Tutorial - Creating a taxonomy and viewing the results
This tutorial shows you how to:
- set up a taxonomy in Klocwork Review to support an internal coding policy
- apply the taxonomy in Klocwork Review and connected desktops
You need the "Change project settings" permission to perform these tasks.
For more information on taxonomies and using the Configuration Editor, see Configuring checkers for the integration build analysis.
Tip: Prior to Insight 9.2, you could filter by issue type on the desktop, or scope by issue type in Klocwork Review. This tutorial explains how you can use taxonomies and views to accomplish the same thing.
Our example company has a policy to flag and eliminate all Null-Pointer Dereference (NPD) issues, all Buffer Overflow (ABR and ABV) issues, and two specific security vulnerabilities: SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
Setting up the Company Policy taxonomy
First, we need to set up the Company Policy taxonomy in the Configuration Editor.
- Launch the standalone Taxonomy Editor.
- The Taxonomy Editor appears.
- Right-click any white space and click New taxonomy.
- In the Create new taxonomy dialog, enter "Company Policy" and click OK.
- Expand the C and C++ taxonomy.
- Ctrl-click the Buffer Overflow and Null Pointer Dereference categories.
- Right-click and select Copy.
- Right-click Company Policy and select Paste.
- Now, we're going to add two security vulnerability checkers to the taxonomy.
- Right-click Company Policy and select Add issue.
- In the Issue code field, start typing SV.IN.
- Autocompletion fills in the rest of the name and suggests checkers matching your entry.
- Select SV.INCORRECT_RESOURCE_HANDLING.URH and click OK.
- Repeat the previous two steps, but this time select SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS.
- Click OK and save your new taxonomy file somewhere you can find it.
- Log in to Klocwork Review.
- In Klocwork Review's project list, click the project you want to upload the file to.
- The project details appear.
- In the project details, click Configuration.
- On the Configuration page, click Add a configuration file.
- In the Choose file dialog, browse to:
- <projects_root>/projects/<project_name>/rules/<yourtaxonomyfile>.tconf (or wherever you chose to save your taxonomy file)
- where <project_name> is the project whose configuration you want to copy.
- Click Upload.
- Your new Company Policy taxonomy appears in the tree.
- Expand the Company Policy taxonomy and make sure that all the NPD and ABV checkers are enabled.
- Add a check to SV.INCORRECT_RESOURCE_HANDLING.URH and SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS to enable them.
- Click to save your changes.
Tip: To learn how to apply a taxonomy to all new projects, see Copying the configuration to all new projects.
Now we'll use our taxonomy in Klocwork Review.
Using the taxonomy in Klocwork Review for report and issue management
We'll create a view, so that you will see only issues in the Company Policy taxonomy.
- In Klocwork Review's project list, click the project you configured.
- Click views.
- On the Views page, click Create a new view.
- In the text field, enter "Company Policy".
- In the Search field, enter:
- taxonomy:"Company Policy"
- Select the public checkbox. This will make the view available to all users with access to this project.
- Click Create to save your view.
- Click the link for open issues within the Company Policy view.
- Click reports on the upper right.
- Note that report data is also filtered by the Company Policy view.
- Click Top 10 Open Issues.
Grouping and filtering by taxonomy in connected desktops
Connected desktop users can filter and group issues by taxonomy to get a clearer picture of how they're performing against the Company Policy. For this example, we'll use Visual Studio 2008.
Grouping by taxonomy
You'll see issues distributed across taxonomies. If the same issue is detected in more than one taxonomy, you'll see it listed under each applicable taxonomy.
Filtering by taxonomy
If you want to see only issues for a specific taxonomy, filtering by taxonomy is the way to do this.
- Click the filter icon.
- Note for Visual Studio users: The filter icon filters local issues only. Use the Taxonomy list to filter by taxonomy.
- Under Taxonomies, deselect all but Company Policy.
- Click OK.
The only issues you see listed are of the types included in the Company Policy taxonomy.