use standard formats, such as XML, JSON, and PDF.

Containerized Builds: Klocwork can be run within containerized and Cloud build systems and supports the provisioning of machine instances as required. Providing maximum flexibility and opportunity to use internal or external Cloud services for code analysis.

Image KW Key Features DevOps Ready

Control, Collaboration, and Reporting

The Klocwork Compliance and Application Security Testing (CAST) Portal is a centralized store of analysis data, trends, metrics, and configurations for codebases across the organization — accessed through a web browser.

The dashboard is highly customizable, enabling your developers, managers, and other stakeholders to:
 
  • Define global or project-specific QA and security objectives and rule configurations.
  • Control access permissions and approval workflows. 
  • View trending and metrics data for project quality and compliance.
  • Produce compliance and security reports.
  • Prioritize defects based on severity, location, and lifecycle.
  • Use Smart Rank to assist developers in prioritizing fixes based on defect likelihood, which when combined with issue severity, provides an overall vulnerability risk score.
  • Distinguish new issues from legacy code issues.
  • Push backlog issues to Change Control systems.
  • Import and integrate Helix QAC findings to the Klocwork SAC to view and manage consolidated analysis results in a single dashboard.
Image KW Key Features Control Collab Reporting

Designed for Developers

By seamlessly integrating static code analysis with the rest of your development toolset, Klocwork will shift-left defect detection and improve developer adoption as a tool for developer training and increasing productivity.

No User Configuration: Klocwork provides out of the box support for hundreds of compilers and cross-compilers, so build integration is automatic.

Easy to Use: Plugins for popular IDEs (including Microsoft Visual Studio, Eclipse, IntelliJ, and more).

Connected Desktop: Local code changes made using the connected desktop plugins provide immediate differential analysis results within IDEs.

Detailed Feedback and Help: Intraprocedural defects and coding violations are identified by severity of risk. For each defect and coding violation, you will receive detailed information of cause with rich, context-sensitive help and guidance on remediation. This allows for easily accessible opportunities for understanding and learning.

Custom Rules: A graphical custom checker creation tool makes the implementation of project- or organization-specific rule quick and easy — further enriching the learning opportunities.

Architectural Analysis: Klocwork also integrates with architectural visualization and enforcement tools like Structure 101 to allow users to further improve the overall quality and maintainability of their codebase through clean and correct dependencies.

Image Overview Klockwork Key Features Smart Rank

“With Klocwork we’ve been able to identify problems that would have been missed, and discover errors more quickly than through traditional manual analysis and testing. That’s allowed us to deliver the high-quality software we pride ourselves on and that our customers expect.”
— Engineering Manager, SCM Systems

Klocwork Coding Standards

Klocwork makes it easy to comply with coding standards.

You can use the following compliance taxonomies to enforce coding standards across your codebase. And, you’ll get fewer false positives and false negatives in your diagnostics.

Security

 CC++C#Java
Secure coding standards help to safeguard your code from potential cyberthreats and other coding vulnerabilities. (Note: The complete set of security standards may not be available with older versions of Klocwork.)
CERT 
CWE
CWE Top 25
OWASP   
DISA STIG 
PCI DSS
ISO/IEC TS 17961 (C secure)   

 

Safety

 CC++C#Java
Safety standards help to ensure that the software powerd by your code is relable and functionally safe. (Note: The complete set of safety standards may not be available with older versions of Klocwork.)
MISRA C 2004   
MISRA C 2012   
MISRA C 2012 AMD 1   
MISRA C 2012 AMD 2   
MISRA C++ 2008   
AUTOSAR C++ 14   
JSF AV C++   

 

Quality

 CC++C#Java
Quality standards help to ensure that your code is reliable and free of errors. (Note: The complete set of quality standards may not be available with older versions of Klocwork.)
NASA's 10 Rules  
Klocwork Quality

 

Customize

 CC++C#Java
You can create and customize your own rules or project/business coding standard for C, C++, C#, Java, and JavaScript.
Create Your Own Standard
Create Your Own Rules

Who Uses Klocwork?

Aerospace & Defense

Aerospace, defense, and military organizations use embedded software every day. Making sure that software is safe, secure, and reliable is critical. This puts developers under pressure to produce software without any defects.

Large codebases and complex systems make this a challenge. Tough compliance requirements make it even more difficult. With Klocwork, airborne systems developers can easily prove compliance and develop quality systems.

industry-energy

Energy Technology

Energy and utilities product development teams need to ensure functional safety compliance, meet industry regulations as well as mitigate potential security vulnerabilities and coding errors. This can be a significant challenge for teams to effectively meet.

With Klocwork, energy and utilities product development teams can easily comply with coding standards, identify potential risks, and have visibility into code compliance.

industry-iot

Embedded Development

Managing the increase in digital assets is essential for the efficient design and development of embedded systems. All of those processes need to happen under strict compliance guidelines. For quality-critical industries, code needs to comply with coding standards and industry requirements. And, Klocwork can prove that your code is compliant.

icon-industry-medical-device

Medical Device

The quality of software embedded in medical devices can mean the difference between life and death. Because of this, there is increasing scrutiny for both safety and security in devices.

By using Klocwork, you'll be able to meet ever-changing government regulations, and verify that your medical devices are safe, reliable, and efficient.

icon-solutions-by-industry-automotive

Automotive

Automotive software development requires more than 100 million lines of code. What’s more, the installed embedded software is generally developed independently from the rest of the automobile.

Because of this, development teams must be able to effectively manage a unique set of challenges. With Klocwork, development teams are able to collaborate on projects, and ensure that their code is high quality and meets regulatory compliance.

Functional Safety Standards Supported By Klocwork

Klocwork SCA can be used to achieve industry functional safety standards and certification.

  • IEC 61508 (general industry, defense).
  • ISO 26262 (automotive).
  • EN 50128 (railways).
  • IEC 62304 (medical).
  • DO-178B/C (aerospace).

Certified for ISO, IEC, and EN Compliance

Klocwork is independently certified for compliance.

TÜV-SÜD Certified

Klocwork is TÜV-SÜD certified for compliance with functional safety standards:

  • IEC 61508 (general industry).
  • ISO 26262 (automotive).
  • IEC 62304 (medical).
  • EN 50128 (railways).
Image Klocwork Certificate Rev 2

Additional Resources

Try Klocwork

Request your free trial of Klocwork for C, C++, C#, Java, and JavaScript.

REQUEST MY TRIAL

Check It Out

Learn more about Klocwork.

READ DATASHEET

Get In Touch

Have questions? We’re here to help!

CONTACT US