Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality.
Klocwork Key Features
Find Security Vulnerabilities with SAST
Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities – helping to find and fix security issues early and proving compliance to internationally recognized security standards.
DevSecOps: Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy.
Security Standards: CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961.
Security Vulnerability Detection: SQL Injection, Tainted Data, Buffer Overflow, Vulnerable Coding Practices, and many more.
Bug, Quality Issue, and Code Smell Detection: Null Pointer Dereferences/Exceptions, Memory/Resource Leaks, Uncaught Exceptions, and many more.
Image KW Key Features SAST
Project Streams provides easy management of shared code bases that have multiple variants or branches by simplifying project rule configuration, issue management, defect citing, reporting, and efficient data storage of analysis data.
Creating streams provides the following benefits:
Assign a single project rule configuration to all variants.
Issues common to multiple variants are automatically kept in sync and only require citing once.
Easily identify identical issues across multiple streams and issues unique to a specific stream.
Generate reports on individual streams for compliance, functional safety, or other evidential purposes.
More convenient organization and efficient storage of analysis data.