Klocwork by Perforce Logo

Klocwork by Perforce Broadens SAST Continuous Compliance Coverage

Klocwork 2020.3 delivers greater language and standards coverage and simplifies DevOps workflow

MINNEAPOLIS, September 9, 2020 – Klocwork by Perforce, a comprehensive testing solution, has unveiled its latest release — Klocwork 2020.3.

Improved SAST Continuous Compliance Coverage

Klocwork is part of Perforce’s comprehensive testing solution that includes static application security testing (SAST), static analysis for functional safety compliance, enterprise-class web and mobile testing solutions, and compliance traceability.

Development and DevOps teams rely on Klocwork as it provides a single solution for simplifying security defect analysis, and offers comprehensive coverage for multi-language apps.

The latest release — Klocwork 2020.3 — expands Klocwork’s Continuous Compliance functionality with faster analysis, broader coverage, increased accuracy, and seamless integration into developer and DevOps workflows.

Enhanced DevSecOps Functionality

Klocwork makes automated security testing easy with integrations for development and DevOps tools — enabling developers to run an analysis anywhere. This includes support for desktop IDEs, CI/CD pipelines, containers, cloud build systems, and machine provisioning.

A defining feature of Klocwork is that it has been designed to integrate seamlessly with CI/CD pipelines to automate Continuous Compliance — safeguarding software from vulnerabilities with each commit. An integral part of this process is Klocwork’s Differential Analysis, which delivers developers fast results by analyzing only the files that changed — providing them with the shortest analysis times.

Enhanced C# and Java Analysis Engine

Klocwork 2020.3 features an improved C# and Java analysis engine with broader language support, improved accuracy, and new defect detection. Other notable improvements include:

  • C# analysis engine provides greater accuracy with a 33%* increase to defect detection and provides the ability to write custom syntactic and interprocedural data-flow rules.
  • Java analysis engine provides 130% greater accuracy with a 2.5%* increase to defect detection and broader framework coverage.
  • New and expanded security coding standard coverage and vulnerability checks for CWE, CERT, and PCI DSS.
  • Introduction of the Klocwork Community — A framework for our users and professional services team to help shape the future of our coding standard coverage.
  • New DevOps Integrations
    • Klocwork Jenkins Plugin — Setup a security testing pipeline easily.
    • Klocwork CLion IDE Plugin — Shift defect detection to your desktop.

(*Based on internally benchmarked OSS projects.)

These improvements have helped solidify Klocwork as the most accurate and precise comprehensive testing solution for DevSecOps across all embedded software development industries.

About Klocwork by Perforce

Klocwork is part of Perforce’s comprehensive testing solution. It provides accurate and precise results for C, C++, C#, and Java coding languages.

Recognized for its strengths in secure coding, high-speed analysis, and DevOps functionality, Klocwork has been the trusted comprehensive testing solution for nearly 20 years for many embedded software developers — including the top eight global defense contractors. More details…