Klocwork is a widely-used Static Application Security Testing (SAST) solution from Perforce Software, designed for multiple programming languages with particular strength in C/C++ analysis.
The tool supports C, C++, C#, Java, JavaScript, Python, and Kotlin environments.
Key Features
The platform includes:
- Command-line interface capabilities
- REST API functionality
- Multiple export formats (XML, JSON, and PDF)
- Project Streams for managing shared codebases with multiple variants
- Integration with Perforce Validate Platform for centralized reporting
Enterprise Focus
Built for DevOps and DevSecOps environments, Klocwork accommodates projects at any scale and integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting.
IDE plugins are available for Visual Studio, Eclipse, and IntelliJ.
Differential Analysis Engine
The Differential Analysis engine delivers prompt analysis results while preserving precision by analyzing only changed files.
Integration with CI/CD pipelines enables automated Continuous Compliance, helping teams safeguard software from vulnerabilities with every commit.
Compliance Standards
Klocwork supports extensive compliance standards across security and safety domains:
Security Standards:
- CERT C/C++ Secure Coding
- CWE (Common Weakness Enumeration)
- OWASP Top 10
- DISA STIG
- PCI DSS
- ISO/IEC TS 17961
Safety Standards:
- MISRA C (2004, 2012, 2023)
- MISRA C++
- AUTOSAR C++14
- JSF AV C++
- NASA’s 10 Rules for Safety-Critical Code
Klocwork is TUV SUD certified for ISO 26262, IEC 61508, EN 50716, and IEC 62304, making it suitable for automotive, industrial, and medical device software development.
Supported Languages
- C
- C++
- C#
- Java
- JavaScript
- Python
- Kotlin