Coding standards mapped to Klocwork checkers

For comparison, we've mapped the Klocwork Java, C/C++, and C# checkers to their equivalent coding standards. See the following tables for the list of standards and the equivalent Klocwork checker mappings.

C/C++ coding standards

Standard Coverage Mapping Description File Name
Automotive Open System Architecture (AUTOSAR) 70%: 246/350 rules AUTOSAR 18-10: C and C++ List of Klocwork C/C++ checkers that map to the secure coding standard defined by AUTOSAR release18-10. autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf
73%: 257/350 rules AUTOSAR 18-10 Standard (strict): C and C++ List of Klocwork C/C++ checkers that map to the secure coding standard defined by AUTOSAR release18-10. This list includes coverage for additional rules compared to the non-strict version. autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf
Common Weakness Enumeration (CWE)   CWE IDs: C and C++ List of Klocwork C/C++ checkers that map to the CWE types. cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf
72%: 18/25 weaknesses CWE 2024 Top 25 Most Dangerous Software Errors: C and C++ List of Klocwork C/C++ checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. cwe_2024_top_25_cxx.tconf and cwe_2024_top_25_cxx_ja.tconf
72%: 18/25 weaknesses CWE 2023 Top 25 Most Dangerous Software Errors: C and C++ List of Klocwork C/C++ checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf
Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)   DISA STIG version 6 IDs: C and C++ List of Klocwork C/C++ checkers that map to the STIG version 6. disa_stig_v6_cxx.tconf and disa_stig_v6_cxx_ja.tconf
  DISA STIG version 5 IDs: C and C++ List of Klocwork C/C++ checkers that map to the STIG version 5. disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf
Hyundai-Kia Motor Corp (HKMC) Secure Coding Standard for Automotive Development 94/129: 73% HKMC Secure C Coding Standard for Automotive Development List of Klocwork C checkers that map to the HKMC Secure C Coding Standard for Automotive Development. hkmc_c.tconf and hkmc_c_ja.tconf
59/80: 74% HKMC Secure C++ Coding Standard for Automotive Development List of Klocwork C++ checkers that map to the HKMC Secure C++ Coding Standard for Automotive Development.

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

ISO/IEC TS 17961 78%: 36/46 rules ISO/IEC TS 17961 C rules List of Klocwork checkers that map to the ISO/IEC TS 17961 C secure coding rules. iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf
Joint Strike Fighter Air Vehicle (JSF AV) Coding Standard 68%: 65/139 IDs JSF AV C++ IDs List of Klocwork C++ checkers that map to the JSF AV C++ coding standard. jsf_av_rev_c_cpp.tconf and jsf_av_rev_c_cpp_ja.tconf
Klocwork Quality Standard 100%: 16/16 categories Klocwork Quality Standard: C and C++ List of Klocwork C/C++ checkers that focus on improving overall code quality. kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf
MISRA 70%: 125/175 rules* MISRA C++:2023 rules List of Klocwork checkers that map to the MISRA C++:2023 standard. misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf
91%: 195/216 rules MISRA C++:2008 rules List of Klocwork checkers that map to the MISRA C++:2008 standard. misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf
*coverage for MISRA C 2012, MISRA C 2023, and MISRA C 2025 requires an additional package from Customer Support.
  MISRA C:2025 C11 rules List of Klocwork checkers that map to the MISRA C:2025 C11 standard. misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf
  MISRA C:2025 C90/C99 rules List of Klocwork checkers that map to the MISRA C:2025 C90/C99 standard. misra_c_2025_c90.tconf, misra_c_2025_c90_ja.tconf, misra_c_2025_c99.tconf, and misra_c_2025_c99_ja.tconf
80%: 160/200 rules* MISRA C:2023 C11 rules List of Klocwork checkers that map to the MISRA C:2023 C11 standard. misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf
80%: 160/200 rules* MISRA C:2023 C90/C99 rules List of Klocwork checkers that map to the MISRA C:2023 C90/C99 standard. misra_c_2023_c90.tconf, misra_c_2023_c90_ja.tconf, misra_c_2023_c99.tconf, and misra_c_2023_c99_ja.tconf
100%: 158/158 rules* MISRA C:2012 Amendment 2 C11 rules List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 C11 standard. misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf
100%: 158/158 rules* MISRA C:2012 Amendment 2 C90/C99 rules List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 C90/C99 standard. misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf, misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf
96%: 124/131 rules MISRA C:2004 rules List of Klocwork checkers that map to the MISRA C:2004 standard. misra_c_2004.tconf and misra_c_2004_ja.tconf
NASA Power of Ten: Rules for Developing Safety-Critical Code 70%: 7/10 rules NASA: Ten Rules for Safety Critical Coding: C and C++ List of Klocwork C/C++ checkers that map to the ten rules for safety critical coding as defined by NASA. nasa_10_c.tconf and nasa_10_c_ja.tconf
Open Web Application Security Project (OWASP) 70%: 7/10 risks OWASP Top 10 Security Risks for 2021: C and C++ List of Klocwork C/C++ checkers that map to the 2021 Top 10 security risks as defined by OWASP. owasp_2021_10_cxx.tconf and owasp_2021_10_cxx_ja.tconf
Payment Card Industry Data Security Standard (PCI DSS) 78%: 7/9 IDs PCI DSS IDs: C and C++ List of Klocwork C/C++ checkers that map to the PCI DSS version 3.2.1. pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf
SEI CERT Secure Coding Standard 83%: 99/120 rules SEI CERT C rules List of Klocwork C checkers that map to the secure coding standard defined by CERT. cert_c_rules.tconf and cert_c_rules_ja.tconf
  SEI CERT C rules and recommendations List of Klocwork C checkers that map to the secure coding rules and recommendations defined by CERT. cert_c_all.tconf and cert_c_all_ja.tconf
79% 138/174 rules SEI CERT C++ rules List of Klocwork C++ checkers that map to the secure coding standard defined by CERT.

cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf

C# coding standards

Standard Coverage Mapping Description File Name
 CWE   CWE IDs: C# List of Klocwork C# checkers that map to the CWE types. cwe_all_cs.tconf and cwe_all_cs_ja.tconf
80%: 20/25 weaknesses 2024 CWE Top 25 Most Dangerous Software Weaknesses List of Klocwork C# checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. cwe_2024_top_25_cs.tconf and cwe_2024_top_25_cs_ja.tconf
72%: 18/25 weaknesses 2023 CWE Top 25 Most Dangerous Software Weaknesses List of Klocwork C# checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf
Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)  

DISA STIG version 6 IDs

List of Klocwork C# checkers that map to the STIGs version 6. disa_stig_v6_cs.tconf and disa_stig_v6_cs_ja.tconf
 

DISA STIG version 5 IDs

List of Klocwork C# checkers that map to the STIGs version 5. disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf
Klocwork Quality Standard 100%: 11/11 categories Klocwork Quality Standard List of Klocwork C# checkers that focus on improving overall code quality. kw_quality_std_cs.tconf and kw_quality_std_cs_ja.tconf
Open Web Application Security Project (OWASP) 70%: 7/10 risks OWASP Top 10 Security Risks for 2021 List of Klocwork C# checkers that map to the 2021 Top 10 security risks as defined by OWASP. owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf
100%: 10/10 risks OWASP Top 10 Security Risks for 2017 List of Klocwork C# checkers that map to the 2017 Top 10 security risks as defined by OWASP. owasp_2017_10_cs.tconf and owasp_2017_10_cs_ja.tconf
Payment Card Industry Data Security Standard (PCI DSS) 50%: 5/10 IDs Payment Card Industry Data Security Standard IDs List of Klocwork C# checkers that map to the PCI DSS version 3.2.1. pci_3_2_1_cs.tconf and pci_3_2_1_cs_ja.tconf

Java coding standards

Standard Coverage Mapping Description Taxonomy File Name
SEI CERT Secure Coding Standard   CERT IDs: Java List of Klocwork Java checkers that map to the secure coding standard defined by CERT. cert_java.tconf and cert_java_ja.tconf
Common Weakness Enumeration (CWE)   CWE IDs: Java List of Klocwork Java checkers that map to the CWE types. cwe_all_java.tconf and cwe_all_java_ja.tconf
76%: 19/25 weaknesses 2024 CWE Top 25 Most Dangerous Software Errors: Java List of Klocwork Java checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. cwe_2024_top_25_java.tconf and cwe_2024_top_25_java_ja.tconf
76%: 19/25 weaknesses 2023 CWE Top 25 Most Dangerous Software Errors: Java List of Klocwork Java checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf
Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)   DISA STIG version 6 IDs: Java List of Klocwork Java checkers that map to the STIG version 6. disa_stig_v6_java.tconf and disa_stig_v6_java_ja.tconf
  DISA STIG version 5 IDs: Java List of Klocwork Java checkers that map to the STIG version 5. disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf
Klocwork Quality Standard 100%: 12/12 categories Klocwork Quality Standard: Java List of Klocwork Java checkers that focus on improving overall code quality. kw_quality_std_java.tconf and kw_quality_std_java_ja.tconf
Open Web Application Security Project (OWASP) 100%: 10/10 risks OWASP Top 10 Security Risks for 2021: Java List of Klocwork Java checkers that map to the 2021 Top 10 security risks as defined by OWASP. owasp_2021_10_java.tconf and owasp_2021_10_java_ja.tconf
100%: 10/10 risks OWASP Top 10 Security Risks for 2017: Java List of Klocwork Java checkers that map to the 2017 Top 10 security risks as defined by OWASP. owasp_2017_10_java.tconf and owasp_2017_10_java_ja.tconf
Payment Card Industry Data Security Standard (PCI DSS) 100%: 9/9 IDs PCI DSS IDs: Java List of Klocwork Java checkers that map to the PCI DSS version 3.2.1. pci_3_2_1_java.tconf and pci_3_2_1_java_ja.tconf

JavaScript coding standards

Standard Coverage Mapping Description File Name
Common Weakness Enumeration (CWE)   CWE IDs: JavaScript List of JavaScript checkers that map to the CWE types. cwe_all_js.base.tconf and cwe_all_js.base_ja.tconf
Open Web Application Security Project (OWASP)   OWASP Top 10 Security Risks for 2021: JavaScript List of Python checkers that map to the 2021 Top 10 security risks as defined by OWASP.

owasp_2021_10_js.base.tconf and owasp_2021_10_js.base_ja.tconf

Kotlin coding standards

Standard Coverage Mapping Description Taxonomy File Name
Common Weakness Enumeration (CWE)   CWE IDs: Kotlin List of Klocwork Kotlin checkers that map to the CWE types. cwe_all_kt.tconf and cwe_all_kt_ja.tconf

"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited. ​