Coding standards mapped to Klocwork checkers
| In this topic: |
For comparison, we've mapped the Klocwork Java, C/C++, and C# checkers to their equivalent coding standards. See the following tables for the list of standards and the equivalent Klocwork checker mappings.
C/C++ coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| Automotive Open System Architecture (AUTOSAR) | 70%: 246/350 rules | AUTOSAR 18-10: C and C++ | List of Klocwork C/C++ checkers that map to the secure coding standard defined by AUTOSAR release18-10. | autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf |
| 73%: 257/350 rules | AUTOSAR 18-10 Standard (strict): C and C++ | List of Klocwork C/C++ checkers that map to the secure coding standard defined by AUTOSAR release18-10. This list includes coverage for additional rules compared to the non-strict version. | autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf | |
| Common Weakness Enumeration (CWE) | CWE IDs: C and C++ | List of Klocwork C/C++ checkers that map to the CWE types. | cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf | |
| 72%: 18/25 weaknesses | CWE 2024 Top 25 Most Dangerous Software Errors: C and C++ | List of Klocwork C/C++ checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. | cwe_2024_top_25_cxx.tconf and cwe_2024_top_25_cxx_ja.tconf | |
| 72%: 18/25 weaknesses | CWE 2023 Top 25 Most Dangerous Software Errors: C and C++ | List of Klocwork C/C++ checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf | |
| Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) | DISA STIG version 6 IDs: C and C++ | List of Klocwork C/C++ checkers that map to the STIG version 6. | disa_stig_v6_cxx.tconf and disa_stig_v6_cxx_ja.tconf | |
| DISA STIG version 5 IDs: C and C++ | List of Klocwork C/C++ checkers that map to the STIG version 5. | disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf | ||
| Hyundai-Kia Motor Corp (HKMC) Secure Coding Standard for Automotive Development | 94/129: 73% | HKMC Secure C Coding Standard for Automotive Development | List of Klocwork C checkers that map to the HKMC Secure C Coding Standard for Automotive Development. | hkmc_c.tconf and hkmc_c_ja.tconf |
| 59/80: 74% | HKMC Secure C++ Coding Standard for Automotive Development | List of Klocwork C++ checkers that map to the HKMC Secure C++ Coding Standard for Automotive Development. |
hkmc_cpp.tconf and hkmc_cpp_ja.tconf |
|
| ISO/IEC TS 17961 | 78%: 36/46 rules | ISO/IEC TS 17961 C rules | List of Klocwork checkers that map to the ISO/IEC TS 17961 C secure coding rules. | iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf |
| Joint Strike Fighter Air Vehicle (JSF AV) Coding Standard | 68%: 65/139 IDs | JSF AV C++ IDs | List of Klocwork C++ checkers that map to the JSF AV C++ coding standard. | jsf_av_rev_c_cpp.tconf and jsf_av_rev_c_cpp_ja.tconf |
| Klocwork Quality Standard | 100%: 16/16 categories | Klocwork Quality Standard: C and C++ | List of Klocwork C/C++ checkers that focus on improving overall code quality. | kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf |
| MISRA | 70%: 125/175 rules | MISRA C++:2023 rules | List of Klocwork checkers that map to the MISRA C++:2023 standard. | misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf |
| 91%: 195/216 rules | MISRA C++:2008 rules | List of Klocwork checkers that map to the MISRA C++:2008 standard. | misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf | |
| MISRA C:2025 C11 rules | List of Klocwork checkers that map to the MISRA C:2025 C11 standard. | misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf | ||
| MISRA C:2025 C90/C99 rules | List of Klocwork checkers that map to the MISRA C:2025 C90/C99 standard. | misra_c_2025_c90.tconf, misra_c_2025_c90_ja.tconf, misra_c_2025_c99.tconf, and misra_c_2025_c99_ja.tconf | ||
|
80%: 160/200 rules |
