What is Klocwork?

From Insight-9.0

Contents 1 The Klocwork system 2 How Klocwork integrates with your development workflow 2.1 The Klocwork administrator sets up an integration project for developers to connect to 2.2 Developers connect their local project to the integration project 2.3 Klocwork Review allows you to gauge the health of your integration build 2.4 You can customize the Klocwork analysis

Klocwork provides end-to-end static source-code analysis by finding issues in both your integration build and source code under development. Leveraging fast, incremental analysis, developers can quickly validate their code as part of their normal local implement/build cycle – before unit testing, before profiling, and well before faulty code is checked in and able to pollute the code stream for others.

With Klocwork Insight, developers can quickly and accurately identify critical security vulnerabilities, quality issues and architectural issues in C, C++, C# and Java code right at their desktop.

Key Insight features are:

• the Truepath^™ analysis engines that detect issues in your code
• connected desktop, which detects issues at the earliest possible stage of the development cycle
• integration build reporting and metrics, which are viewed using Klocwork Review
• Klocwork Architect, which allows you to visualize and redesign your software system architecture

Licensed users of Insight Pro Desktop get all the above, plus:

• refactoring
• a Web-based code review tool, Klocwork Inspect

For more information, see the product matrix.

Now that you have a high-level view of what Klocwork is, how does it all work?

The Klocwork system

The major installable components of the Klocwork system are:

• the Klocwork servers
• the Truepath^™ analysis engines
• the data location, which we call the projects_root directory
• the Klocwork user tools:
  • Desktop analysis tools, including the IDE plug-ins, the command-line interface, and Klocwork Desktop
  • Klocwork Architect
  • Klocwork Checker Studio
  • Two other user tools, Klocwork Inspect and Klocwork Review, require only a supported browser.

You can customize the installation of the Klocwork system to your needs.

You'll see references to the Klocwork administrator throughout the documentation. This is a person who performs administrative tasks in the Klocwork system, such as:

• setting up and managing the integration build analysis
• managing the servers
• backing up Klocwork data
• configuring permissions
• deploying custom checkers

This could be one person or several people, depending on how you've set up Klocwork.

How Klocwork integrates with your development workflow

The Klocwork administrator sets up an integration project for developers to connect to

Klocwork integrates with your integration build, capturing all of the information it needs to provide a centralized view over the entire code stream, and stores this information in a text file we call a build specification.

Klocwork build analysis tools take the build specification as input, analyzing your software system for issues, security vulnerabilities, usage rule infractions, and metrics threshold violations. We call this an integration build analysis.

The analysis results are then loaded into the Klocwork database.

Developers connect their local project to the integration project

Once you've checked your code out of source control, you connect your desktop project to the integration project on the Klocwork server. We call this the connected desktop.

You then run Klocwork on your code. Behind the scenes, Klocwork collects all the information it needs to analyze your code. Because you're connected to the integration project, Klocwork has access to the entire system context when it analyzes your code.

The results are displayed in your development environment. You can easily see which issues were introduced locally and which exist in the integration build.

You review the results, fixing errors and setting others to be fixed later or to be ignored, and adding comments to explain your changes.

Automatic synchronization makes your changes visible to other developers, and in Klocwork Review. Your desktop project is also updated with any changes made by other developers. This happens even before another integration build analysis has been run.

Klocwork Review allows you to gauge the health of your integration build

Klocwork Review is the Web interface for Klocwork reports, issue analysis and Source Cross-Reference. Klocwork Review offers you quick access to information about your own software system. The data that you access through Klocwork Review is drawn from the Klocwork database. When a Klocwork administrator runs an analysis of your integration build, the Klocwork database is populated with information about your software system extracted directly from the source code.

Klocwork Review's customizable Project Summary Page allows you to create a dashboard for each of your software projects. The built-in reports are customizable as well.

You can customize the Klocwork analysis

You can customize the Klocwork analysis for each of your software projects, both for the integration build and on the desktop. You can:

• enable or disable particular Klocwork checkers
• provide Klocwork with more information about your source code (which we call "tuning")
• write your own checkers
• set metric thresholds and usage rule violations

Through synchronization, any customization of the integration build is passed to connected desktops.