You need answers to complex questions about the security, reliability, and maintainability of your entire code base. Klocwork Insight provides detailed information through customizable dashboards. Code metrics can be organized by multiple criteria including team, geography, components, and other attributes.
Klocwork Insight's "drag and drop" feature makes it easy to get the data you need in the format you want, quickly. For example, on-the-fly build reporting and impact analysis mean developers immediately know whether an issue found in one code branch also exists in other streams.
Hi Morley here. Today we're going to look at how reports in Klocwork Review give fast answers to questions about the security and reliability of your code base.
Klocwork Review is Insight's web interface for reporting and project management.
The integration build analysis populates Review with detected issues and metrics.
Drag-and-drop reporting makes it easy to create almost any report. You're only limited by your imagination.
Let's see how we can answer a few key questions about code security and reliability.
The first question is: What do I do after the first integration build analysis?
Top Open Issues is a great place to start because it shows how different defect types are distributed in your build.
But this is an unfiltered view of everything detected in your build.
Clicking on any issue will give you the full details of what's going on. So this is your source code viewer so you can actually see. There are some hyperlink codes so you can find out more details about this defect. You have the description. You can change the status of it. So you can mark this as something you want to fix, add a comment, and so on and so forth, and even look at the trace back associated with this defect as well to step through what's actually making this defect.
What you want to do next is filter by severity, so that we only see high-priority defects.
Okay. So we've looked at pre-canned reports. You've drilled down into issue management. Now you can also create and store your own reports, correct?
Click Edit and drag Severity into the Filters area.
De-select everything but the highest severities. You can see how the report alters immediately to reflect changes.
Now, let's save this report.
Next question: Security is a big concern. How do I know which checkers I should care about?
Every checker is a potential security issue. Any bug can be a weakness that can be exploited.
You can set up your own checker taxonomy or use pre-defined coding standards installed with Insight.
We'll set up one of these standards and create a view. Think of a view as a consistent filter that can be applied to any report.
Let's call this view DISA-STIG.
Next, we add a Search string to filter by taxonomy. While we're here, let's search on severity 1- and -2 defects.
Previously, we added a filter to a single report. With this view, however, we can filter any report to show defects that apply to DISA-STIG and have the highest severity.
Let's apply this view to everything we're looking at in reports.
Now, let's create a report to show problematic modules in this build.
Drag Modules to the x-axis.
Next, group by Severity.
Since the DISA-STIG view already filters for the top two-severities - Critical and Error - these are the only severities we see in our report.
Let's save this. Now it's time for our next question.
How am I doing?
With each successive build, trending reports make it clear whether you're improving over time.
Let's create a report that shows project performance over time.
In this case, we drag Builds to our x-axis. Any report with builds across the x-axis is a trending report.
We'll drag State into the grouping area. State is a key progress indicator. States can be New, Existing or Fixed.
What we're looking for is a decrease in the number of New issues injected into the build. This indicates that developers are fixing defects before check-in and that's exactly what we're seeing here.
Now we have a few items that give us at-a-glance information about our project. Let's bind them together in our own dashboard.
You have the option of making this dashboard the default for all projects by adding a check here. If not, then this dashboard is the default for the current project only.
Single reports or dashboards can be shared by copying and pasting this link and providing it to team members.
This dashboard is a convenient way to get the current and long-term view of your project. All you need is a cup of coffee to go with it.
For more information about Klocwork and our products, visit klocwork.com. Thanks for watching!
Klocwork Insight automatically aggregates information about what is being found and fixed at the desktop even though it is never propagated into the source stream. This unique capability allows teams to better understand the bug reduction activity that is happening before code check-in, generating a bottom-up view of how well bug containment is working. This combined with the ability to organize metrics by people, groups, geography, components, and any other attribute that works for your organization, allows teams to identify early in an iteration the areas of greatest risk within their code base.
Klocwork's developer tools are used in many of the largest, most demanding software development environments in the world. Try it on your code today by requesting a free product trial.
Tasked with building the embedded software component for a next-generation human prosthetic, the Johns Hopkins University Applied Physics Laboratory software team turned to Klocwork's source code analysis tools to help [...]
Given the complexity of today's airborne software systems, the use of automated tools can assist in the successful on-time and on-budget delivery of these projects. Automated source code analysis [...]