Centralized, Continuous Compliance. Deep Analysis at DevOps Speed.

Identify and apply fixes to coding standards rule violations and security vulnerabilities as soon as they’re introduced. Prove compliance with internationally recognized functional safety and security standards.  

• Coding Guidelines and Industry Standards: Comprehensive coverage of coding, safety, and security-focused standards, including MISRA, AUTOSAR, CERT, WP.29, ISO 26262, and DO-178C with the QAC DO-330 Tool Qualification pack.  
• Sound Abstract Interpretation: Enable deep rule enforcement across control flows and call paths.  
• Fine-Grained Diagnostics: High accuracy of analysis means finding more real issues with fewer false positives.  
• Enforce Code Quality and Memory Safety: Catch the deep logic, unsafe blocks, concurrency, API misuse, architectural drift ,and integration vulnerabilities that Rust alone does not address.  

Prioritize coding issues based on the severity of risk. Perforce QAC helps you target the most critical defects using filters, suppressions, and baselines. It delivers accurate diagnostics and actionable results — enabling you to fix the most important issues first.  

Scale across branches and variants. Project Streams and modules simplify variant and component management, enabling efficient compliance across complex codebases. Keep compliance synchronized across distributed teams without duplicate work; Perforce Validate centralizes outcomes, deviations, and approvals. With scalable reporting, CI and IDE integration, and support for complex variants through streams and modules, QAC helps organizations demonstrate compliance with greater speed, clarity, and confidence in certification and release decisions. 

Creating streams provides the following benefits:  

• Assign a single project rule configuration to all variants. 
• Issues common to multiple variants are automatically kept in sync and only require citing once.  
• Easily identify identical issues across multiple streams and issues unique to a specific stream.  
• Generate reports on individual streams for compliance, functional safety, or other evidential purposes.  
• More convenient organization and efficient storage of analysis data. 

QAC helps you achieve certification for DO-178C and DO-278 faster, using the DO-330 Qualification Pack. Using a qualified tool helps you qualify the output of your software development tools faster.  

Perforce Validate is a centralized store of analysis results from Perforce Static Analysis products, QAC and Klocwork. Validate provides analysis data, trends, and configurations for codebases across the organization. It is also highly customizable, empowering your team to easily define specific QA and compliance rule configurations, identify issues and deviations, and review the entirety of the code by project and section to adequately meet your team’s needs.  

QAC is designed with Continuous Integration and Continuous Delivery foremost in our thinking, which makes it easy to include static analysis as part of your CI/CD pipelines. 

Full Traceability Across the Development Workflow 

Define rule configurations, review code by project, and triage issues through the CI and web portal. With support for Web API and CI-based workflows, teams can connect desktop and cloud-based analysis into a complete compliance record. That traceability empowers teams to:  

• Track findings from detection through resolution 
• Link analysis activity to compliance objectives and reports 
• Demonstrate adherence to coding standards with confidence 
• Provide auditors with clear, reviewable diagnostics and history.  

QAC supports safer releases with integrations across major compilers, IDEs (such as Microsoft Visual Studio), version control systems (such as Perforce P4), CI build servers (such as Jenkins) and CI/CD pipelines including delta analysis to help gate commits before risk grows.  

QAC’s inter-procedural dataflow analysis goes beyond surface-level scanning to deliver deep, contextual insights into your codebase. When paired with AI, these findings — complete with detailed documentation and precise fix instructions — give the AI everything it needs to generate highly accurate, actionable remediations. The result: fix suggestions that are not just technically correct, but tailored to your specific codebase and compliance standards, helping developers resolve quality issues earlier and with far less effort. 

In safety-critical environments where compliance is crucial, trust and verification can’t be overlooked. AI-assisted code remediation leverages the depth of QAC coverage of major safety and security coding standards for C and C++ to quickly enforce these standards across your codebase and help fulfill (and prove) compliance with functional safety requirements. Quality and compliance are strictly maintained with human oversight: the AI-assisted code remediation feature requires developer approval for all suggested fixes, ensuring your code remains secure, compliant, and free of AI-generated vulnerabilities.  

AI-assisted code remediation easily integrates with VS Code. Built for flexibility, the VS Code plugin with GitHub CoPilot capabilities provide broad AI compatibility with support for multiple LLM options. Development teams can use tools they are familiar with while automatically fixing reported issues prior to commit and confirming those fixes in-phase — passing every quality gate. Teams can also use CoPilot’s interactive chat to clarify issues and fine-tune fixes alongside the AI.   

Go beyond early defect detection to intelligent resolution. Learn more about accelerating safety-critical development with AI-assisted code remediation. 

Read the Datasheet