MISRA C:2023 C11 rules | List of Klocwork checkers that map to the MISRA C:2023 C11 standard. | misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf | |
| 80%: 160/200 rules | MISRA C:2023 C90/C99 rules | List of Klocwork checkers that map to the MISRA C:2023 C90/C99 standard. | misra_c_2023_c90.tconf, misra_c_2023_c90_ja.tconf, misra_c_2023_c99.tconf, and misra_c_2023_c99_ja.tconf | |
| 100%: 158/158 rules | MISRA C:2012 Amendment 2 C11 rules | List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 C11 standard. | misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf | |
| 100%: 158/158 rules | MISRA C:2012 Amendment 2 C90/C99 rules | List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 C90/C99 standard. | misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf, misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf | |
| 96%: 124/131 rules | MISRA C:2004 rules | List of Klocwork checkers that map to the MISRA C:2004 standard. | misra_c_2004.tconf and misra_c_2004_ja.tconf | |
| NASA Power of Ten: Rules for Developing Safety-Critical Code | 70%: 7/10 rules | NASA: Ten Rules for Safety Critical Coding: C and C++ | List of Klocwork C/C++ checkers that map to the ten rules for safety critical coding as defined by NASA. | nasa_10_c.tconf and nasa_10_c_ja.tconf |
| Open Web Application Security Project (OWASP) | 70%: 7/10 risks | OWASP Top 10 Security Risks for 2021: C and C++ | List of Klocwork C/C++ checkers that map to the 2021 Top 10 security risks as defined by OWASP. | owasp_2021_10_cxx.tconf and owasp_2021_10_cxx_ja.tconf |
| OWASP Top 10 Security Risks for 2025: C and C++ | List of Klocwork C/C++ checkers that map to the 2025 Top 10 security risks as defined by OWASP. | owasp_2025_10_cxx.tconf and owasp_2025_10_cxx_ja.tconf | ||
| Payment Card Industry Data Security Standard (PCI DSS) | 78%: 7/9 IDs | PCI DSS IDs: C and C++ | List of Klocwork C/C++ checkers that map to the PCI DSS version 3.2.1. | pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf |
| SEI CERT Secure Coding Standard | 83%: 99/120 rules | SEI CERT C rules | List of Klocwork C checkers that map to the secure coding standard defined by CERT. | cert_c_rules.tconf and cert_c_rules_ja.tconf |
| SEI CERT C rules and recommendations | List of Klocwork C checkers that map to the secure coding rules and recommendations defined by CERT. | cert_c_all.tconf and cert_c_all_ja.tconf | ||
| 79% 138/174 rules | SEI CERT C++ rules | List of Klocwork C++ checkers that map to the secure coding standard defined by CERT. |
cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf |
C# coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| CWE | CWE IDs: C# | List of Klocwork C# checkers that map to the CWE types. | cwe_all_cs.tconf and cwe_all_cs_ja.tconf | |
| 80%: 20/25 weaknesses | 2024 CWE Top 25 Most Dangerous Software Weaknesses | List of Klocwork C# checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. | cwe_2024_top_25_cs.tconf and cwe_2024_top_25_cs_ja.tconf | |
| 72%: 18/25 weaknesses | 2023 CWE Top 25 Most Dangerous Software Weaknesses | List of Klocwork C# checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf | |
| Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) | List of Klocwork C# checkers that map to the STIGs version 6. | disa_stig_v6_cs.tconf and disa_stig_v6_cs_ja.tconf | ||
| List of Klocwork C# checkers that map to the STIGs version 5. | disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf | |||
| Klocwork Quality Standard | 100%: 11/11 categories | Klocwork Quality Standard | List of Klocwork C# checkers that focus on improving overall code quality. | kw_quality_std_cs.tconf and kw_quality_std_cs_ja.tconf |
| Open Web Application Security Project (OWASP) | 70%: 7/10 risks | OWASP Top 10 Security Risks for 2021 | List of Klocwork C# checkers that map to the 2021 Top 10 security risks as defined by OWASP. | owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf |
