Klocwork 2020.3 delivers greater language and standards coverage and simplifies DevOps workflow
Klocwork by Perforce, a comprehensive testing solution, has unveiled its latest release — Klocwork 2020.3.
Improved SAST Continuous Compliance Coverage
Klocwork is part of Perforce’s comprehensive testing solution that includes static application security testing (SAST), static analysis for functional safety compliance, enterprise-class web, and mobile testing solutions, and compliance traceability.
Development and DevOps teams rely on Klocwork as it provides a single solution for simplifying security defect analysis, and offers comprehensive coverage for multi-language apps.
The latest release — Klocwork 2020.3 — expands Klocwork’s Continuous Compliance functionality with faster analysis, broader coverage, increased accuracy, and seamless integration into the developer and DevOps workflows.
Read More: Effective implementation of Penetrative Testing Automation
Enhanced DevSecOps Functionality
Klocwork makes automated security testing easy with integrations for development and DevOps tools — enabling developers to run an analysis anywhere. This includes support for desktop IDEs, CI/CD pipelines, containers, cloud build systems, and machine provisioning.
A defining feature of Klocwork is that it has been designed to integrate seamlessly with CI/CD pipelines to automate Continuous Compliance — safeguarding software from vulnerabilities with each commit.
An integral part of this process is Klocwork’s Differential Analysis, which delivers developers fast results by analyzing only the files that changed — providing them with the shortest analysis times.
Enhanced C# and Java Analysis Engine
Klocwork 2020.3 features an improved C# and Java analysis engine with broader language support, improved accuracy, and new defect detection. Other notable improvements include:
- C# analysis engine provides greater accuracy with a 33%* increase to defect detection and provides the ability to write custom syntactic and interprocedural data-flow rules.
- Java analysis engine provides 130% greater accuracy with a 2.5%* increase to defect detection and broader framework coverage.
- New and expanded security coding standard coverage and vulnerability checks for CWE, CERT, and PCI DSS.
Read More: Cyber security – Enterprises Are Still Struggling to Prioritize Security Vulnerabilities
- Introduction of the Klocwork Community — A framework for our users and professional services team to help shape the future of our coding standard coverage.
- New DevOps Integrations
- Klocwork Jenkins Plugin — Setup a security testing pipeline easily.
- Klocwork CLion IDE Plugin — Shift defect detection to your desktop.
These improvements have helped solidify Klocwork as the most accurate and precise comprehensive testing solution for DevSecOps across all embedded software development industries.