Differential analysis for CI/CD pipelines and Klocwork analysis

In this topic:
Supported environments Implementation steps

When it comes to your build analysis, you are likely running a nightly integration build. Klocwork also offers the ability to run differential analysis for CI/CD pipelines in conjunction with your regular integration analysis. Klocwork tools are designed to be DevOps ready, which makes it easy to include static code analysis as part of your continuous delivery pipelines.

Klocwork’s differential analysis for CI/CD pipelines capability enables your organization to identify and communicate errors faster, without waiting for nightly builds. By identifying and communicating issues faster, developers can fix problematic code earlier.

Using system context data (originating from your integration analysis) from the Klocwork Server, it is possible to analyze only the files that changed while also providing differential analysis results as if the entire system had been analyzed. This provides you with the shortest possible analysis times.

As developers update and commit code, the CI build system picks up the changes and performs many small, incremental builds throughout the day. Instead of waiting for nightly builds, Klocwork CI analyzes the new code and notifies developers of problems right away. Here’s an overview of the process:

Developers make changes to the code and commit them.
The CI build system detects the changes and builds the software.
Klocwork CI analyzes the changes and generates a list of new issues in the specified format.

Supported environments

Klocwork CI supports the following:

C/C++, C#, Java
Windows and Linux agents

Implementation steps

Determine when and where issues are to be reported
Determine how issues are to be triaged
Integrate Klocwork commands (such as kwciagent) into your jobs
Integrate reporting scripts into your jobs
Test to ensure everything is working as expected

kwciagent sample output

kwciagent list   --issue NPD.FUNC.MUST -F detailed
---------------------------------------------------------------------------
704 (Local) C:\Klocwork\demo\source\cvs1.12.11\cvs\src\client.c:2944                    
            NPD.FUNC.MUST (1:Critical) Analyze
Pointer 'date' returned from call to function 'format_date_alloc' at line 2943 may be NULL and will be dereferenced at line 2944.
  * client.c:2943: 'date' is assigned the return value from function                              
                   'format_date_alloc'.
  * client.c:2944: 'date' is dereferenced by formatted printing                               
                    function 'printf'.
Current status 'Analyze'

Summary: 1 Local
1 Total Issue(s)

Perforce is also here to help! If you need help with your CI integration with Klocwork, you can contact Static Code Analysis Professional Services to discuss assistance via a services engagement.