Secure Code Faster. Stay Audit-Ready. Scale With Confidence.

Identify and apply fixes to security vulnerabilities as soon as they’re introduced and prove compliance to internationally recognized security standards.  

• Security Standards: Comprehensive coverage of security-focused standards, including CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961. 
• Security Vulnerability Detection: SQL injection, tainted data, buffer overflow, vulnerable coding practices, and many more.  
• Bug, Quality Issue, and Code Smell Detection: Null pointer dereferences/exceptions, memory/resource leaks, uncaught exceptions, and more. 

Scale across branches and variants. Project Streams provides easy management of shared codebases that have multiple variants or branches by simplifying project rule configuration, issue management, defect citing, reporting, and efficient storage of analysis data. Project Streams keeps compliance synchronized across distributed teams without duplicate work; Perforce Validate centralizes outcomes, deviations, and approvals.  

Creating streams provides the following benefits:  

• Assign a single project rule configuration to all variants.
• Issues common to multiple variants are automatically kept in sync and only require citing once.  
• Easily identify identical issues across multiple streams and issues unique to a specific stream.  
• Generate reports on individual streams for compliance, functional safety, or other evidential purposes.  
• More convenient organization and efficient storage of analysis data.  

Prioritize coding issues based on severity of risk. Perforce Klocwork helps you target the most critical defects first using filters, suppressions, and baselines. Use Smart Rank within Validate for large-scale risk prioritization and address high-impact vulnerabilities across your organization.  

Klockwork tools are designed with Continuous Integration and Continuous Delivery foremost in our thinking, which makes it easy to include static analysis as part of your CI/CD pipelines. 

Using system context data from the Klocwork Server, it is possible to analyze only the files that changed while also providing differential analysis results as if the entire system had been analyzed. This provides you with the shortest possible analysis times.  

Klocwork tools have common command-line interfaces and full API support. The Klocwork defect data can be accessed via a REST API, and all output formats use standard formats such as XML, JSON, and PDF.  

Klocwork can be run within containerized and cloud build systems and supports the provisioning of machine instances as required. This provides maximum flexibility and opportunity to use internal or external cloud services for code analysis.  

The Perforce Validate platform is a centralized store of analysis results from Perforce Static Analysis solutions, Klocwork and QAC. Validate provides analysis data, trends, and configurations for codebases across your organization — accessed through a web browser. It is highly customizable, enabling your team to easily define specific QA and compliance rule configurations, identify issues and deviations, and review the entirety of the code by project and section to adequately meet your team’s needs.  

By seamlessly integrating static analysis with the rest of your development toolset, Klocwork will shift defect detection to the left of the SDLC and improve developer adoption as a training tool and increasing productivity.  

Get out-of-the-box support for hundreds of compilers and cross-compilers, so build integration is automatic.  

Plugins for popular IDEs (including Microsoft Visual Studio, Elipse, IntelliJ, and more).  

Local code changes made using the connected desktop plugins provide immediate differential analysis results within IDEs.  

Inter-procedural defects and coding violations are identified by severity of risk. For each defect and coding violation, you will receive detailed information of cause with rich, context-sensitive help and guidance on remediation — now with human-in-the-loop AI assistance. This allows for easily accessible opportunities for understanding and learning.

A graphical custom checker creation tool makes the implementation of project- or organization-specific rules quick and easy, further enriching learning opportunities.  

Klocwork also integrates with architectural visualization and enforcement tools, which allow users to further improve the overall quality and maintainability of their codebase through clean and direct dependencies.  

Reduce rework on complex defects found in your code. AI-assisted code remediation brings security directly into the developer workflow, using Klocwork to identify issues and AI to suggest targeted fixes. The result is a faster, more seamless path from finding a problem to resolving it.  

Spend less time interpreting Klocwork analysis results. Klocwork passes the full contextual information of its findings and detailed documentation directly to the AI, enabling highly accurate, contextual fix suggestions that significantly reduce developer effort. As developers review and apply AI-suggested fixes, the contextual explanations help them internalize secure coding patterns over time — gradually moving security decision-making out of specialist review and into the hands of developers while they’re still writing code, where it is most cost-effective and faster to fix.  

Built for flexibility, the VS Code plugin with GitHub Copilot capabilities provide broad AI compatibility with support for multiple LLMs. This lowers developer maintenance efforts while allowing developers to use Copilot’s interactive chat to clarify issues and fine-tune fixes alongside AI.  

Go beyond early defect detection to intelligent resolution. Learn more about accelerating secure coding with AI-assisted code remediation by reading the datasheet.  

Download AI-Assisted Code Remediation Datasheet