Getting started with Klocwork Desktop plugin for CLion

To learn about the available engine modes for C/C++, see Specifying the C/C++ analysis engine mode.

The Klocwork plugin for CLion helps you detect and fix issues before check-in.

As of 2022.4, we recommend that if you are using a version of the CLion plug-in older than 2022.4, you uninstall it before installing the latest version. You can find the version of your plug-in by selecting File > Settings > Plugins, go to the Installed tab and select Klocwork Static Analysis for CLion.

Searching for settings elements isn't currently supported.

Connect to a project or stream on the Validate Server

You get the most from static code analysis when you connect a small local project to a larger project or stream on the Validate Server. The small local project is analyzed quickly while incorporating Klocwork knowledge bases generated on the server where additional source files were analyzed (for example, shared libraries). Connecting to a server project or stream also allows you to share issue status information with the integration build analysis and among team members. You can run a standalone desktop analysis, but the analysis only derives knowledge from the local project's source files.

You perform this step only once for each project.

Connect to a project or stream using classic authentication

  1. In CLion, click File > Settings.
  2. Under Tools, select Klocwork System Settings and confirm that the information is correct.
  3. Under Tools, select Klocwork Project Settings and confirm that the information is correct.
    • Under Klocwork Build Specification, specify your build specification file location. You need to run kwinject to generate this file.
      You can also specify the location of your Klocwork Server Build Specification Template and relevant variables, if applicable, from this dialog.

    • Under Klocwork project, specify your project location, then click Refresh.

      • Parallel Analysisis enabled by default. To turn it off, deselect Enable Parallel Analysis.

  4. Enter your username and password, then click Login.

Connect to a project or stream using SAML or OIDC authentication

In Validate 2024.3, the authentication process was updated. If you are still using Validate 2024.2, follow the instructions in the 2024.2 online help.
  1. In CLion, click File > Settings.
  2. Under Tools, select Klocwork System Settings.
  3. Under Klocwork Server URL, specify the 2024.2 Klocwork server URL.

  4. Under Tools, select Klocwork Project Settings.

    • Under Klocwork project, specify your project location, then click Refresh.
    • In the Device Authorization window, click Copy Code, then click Open URL. The Validate Device Authorization page will open in your browser.
  5. In the Validate Device Authorization page, paste the code and click Authorize device. Validate shows that your device is now connected, and the application shows that authentication was successful.
  6. In the Device Authorization window, click OK.

Analyze your code

  1. In CLion, open the project you want to analyze.
  2. Click in the toolbar. You can also run analysis by opening the Tools menu and selecting Run Klocwork Analysis.
    By default, the plug-in runs analysis continuously, meaning that an analysis is triggered every time you save a file. If you prefer, you can disable this option in the Klocwork System Settings and only run the analysis manually.

When the analysis is complete, the Klocwork Issues tab shows the analysis results.

Investigate detected issues

In the Klocwork Issues tab:

  1. Click an issue in the list to view the source code where the issue appears.
  2. Use Traceback information to investigate the issue. Traceback lines link to events that contributed to the issue. Key statements that contribute to issues are marked with red rectangles and include a description of the problem.
  3. Get help on an issue by right-clicking the issue and selecting Show help.

Fix defects and ignore the rest

For a real defect:

  1. Fix the issue in your code and save your changes.
  2. Run the analysis by clicking .

    If the issue disappears from the list, it's fixed.

For an issue that doesn't need to be fixed:

  1. Right-click the issue in the list and select Change Status > Ignore.
  2. Enter a comment and click OK.

If you're connected to a project on the Klocwork Server, your changes are now visible to other developers, and in Validate. Your desktop project is also updated with any changes made by other developers. This happens even before another integration build analysis has been run.