Coding standards mapped to Klocwork checkers

For comparison, we've mapped the Klocwork Java, C/C++, and C# checkers to their equivalent coding standards. See the following table for the list of standards and the equivalent Klocwork checker mappings.

C/C++ coding standards

Standard Coverage Mapping Description File Name
AUTOSAR 70%: 246/350 rules AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers List of Klocwork C/C++ checkers that map to the secure coding standard defined by the Automotive Open System Architecture (AUTOSAR), release18-10. autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf
73%: 257/350 rules AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers - Strict List of Klocwork C/C++ checkers that map to the secure coding standard defined by the Automotive Open System Architecture (AUTOSAR), release18-10. This list includes coverage for additional rules compared to the non-strict version. autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf
CERT Secure Coding Standard 83%: 86/103 rules SEI CERT C rules mapped to Klocwork and Klocwork community checkers List of Klocwork C checkers that map to the secure coding standard defined by the computer emergency response team (CERT). cert_c_rules.tconf and cert_c_rules_ja.tconf
  SEI CERT rules and recommendations mapped to Klocwork and Klocwork community checkers List of Klocwork C checkers that map to the secure coding rules and recommendations defined by the computer emergency response team (CERT). cert_c_all.tconf and cert_c_all_ja.tconf
76% 121/160 rules CERT IDs mapped to Klocwork and Klocwork community checkers List of Klocwork C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT). List of both Klocwork and Klocwork community C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT).

cert_cpp.tconf and cert_cpp_ja.tconf

cert_cpp_community.tconf and cert_cpp_community_ja.tconf

CWE   CWE IDs mapped to Klocwork C and C++ checkers List of Klocwork C/C++ checkers that map to Common Weakness Enumeration (CWE) types. cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf
72%: 18/25 weaknesses 2023 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork C/C++ checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf
76%: 19/25 weaknesses 2022 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork C/C++ checkers that map to the 2022 top 25 most dangerous software errors as defined by the CWE. cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf
72%: 18/25 weaknesses 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork C/C++ checkers that map to the 2021 top 25 most dangerous software errors as defined by the CWE. cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf
  CWE IDs mapped to Klocwork Kotlin checkers List of Klocwork Kotlin checkers that map to Common Weakness Enumeration (CWE) types. cwe_all_kt.tconf and cwe_all_kt_ja.tconf
DISA STIG   DISA STIG version 5 IDs mapped to Klocwork C and C++ checkers List of Klocwork C/C++ checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf
  DISA STIG version 4 IDs mapped to Klocwork C and C++ checkers List of Klocwork C/C++ checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 4). disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf
HKMC Secure Coding Standard 106/129: 82% HKMC Secure C Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers List of Klocwork C checkers that map to the Hyundai-Kia Motor Corp (HKMC) Secure C Coding Standard for Automotive Development. hkmc_c.tconf and hkmc_c_ja.tconf
55/80: 69% HKMC Secure C++ Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers List of Klocwork C++ checkers that map to the Hyundai-Kia Motor Corp (HKMC) Secure C++ Coding Standard for Automotive Development.

hkmc_cpp.tconf and hkmc_cpp_ja.tconf

ISO/IEC TS 17961 78%: 36/46 rules ISO/IEC TS 17961 C rules mapped to Klocwork checkers List of Klocwork checkers that map to the ISO/IEC TS 17961 C secure coding rules. iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf
Joint Strike Fighter Air Vehicle Coding Standard 68%: 65/139 IDs Joint Strike Fighter Air Vehicle C++ IDs mapped to Klocwork C++ checkers List of Klocwork C++ checkers that map to the Joint Strike Fighter Air Vehicle C++ coding standard. jsf_av_rev_c_community_cpp.tconf and jsf_av_rev_c_community_cpp_ja.tconf
Klocwork Quality 100%: 16/16 categories Klocwork Quality Standard mapped to Klocwork C and C++ checkers List of Klocwork C/C++ checkers that focus on improving overall code quality. kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf
100% Klocwork Quality Standard mapped to Klocwork community C and C++ checkers List of Klocwork community C/C++ checkers that focus on improving overall code quality. quality_community_cxx.tconf and quality_community_cxx_ja.tconf
MISRA 70%: 125/175 rules* MISRA C++:2023 rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C++:2023 standard. misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf
91%: 195/216 rules MISRA C++:2008 rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C++:2008 standard. misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf
*coverage for MISRA C 2012 or MISRA C 2023 requires an additional package from Customer Support.
78%: 156/200 rules* MISRA C:2023 C11 rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C:2023 C11 standard. misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf
78%: 156/200 rules* MISRA C:2023 C90/C99 rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C:2023 C90/C99 standard. misra_c_2023_c90.tconf, misra_c_2023_c90_ja.tconf, misra_c_2023_c99.tconf, and misra_c_2023_c99_ja.tconf
97%: 154/158 rules* MISRA C:2012 with Amendment 2 (C11) rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 (C11) standard. misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf
97%: 154/158 rules* MISRA C:2012 with Amendment 2 (C90/C99) rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 (C90/C99) standard. misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf, misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf
96%: 124/131 rules MISRA C:2004 rules mapped to Klocwork checkers List of Klocwork checkers that map to the MISRA C:2004 standard. misra_c_2004.tconf and misra_c_2004_ja.tconf
NASA: Power of Ten: Rules for Developing Safety-Critical Code 70%: 7/10 rules NASA: Ten Rules for Safety Critical Coding mapped to Klocwork checkers List of Klocwork C/C++ checkers that map to the ten rules for safety critical coding as defined by NASA. nasa_10_c.tconf and nasa_10_c_ja.tconf
OWASP 70%: 7/10 risks OWASP Top 10 Security Risks for 2021 mapped to Klocwork C/C++ checkers List of Klocwork C/C++ checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2021_10_cxx.tconf and owasp_2021_10_cxx_ja.tconf
Payment Card Industry Data Security Standard 78%: 7/9 IDs Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers List of Klocwork C/C++ checkers that map to the PCI DSS, version 3.2.1. pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf

