Klocwork
Static Code Analysis for C/C++, Java and C#
符合程式安全、 可靠性和一致的持續交付源代碼
讓開發人員在自己的工作桌面,就能識別代碼缺陷在他們發生之前。 為桌面和企業實現,Klocwork 標識關鍵的安全問題,提高源代碼的可靠性,與之前登錄入的源代碼,提高了編碼品質更合於標準 — 開發人員節省時間和組織節省錢。開發團隊使用 Klocwork 承認大幅度提高生產率,同時縮短週期時間並減輕由於代碼缺陷的風險。世界各地的使用者信任 Klocwork 幫助開發者發展可能的最安全、 最可靠的代碼。
持續不斷的靜態代碼分析加快程式開發
軟體發展的速度在採用敏捷方法,DevOps 和持續整合 (CI) 之後,達到前所未有的水準。 Klocwork 通過引入靜態代碼分析 (CSCA) 加快了程式開發的步伐。持續靜態代碼分析是在全面的程式安全、安全措施、可靠性和性能滿足持續整合工具(checkers),提供快速的回饋對不斷檢查程式健康的整個開發團隊。 這是使得 Klocwork 分析引擎,可以最大限度的可伸縮性和性能的一次多個併發分析獨特的體系結構。換句話說,如果你要每天發表許多更版,僅 Klocwork CSCA能讓每個開發人員改變處理的頻率和捨棄複雜性,如果沒有分析引擎會被搞糊塗,更改或放緩準確結果的源代碼。
As teams develop code with more features, shorter timelines, and stricter standards than ever before, it gets increasingly difficult to find bugs and fix security flaws. With this complexity, how do we stop data breaches and application crashes before they're passed on to the customer? How do we find them earlier in the process, so developers can spend more time creating real value for the customer rather than fixing defective code?
It starts at the developer's desktop. It's here where code is written, tested, reviewed, and written again. Finding problems here, at the earliest possible point before the build, means less testing later on and fewer downstream impacts to cost and schedule. It continues with Continuous Integration (CI), only Klocwork supports popular CI tools to perform analysis on incremental code changes, during check in, to keep pace with rapid release delivery cycles. Klocwork puts static code analysis where you need it, identifying critical safety, reliability, and coding standards issues in front of developers' eyes - before, during, and after check in.
-
Static Code Analysis on-the-fly, to identify issues at the earliest possible point
-
SmartRank recommendation engine, to prioritize and work on those issues that matter most
-
Continuous Integration to maximize scalability and performance for multiple concurrent analysis at a time
-
Application Security to prevent malicious attacks
-
Code Refactoring to clean up code structure and reduce future costs
-
Reporting and Metrics to understand and prioritize issues across the entire team
-
Code Architecture to visualize and optimize software design
-
Code Review to get teams working faster towards delivering the best code possible
Klocwork and ISO 26262 for Automotive
Klocwork provides coverage of all static analysis aspects of ISO 26262 Section 6 and the qualification evidence needed for ISO 26262 Section 8.
Klocwork is certified (pre-qualified) by Tüv Süd for use in ISO 26262 projects. Klocwork’s analysis can be used to cover a range of guidelines specified in Section 6 of the standard, Product development at the software level. Klocwork’s client-server architecture simplifies and streamlines the process of managing compliance to coding standards, such as MISRA, which form a key feature of the ISO 26262 requirements from the static analysis aspect.
The process of managing MISRA conformance (including deviations), can be illustrated using the process described in the diagram below. This follows the lifecycle of an issue detected and suppressed at the developer’s desktop, to being reviewed and approved/declined on the Klocwork server via a code review.
Klocwork defect lifecycle in a safety standard process
The different statuses in the workflow illustrated by the diagram are explained below:
-
Analyze – default initial status for a new issue detected
-
Ignore – used by developers to suppress issues
-
Defer – used to approve suppresions
-
Fix – used to deny suppressions
To generate MISRA compliance reports we can filter Klocwork issues by MISRA-C/C++ and “status:Defer”.
If a developer does not suppress an issue, we can automatically create a task for this (e.g. in JIRA) and the developer is then responsible for setting the status to “Ignore” and the rest of the workflow stays the same.
There is also the possibility to perform Code Reviews on issues before the integration analysis, using Klocwork’s Code Review tool.
Compared to traditional deviation processes, e.g. comments in the code and XML/Spreadsheets to track the deviations, Klocwork’s approach will streamline your development process. Moreover, everything you need to do as a developer can be done from within your IDE – no need to jump around between different tools.
