What's new in Klocwork 2024.2
Released July 2024
Here are the highlights for Klocwork 2024.2. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.
Enhanced security and user experience with SAML and OIDC authentication
You can now integrate your identity provider (IdP) with Validate using Security Assertion Markup Language (SAML) or OpenID Connect (OIDC) authentication to enjoy benefits such as:
-
Enhanced security through centralized authentication
-
Simplified user management and experience through single sign-on (SSO)
Validate has been tested with the following identity providers:
-
SAML: Keycloak, Okta, AWS, Cisco, and Github
-
OIDC: Keycloak, Google, Microsoft Entra (formerly Azure AD), and AWS
To learn how to set up and configure SAML and OIDC, see Setting up SAML access control and Setting up OIDC access control.
Authenticate using application tokens
You can now create application tokens in Validate to securely authenticate with SAML or OIDC supported servers for the following tasks:
- Sign in to the command line tools using kwauth or validate auth. This is helpful on headless machines, where you cannot sign in with a username and password in a browser. See Authentication using application tokens.
- Import projects from Validate or the Web API. You will need an application token to authenticate instead of a username and password. You will still need a username and password to import projects from servers that use classic authentication. See Import or migrate projects using application tokens and Import your existing projects into a new projects root.
Note that SAML or OIDC device authorization (including for the desktop plug-ins) happens through the Validate login page, and uses an access code generated by kwauth
or validate auth
. To learn more, see Accessing Validate by Perforce.
Manage user sessions and tokens in Validate
Administrators can now manage individual user sessions through Validate. With this permission is enabled, you can log users out of their Validate sessions and revoke user tokens. To learn more, see Managing user sessions and tokens.
Enhanced password security in Validate
If you use basic authentication, you can now implement a secure password policy for Validate accounts. This requires your password to meet the following criteria:
-
A minimum of 8 characters
-
At least one uppercase letter
-
At least one lowercase letter
-
At least one number
-
At least one special character (such as !, @, # or $)
Existing passwords are not affected by this new policy. To learn more, see Enabling secure passwords.
Klocwork utility enhancements
You can now specify which Java Virtual Machine (JVM) the Klocwork Java tools use, by setting the KW_JAVA environment variable.
When this variable is set, the Klocwork Java tools will run using the JVM defined by KW_JAVA instead of the default JVM. This allows for greater flexibility and compatibility with different Java environments.
C and C++ enhancements
The Klocwork analysis engine for C/C++ can be run using classic, standard, or modern mode. If you do not specify an option, standard mode (recommended) is used by default. To learn more, see Specifying the C/C++ analysis engine mode.
Java enhancements
Instead of having to modify the build specification to focus on a select set of Java files for analysis, you can now use the --ignore-files
option in kwandroid.
Plug-in and tool enhancements
The following enhancements were made to the Klocwork plug-ins and tools:
- Depending on the version of your Validate server, plug-in, and tools, you can now connect to a project or stream in any plug-in using either classic authentication, or SAML or OIDC authentication. Simply refer to the instructions in the documentation for your desktop analysis tool, and follow the prompts on your screen.
- To streamline the deployment of your Klocwork analysis tools in automated environments, the continuous integration tools are now included in the Build Tools package.
Expanded coverage for coding standards
This release includes new and expanded coverage for the following coding standards:
-
CWE for Kotlin
Plug-ins and extensions
Depending on the version of your Validate server, plug-in, and tools, you can now connect to a project or stream in any plug-in using either classic authentication, or SAML or OIDC authentication. Refer to the instructions in the documentation for your desktop analysis tool, and follow the prompts on your screen.
Checker improvements
New checkers
The following checkers were added in this release:
Checker | Description |
---|---|
MISRA.TOKEN.WRONGESC.C.2004 and MISRA.TOKEN.WRONGESC.CPP.2008 | These MISRA checkers provide support for MISRA-C Rule 4.1 (required): Incorrect escape sequence in a literal and MISRA-C++ Rule 2-13-1 (required): Only those escape sequences that are defined in ISO/IEC 14882:2003 shall be used. |
Modified checkers
Checker | Description |
---|---|
A_UNUSED.GEN | Finds fewer false positives |
AUTOSAR.ADD.ENUM.OP | Finds fewer false positives |
FUNCRET.GEN | Finds fewer false positives |
LOCRET.RET | Finds fewer false positives |
MISRA.ETYPE.INAPPR.CAST.2012 | Finds fewer false positives |
MISRA.TOKEN.WRONGESC | Finds fewer false positives |
MISRA.VAR.UNIQUE.STATIC | Finds additional defects |
MLK.MUST | Finds fewer false positives |
NNTS.MUST | Finds fewer false positives |
NPD.CHECK.MIGHT | Finds fewer false positives |
NPD.FUNC.MIGHT | Finds fewer false positives |
NPD.FUNC.MUST | Finds fewer false positives |
SV.BRM.HKEY_LOCAL_MACHINE | Overall improvements to the checker |
UNINIT.CTOR.MUST | Finds fewer false positives |
UNINIT.HEAP.MUST | Finds fewer false positives |
UNINIT.STACK.MIGHT | Finds fewer false positives |
UNINIT.STACK.MUST | Finds fewer false positives |
Enabled or disabled checkers
No checkers were added to or removed from the default enabled
field of the checker configuration files in this release.