C# coding standards

Standard Coverage Mapping Description File Name
 CWE    CWE IDs mapped to Klocwork C# checkers   List of Klocwork C# checkers that map to the Common Weakness Enumeration (CWE) types.   cwe_all_cs.tconf and cwe_all_cs_ja.tconf
72%: 18/25 weaknesses 2023 CWE Top 25 Most Dangerous Software Weaknesses mapped to Klocwork checkers List of Klocwork C# checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf
76%: 19/25 weaknesses 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork C# checkers that map to the 2020 top 25 most dangerous software errors as defined by the CWE. cwe_2021_top_25_cs.tconf and cwe_2021_top_25_cs_ja.tconf
DISA STIG  

DISA STIG version 5 IDs mapped to Klocwork C# checkers

List of Klocwork C# checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf
Klocwork Quality 100%: 11/11 categories Klocwork Quality Standard mapped to Klocwork C# checkers List of Klocwork C# checkers that focus on improving overall code quality. kw_quality_std_cs.tconf and kw_quality_std_cs_ja.tconf
100% Klocwork Quality Standard mapped to Klocwork community C# checkers List of Klocwork Community C# checkers that focus on improving overall code quality. quality_community_cs.tconf and quality_community_cs_ja.tconf
OWASP 70%: 7/10 risks OWASP Top 10 Security Risks for 2021 mapped to Klocwork C# checkers List of Klocwork C# checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf
100%: 10/10 risks OWASP Top 10 Security Risks for 2017 mapped to Klocwork C# checkers List of Klocwork C# checkers that map to the 2017 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2017_10_cs.tconf and owasp_2017_10_cs_ja.tconf
Payment Card Industry Data Security Standard 50%: 5/10 IDs Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers List of Klocwork C# checkers that map to the PCI DSS, version 3.2.1. pci_3_2_1_cs.tconf and pci_3_2_1_cs_ja.tconf

Java coding standards

Standard Coverage Mapping Description Taxonomy File Name
CERT Secure Coding Standard   CERT Java IDs mapped Klocwork Java checkers List of Klocwork Java checkers that map to the secure coding standard defined by the computer emergency response team (CERT). cert_java.tconf and cert_java_ja.tconf
CWE   CWE IDs mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the Common Weakness Enumeration (CWE) types. cwe_all_java.tconf and cwe_all_java_ja.tconf
76%: 19/25 weaknesses 2023 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork Java checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf
84%: 21/25 weaknesses 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers List of Klocwork Java checkers that map to the 2021 top 25 most dangerous software errors as defined by the CWE. cwe_2021_top_25_java.tconf and cwe_2021_top_25_java_ja.tconf
DISA STIG   DISA STIG version 5 IDs mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf
  DISA STIG version 4 IDs mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 4). disa_stig_v4_java.tconf and disa_stig_v4_java_ja.tconf
Klocwork Quality 100%: 12/12 categories Klocwork Quality Standard mapped to Klocwork Java checkers List of Klocwork Java checkers that focus on improving overall code quality. kw_quality_std_java.tconf and kw_quality_std_java_ja.tconf
100% Klocwork Quality Standard mapped to Klocwork community Java checkers List of Klocwork community Java checkers that focus on improving overall code quality. quality_community_java and quality_community_java_ja
OWASP 100%: 10/10 risks OWASP Top 10 Security Risks for 2021 mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2021_10_java.tconf and owasp_2021_10_java_ja.tconf
100%: 10/10 risks OWASP Top 10 Security Risks for 2017 mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the 2017 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2017_10_java.tconf and owasp_2017_10_java_ja.tconf
80%: 8/10 risks OWASP Top 10 Security Risks for 2013 mapped to Klocwork Java checkers List of Klocwork Java checkers that map to the 2013 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). owasp_2013_10_java.tconf and owasp_2013_10_java_ja.tconf
Payment Card Industry Data Security Standard 100%: 9/9 IDs Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers List of Klocwork Java checkers that map to the PCI DSS, version 3.2.1. pci_3_2_1_java.tconf and pci_3_2_1_java_ja.tconf

JavaScript coding standards

Standard Description File Name
CWE List of JavaScript checkers that map to the Common Weakness Enumeration (CWE) types. cwe_all_js.base.tconf and cwe_all_js.base_ja.tconf
OWASP List of Python checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP).

owasp_2021_10_js.base.tconf and owasp_2021_10_js.base_ja.tconf

 

Kotlin coding standards

Standard Coverage Mapping Description Taxonomy File Name
CWE   CWE IDs mapped to Klocwork Kotlin checkers List of Klocwork Kotlin checkers that map to the Common Weakness Enumeration (CWE) types. cwe_all_kt.tconf and cwe_all_kt_ja.tconf

Python coding standards

Standard Description File Name
CWE Lists of Python checkers that map to the Common Weakness Enumeration (CWE) types.

cwe_all_py3.tconf and cwe_all_py3_ja.tconf

OWASP List of Python checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP).

owasp_2021_10_py3.tconf and owasp_2021_10_py3_ja.tconf

"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited. ​