Two new tests, so-called checkers, have been added to discover security breaches. New functions help to improve scalability and usability, such as displaying calling functions when reviewing source code in the Klocwork internet portal. For the first time, the new 2016 release Klocwork also supports the ARC MetaWare Compiler from Synopsys.
The tool allows performing static analysis of embedded software written in Java, C/C++ and C#. While it has been possible to perform MISRA guidelines tests from its inception, the new version has 51 additional checks. As a result, about 65% of all guidelines can be tested. Even some MISRA-C:2012 directives can be tested, though they are difficult to access by static code analysis tools.
Besides faster execution time for Continuous Integration, now there are also plug-ins for the most popular CI tools such as Jenkins and Team City. Beyond that, Klocwork can be used alongside any CI tool that works with command lines and scripts.
The two new security checkers address the issues number 22 and 327 in the Common Weakness Enumeration (CWE). CWE-22 refers to a problem called Improper Limitation of a Pathname to a Restricted Directory; CWE-327 deals with the use of broken or risky cryptographic algorithms.
The tool supports Windows 10 as well as Android Studio.
More information: www.hitex.com