Klocwork by Perforce Broadens SAST Continuous Compliance Coverage with Latest Release


Klocwork 2020.3 delivers greater language and standards coverage and simplifies DevOps workflow

Klocwork by Perforce, a comprehensive testing solution, has unveiled its latest release — Klocwork 2020.3.

Improved SAST Continuous Compliance Coverage

Klocwork is part of Perforce’s comprehensive testing solution that includes static application security testing (SAST), static analysis for functional safety compliance, enterprise-class web, and mobile testing solutions, and compliance traceability.

Development and DevOps teams rely on Klocwork as it provides a single solution for simplifying security defect analysis, and offers comprehensive coverage for multi-language apps.

The latest release — Klocwork 2020.3 — expands Klocwork’s Continuous Compliance functionality with faster analysis, broader coverage, increased accuracy, and seamless integration into the developer and DevOps workflows.

Read More: Effective implementation of Penetrative Testing Automation

Enhanced DevSecOps Functionality

Klocwork makes automated security testing easy with integrations for development and DevOps tools — enabling developers to run an analysis anywhere. This includes support for desktop IDEs, CI/CD pipelines, containers, cloud build systems, and machine provisioning.

A defining feature of Klocwork is that it has been designed to integrate seamlessly with CI/CD pipelines to automate Continuous Compliance — safeguarding software from vulnerabilities with each commit.

An integral part of this process is Klocwork’s Differential Analysis, which delivers developers fast results by analyzing only the files that changed — providing them with the shortest analysis times.

Enhanced C# and Java Analysis Engine

Klocwork 2020.3 features an improved C# and Java analysis engine with broader language support, improved accuracy, and new defect detection. Other notable improvements include:

  • C# analysis engine provides greater accuracy with a 33%* increase to defect detection and provides the ability to write custom syntactic and interprocedural data-flow rules.
  • Java analysis engine provides 130% greater accuracy with a 2.5%* increase to defect detection and broader framework coverage.
  • New and expanded security coding standard coverage and vulnerability checks for CWE, CERT, and PCI DSS.

Read More: Cyber security – Enterprises Are Still Struggling to Prioritize Security Vulnerabilities

  • Introduction of the Klocwork Community — A framework for our users and professional services team to help shape the future of our coding standard coverage.
  • New DevOps Integrations
    • Klocwork Jenkins Plugin — Setup a security testing pipeline easily.
    • Klocwork CLion IDE Plugin — Shift defect detection to your desktop.

These improvements have helped solidify Klocwork as the most accurate and precise comprehensive testing solution for DevSecOps across all embedded software development industries.