Taxonomy improvements
As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.
Taxonomy | Improvements |
---|---|
cert_c_all.tconf and cert_c_all_ja.tconf |
Added or modified checker mappings to the following rules:
|
cert_cpp.tconf and cert_cpp_ja.tconf | Substantial reorganization of the cert_cpp.tconf and cert_cpp_ja.tconf taxonomies. |
cwe_all_kt.tconf and cwe_all_kt_ja.tconf | Added new taxonomies that map Klocwork Kotlin checkers to the CWE IDs. |
Helix QAC taxonomies | Updated the Helix QAC taxonomies to Helix QAC version 2024.2. |
misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf misra_c_2004.tconf and misra_c_2004_ja.tconf misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf |
Substantial reorganization of The MISRA C and C++ taxonomies. Each taxonomy is now defined by using a rule-first approach, where the checkers are subcategories of rules in the taxonomies. |
Improvements to supported compilers
You'll find additional or improved support for the following compilers:
- Clang
- Clang-cl
- GCC
- IAR
- Renesas
For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.
Licensing
Klocwork supports Reprise License Manager (RLM).
2023 licenses are not compatible with Klocwork 2024.1 or newer. To use the latest version of the product, obtain a new license by contacting Perforce at license@perforce.com.
For more information, see Supported versions of RLM and Operating systems that support RLM dongles.
Changes to system requirements
In this release, we added support for:
-
AlmaLinux 9.4
-
Amazon Linux 2 (2.0.20240529.0 Update)
-
Android Studio Iguana (2023.2.1 Patch 2)
-
Chrome 115.x to 126.x
-
CLion 2023.1.7, 2023.2.4
-
Eclipse 4.32 (2024-06)
-
Fedora 40
-
Firefox 115.x to 127.x, 115.x ESR
-
Glibc 2.39
-
Gradle 8.8
-
IntelliJ IDEA 2023.1, 2023.2.7
-
Microsoft Edge 115.x to 126.x
-
openSUSE Leap 15.6
-
Oracle Linux 9.4
-
Red Hat Enterprise Linux 9.4
-
Rocky Linux 9.4
-
Ubuntu 22.04 to 22.04.4 LTS
-
Visual Studio 2017 version 15.9.63
-
Visual Studio 2019 version 16.11.37
-
Visual Studio 2022 version 17.10.3
-
VS Code 1.80.2 to 1.90.2
In this release, we ended support for:
-
Chrome 111.x to 114.x
-
Fedora 38
-
Firefox 111.x to 114.x
-
Jenkins plug-in
-
Microsoft Edge 111.x to 114.x
-
VS Code 1.76.2 to 1.80.1
For the complete list of supported versions, see System Requirements.
Removal of the Jenkins plug-in starting in 2024.2
Starting in Klocwork 2024.2, the Jenkins plug-in has been removed from Klocwork and the installation package is no longer provided.
Removal of Validate Code Review starting in 2024.2
Starting in Klocwork 2024.2, the Code Review function and its associated command line tools have been removed from Validate.
Discontinuation of NIS access control starting in Klocwork 2024.3
Starting in Klocwork 2024.3, NIS access control will no longer be supported. Some functionalities may be affected in Klocwork 2024.2.
When migrating from an earlier version to Klocwork 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade. For migration information, see Setting up NIS access control.
End of life notice for CentOS Linux 7 starting in Klocwork 2024.3
Starting in Klocwork 2024.3, the following operating systems and installers are not supported:
- CentOS Linux 7
Maintenance ending for Klocwork 2022
Maintenance (including end of maintenance and end of sale) for all 2022 versions of Klocwork ended on March 31, 2024. To learn about the support available for all Klocwork releases, see the Klocwork Product Lifecycle.
Discontinuation of docs.roguewave.com in 2024
The docs.roguewave.com site was discontinued in early 2024. For Klocwork versions 2021 and earlier, see the offline documentation that is included with the product.
Discontinuation of Klocwork Server installations in release 2023.4
Starting from release 2023.4, Klocwork Server installations have been discontinued. You can transition to a Validate installation, which is designed to provide a more streamlined and integrated experience.
When transitioning from Klocwork to Validate:
Stop your Klocwork instance and back up the projects_root directory.
During Validate install, set the projects_root directory location to your current projects_root directory.
If you are currently using non-default values for ports or license server, be sure to set the same values when you install Validate.
Discontinuation of issue grouping
Starting from Klocwork 2023.3, issue grouping is turned off by default for new projects.
To help avoid issues, turn off issue grouping before you upgrade Klocwork.