| OWASP Top 10 Security Risks for 2025 | List of Klocwork C# checkers that map to the 2025 Top 10 security risks as defined by OWASP. | owasp_2025_10_cs.tconf and owasp_2025_10_cs_ja.tconf | ||
| Payment Card Industry Data Security Standard (PCI DSS) | 50%: 5/10 IDs | Payment Card Industry Data Security Standard IDs | List of Klocwork C# checkers that map to the PCI DSS version 3.2.1. | pci_3_2_1_cs.tconf and pci_3_2_1_cs_ja.tconf |
Java coding standards
| Standard | Coverage | Mapping | Description | Taxonomy File Name |
|---|---|---|---|---|
| SEI CERT Secure Coding Standard | CERT IDs: Java | List of Klocwork Java checkers that map to the secure coding standard defined by CERT. | cert_java.tconf and cert_java_ja.tconf | |
| Common Weakness Enumeration (CWE) | CWE IDs: Java | List of Klocwork Java checkers that map to the CWE types. | cwe_all_java.tconf and cwe_all_java_ja.tconf | |
| 76%: 19/25 weaknesses | 2024 CWE Top 25 Most Dangerous Software Errors: Java | List of Klocwork Java checkers that map to the 2024 top 25 most dangerous software errors as defined by the CWE. | cwe_2024_top_25_java.tconf and cwe_2024_top_25_java_ja.tconf | |
| 76%: 19/25 weaknesses | 2023 CWE Top 25 Most Dangerous Software Errors: Java | List of Klocwork Java checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf | |
| Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) | DISA STIG version 6 IDs: Java | List of Klocwork Java checkers that map to the STIG version 6. | disa_stig_v6_java.tconf and disa_stig_v6_java_ja.tconf | |
| DISA STIG version 5 IDs: Java | List of Klocwork Java checkers that map to the STIG version 5. | disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf | ||
| Klocwork Quality Standard | 100%: 12/12 categories | Klocwork Quality Standard: Java | List of Klocwork Java checkers that focus on improving overall code quality. | kw_quality_std_java.tconf and kw_quality_std_java_ja.tconf |
| Open Web Application Security Project (OWASP) | 100%: 10/10 risks | OWASP Top 10 Security Risks for 2021: Java | List of Klocwork Java checkers that map to the 2021 Top 10 security risks as defined by OWASP. | owasp_2021_10_java.tconf and owasp_2021_10_java_ja.tconf |
| OWASP Top 10 Security Risks for 2025: Java | List of Klocwork Java checkers that map to the 2025 Top 10 security risks as defined by OWASP. | owasp_2025_10_java.tconf and owasp_2025_10_java_ja.tconf | ||
| Payment Card Industry Data Security Standard (PCI DSS) | 100%: 9/9 IDs | PCI DSS IDs: Java | List of Klocwork Java checkers that map to the PCI DSS version 3.2.1. | pci_3_2_1_java.tconf and pci_3_2_1_java_ja.tconf |
JavaScript coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| Common Weakness Enumeration (CWE) | CWE IDs: JavaScript | List of JavaScript checkers that map to the CWE types. | cwe_all_js.base.tconf and cwe_all_js.base_ja.tconf | |
| Open Web Application Security Project (OWASP) | OWASP Top 10 Security Risks for 2021: JavaScript | List of JavaScript checkers that map to the 2021 Top 10 security risks as defined by OWASP. |
owasp_2021_10_js.base.tconf and owasp_2021_10_js.base_ja.tconf |
|
| OWASP Top 10 Security Risks for 2025: JavaScript | List of JavaScript checkers that map to the 2025 Top 10 security risks as defined by OWASP. |
owasp_2025_10_js.base.tconf and owasp_2025_10_js.base_ja.tconf |
Kotlin coding standards
| Standard | Coverage | Mapping | Description | Taxonomy File Name |
|---|---|---|---|---|
| Common Weakness Enumeration (CWE) | CWE IDs: Kotlin | List of Klocwork Kotlin checkers that map to the CWE types. | cwe_all_kt.tconf and cwe_all_kt_ja.tconf | |
| Open Web Application Security Project (OWASP) | OWASP Top 10 Security Risks for 2025: Kotlin | List of Kotlin checkers that map to the 2025 Top 10 security risks as defined by OWASP. |
owasp_2025_10_kt.tconf and owasp_2025_10_kt_ja.tconf |
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.