Why Choose Klocwork?
Klocwork static application security testing (SAST) for C, C++, C#, and Java identifies software security, quality, and reliability issues helping to enforce compliance with standards.
Built for enterprise DevOps, Klocwork scales to projects of any size, integrates with large complex environments, developer tools, and provides control, collaboration, and reporting. Our Differential Analysis engine provides rapid results, while maintaining accuracy, and integrates seamlessly with CI/CD pipelines to automate continuous compliance — safeguarding your software from vulnerabilities with every commit.
Safe, Secure, & Reliable Code
Higher Code Quality
Klocwork Key Features
Find Security Vulnerabilities with SAST
Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities – helping to find and fix security issues early and proving compliance to internationally recognized security standards.
- DevSecOps: Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy.
- Security Standards: CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961.
- Security Vulnerability Detection: SQL Injection, Tainted Data, Buffer Overflow, Vulnerable Coding Practices, and many more.
- Bug, Quality Issue, and Code Smell Detection: Null Pointer Dereferences/Exceptions, Memory/Resource Leaks, Uncaught Exceptions, and many more.
Differential Analysis: Using system context data from the Klocwork Server, it is possible to analyze only the files that changed while also providing differential analysis results as if the entire system had been analyzed. This provides you with the shortest possible analysis times.
Easy to Automate: Klocwork tools have common command line interfaces, the Klocwork defect data can be accessed via a REST API and all output formats use standard formats, such as XML, JSON, and PDF.
Containerized Builds: Klocwork can be run within containerized and Cloud build systems and supports the provisioning of machine instances as required. Providing maximum flexibility and opportunity to use internal or external Cloud services for code analysis.
Control, Collaboration, and Reporting
The Klocwork Portal dashboard is a centralized store of analysis data, trends, metrics, and configurations for codebases across the organization — accessed through a web browser.
The dashboard is highly customizable, enabling your developers, managers, and other stakeholders to:
- Define global or project-specific QA and security objectives and rule configurations.
- Control access permissions and approval workflows.
- View trending and metrics data for project quality and compliance.
- Produce compliance and security reports.
- Prioritize defects based on severity, location, and lifecycle.
- Distinguish new issues from legacy code issues.
- Push backlog issues to Change Control systems.
Designed for Developers
By seamlessly integrating static code analysis with the rest of your development toolset, Klocwork will shift-left defect detection and improve developer adoption as a tool for developer training and increasing productivity.
No User Configuration: Klocwork provides out of the box support for hundreds of compilers and cross-compilers, so build integration is automatic.
Easy to Use: Plugins for popular IDEs (including Microsoft Visual Studio, Eclipse, IntelliJ, and more).
Connected Desktop: Local code changes made using the connected desktop plugins provide immediate differential analysis results within IDEs.
Detailed Feedback and Help: Intraprocedural defects and coding violations are identified by severity of risk. For each defect and coding violation, you will receive detailed information of cause with rich, context-sensitive help and guidance on remediation. This allows for easily accessible opportunities for understanding and learning.
Custom Rules: A graphical custom checker creation tool makes the implementation of project- or organization-specific rule quick and easy — further enriching the learning opportunities.
Architectural Analysis: Klocwork also integrates with architectural visualization and enforcement tools like Structure 101 to allow users to further improve the overall quality and maintainability of their codebase through clean and correct dependencies.
Klocwork Quality Coding Standards
Klocwork makes it easy to comply with quality coding standards.
You can use the following compliance taxonomies to enforce coding standards across your codebase. And, you’ll get fewer false positives and false negatives in your diagnostics.
MISRA Compliance for C and C++
The MISRA coding rules identify potential issues in safety-critical systems and flag sections of your code that violate these rules.
The MISRA C checkers enforce MISRA C:2012, including Amendment 1 security rules.
The MISRA C++ checkers enforce MISRA C++:2008 rules.
AUTOSAR Compliance for C++14
Check your code against the AUTOSAR C++14 coding standard — automatically.
The AUTOSAR coding rules identify safety issues in C++14.
Use the AUTOSAR C++14 compliance taxonomy to flag any code that violates these rules.
So, you’ll be able to ensure compliance — and fulfill ISO standards. And, you’ll be able to track and report on compliance.
NASA Compliance for C and C++
Check your code against the NASA Compliance for C and C++ — automatically.
The taxonomy eliminates coding practices that make code difficult to review or statically analyze. The rules complement the MISRA C guidelines and are incorporated into the Jet Propulsion Laboratory (JPL) coding standards.
The taxonomy identifies code with those 10 weaknesses or vulnerabilities and prioritizes those violations.
CERT Compliance for C and C++
Check your code against the CERT C and C++ coding standards — automatically.
The CERT coding rules identify security vulnerabilities in your code. Use the CERT C and C++ taxonomies to flag code that violates these rules. This helps you eliminate undefined behaviors and apply best practices for secure code.
And, Klocwork helps you to prioritize and fix the most critical violations first. It will even provide you with detailed guidance and examples on how to best fix these errors.
CWE Compliance for C, C++, C#, and Java
Check your code against the CWE list of security weaknesses — automatically.
CWE identifies common security weaknesses in C, C++, C#, and Java.
Use the CWE taxonomies to identify code with those security weaknesses. And, Klocwork prioritizes violations to help you identify which violations need to be addressed first.
DISA STIG Compliance for C, C++, and Java
Check your code against the DISA STIG coding standards — automoatically.
DISA STIG is a cybersecurity methodology for standardizing security protocols within networks, servers, computers, and logical designs.
Use the taxonomy to identify common security weaknesses for C, C++, and Java. And, Klocwork prioritizes violations to help you identify which need to be addressed first.
OWASP Compliance for Java
Check your code against the OWASP list of security weakness— automatically.
Use OWASP, or the Open Web Application Security Project, compliance taxonomy to identify common web application security vulnerabilities for Java. And, Klocwork prioritizes those violations to help you identify which need to be addressed first.
Klocwork Quality for C, C++, C#, and Java
The Klocwork Quality taxonomy has checkers that focus on improving the overall quality of your code to ensure that it is efficient, effective, and reliable.
Customize a Coding Guideline for your own Business or Project
You can choose your own C, C++, C#, and Java checkers for a project or business wide coding guideline taxonomy. Klocwork will automatically enforce these rules, and report on the compliance of them as well.
Who Uses Klocwork?
Functional Safety Standards Supported By Klocwork
Klocwork SCA can be used to achieve industry functional safety standards and certification.
- IEC 61508 (general industry, defense).
- ISO 26262 (automotive).
- EN 50128 (railways).
- IEC 62304 (medical).
- DO-178B/C (aerospace).
Certified for ISO, IEC, and EN Compliance
Klocwork is independently certified for compliance.
Klocwork is TÜV-SÜD certified for compliance with functional safety standards:
- IEC 61508 (general industry).
- ISO 26262 (automotive).
- IEC 62304 (medical).
- EN 50128 (railways).
Request your free trial of Klocwork for C, C++, C#, and Java.
Check It Out
Learn more about Klocwork.
Get In Touch
Have questions? We’re here to help!