What's new with Klocwork

Klocwork 2017.1

Introducing Klocwork security reports

Klocwork 2017.1 introduces new built-in security reports to easily visualize the security status and vulnerability trends in your most important software projects. These reports are ideal for including in project status reports to management and other stakeholders.

  • Easily create security reports based on the most popular security rules, such as the CWE Top 25, CERT-C, DISA-STIG, and more
  • Each report provides vulnerability trends, top 3 new vulnerabilities, and identifies riskiest areas of code

Video: Reporting with Klocwork

Support for Visual Studio 2017

  • Find and fix defects quickly and easily with the latest IDEs, including Visual Studio 2017

Detect the most critical security vulnerabilities

Klocwork 2017.1 includes coverage for additional Java security vulnerabilities:

  • CWE-311: Missing Encryption of Sensitive Data
  • CWE-352: Cross Site Request Forgery

Klocwork 2017.1 features expanded coverage of the CERT-C security standard, with the addition of 49 new rules.

New MISRA 2012 support

New MISRA 2012 Rules added:

  • Rule 4.1: Octal and hexadecimal escape sequences shall be terminated.
  • Rule 5.4: Macro identifiers shall be distinct.
  • Rule 17.6: The declaration of an array parameter shall not contain the static keyword between the [ ].
  • Rule 22.4: There shall be no attempt to write to a stream which has been opened as read-only.

100% coverage of C#6.0 language features

The following C#6.0 features have been added in Klocwork 2017.1:

  • Overload resolution
  • Exception filters

Improved and additional compiler support

  • Microchip MPLAB XC8 C
  • GNU
  • Synopsys ARC MetaWare

Recent features introduced by Klocwork 2017

Introducing SmarkRank - find and prioritize defects fast

Klocwork SmartRank helps developers prioritize issues and select which defects they will work on first. SmartRank provides a recommendation on which issues should be investigated first – the most valuable issues are at the top of the SmartRank list.

  • A defect recommendation engine to help developers prioritize and select which issues to work on first
  • Based on a sophisticated analysis of each individual defect during the (regardless of defect type or severity)
  • Use SmartRank with views, modules, and filters to improve developer efficiency when correcting quality and security issues

Launch of upgraded Analysis Engine

  • A number of algorithmic improvements have been made over the last few releases and are now completely integrated
  • Latest development includes improved tracking of numeric intervals for symbolic expressions
  • The results is increased accuracy and a 10 percent faster analysis times
  • The accuracy of the following checkers has been improved:
    • INFINITE_LOOP.LOCAL
    • ITER.CONTAINER.MODIFIED
    • MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012
    • MISRA.FUNC.UNUSEDPAR
    • RABV.CHECK
    • RCA
    • V.TAINTED.INDEX_ACCESS

New Visual Studio extension

  • New terminology introduced: Desktop and server issues
  • Faster loading and sorting of issues in the IDE

New MISRA 2012 and Amendment 1 support:

  • 2 new taxonomies added which include Amendment 1
  • New MISRA 2012 Rules added:
    • Directive 4.14 (Added for Amendment 1)
    • Rule 8.4
    • Rule 13.3
    • Rule 17.8
    • Rule 18.4
    • Rule 21.8 (Updated for Amendment 1)
    • Rule 21.12
    • Rule 21.17 (Added for Amendment 1)
    • Rule 21.18 (Added for Amendment 1)
    • Rule 22.6

New C#6.0 language features:

  • Auto-property initializers
  • Function members with expression-bodies
  • Getter-only auto-properties
  • Index initializers
  • Using static

New C++11 features:

  • Alignment support
  • Strongly-typed enums

Klocwork continuous integration supports Jenkins plugin for MacOS

Improved and additional compiler support

  • Clang
  • GNU
  • HI-CROSS+ Motorola HC16 (new!)
  • Intel C++
  • MPLAB XC16 C (new!)
  • Nintendo N32 and N64 (new!)
  • Synopsys ARC MetaWare
  • WindRiver GCC