Coding standards mapped to Klocwork checkers
For comparison, we've mapped the Klocwork Java, C/C++, and C# checkers to their equivalent coding standards. See the following table for the list of standards and the equivalent Klocwork checker mappings.
C/C++ coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| AUTOSAR | 70%: 246/350 rules | AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers | List of Klocwork C/C++ checkers that map to the secure coding standard defined by the Automotive Open System Architecture (AUTOSAR), release18-10. | autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf |
| 73%: 257/350 rules | AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers - Strict | List of Klocwork C/C++ checkers that map to the secure coding standard defined by the Automotive Open System Architecture (AUTOSAR), release18-10. This list includes coverage for additional rules compared to the non-strict version. | autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf | |
| CERT Secure Coding Standard | 83%: 86/103 rules | SEI CERT C rules mapped to Klocwork and Klocwork community checkers | List of Klocwork C checkers that map to the secure coding standard defined by the computer emergency response team (CERT). | cert_c_rules.tconf and cert_c_rules_ja.tconf |
| SEI CERT rules and recommendations mapped to Klocwork and Klocwork community checkers | List of Klocwork C checkers that map to the secure coding rules and recommendations defined by the computer emergency response team (CERT). | cert_c_all.tconf and cert_c_all_ja.tconf | ||
| 76% 121/160 rules | CERT IDs mapped to Klocwork and Klocwork community checkers | List of Klocwork and Klocwork community C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT). |
cert_cpp.tconf and cert_cpp_ja.tconf cert_cpp_community.tconf and cert_cpp_community_ja.tconf |
|
| CWE | CWE IDs mapped to Klocwork C and C++ checkers | List of Klocwork C/C++ checkers that map to Common Weakness Enumeration (CWE) types. | cwe_all_cxx.tconf and cwe_all_cxx_ja.tconf | |
| 72%: 18/25 weaknesses | 2023 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork C/C++ checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_cxx.tconf and cwe_2023_top_25_cxx_ja.tconf | |
| 76%: 19/25 weaknesses | 2022 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork C/C++ checkers that map to the 2022 top 25 most dangerous software errors as defined by the CWE. | cwe_2022_top_25_cxx.tconf and cwe_2022_top_25_cxx_ja.tconf | |
| 72%: 18/25 weaknesses | 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork C/C++ checkers that map to the 2021 top 25 most dangerous software errors as defined by the CWE. | cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf | |
| CWE IDs mapped to Klocwork Kotlin checkers | List of Klocwork Kotlin checkers that map to Common Weakness Enumeration (CWE) types. | cwe_all_kt.tconf and cwe_all_kt_ja.tconf | ||
| DISA STIG | DISA STIG version 5 IDs mapped to Klocwork C and C++ checkers | List of Klocwork C/C++ checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). | disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf | |
| DISA STIG version 4 IDs mapped to Klocwork C and C++ checkers | List of Klocwork C/C++ checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 4). | disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf | ||
| HKMC Secure Coding Standard | 106/129: 82% | HKMC Secure C Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers | List of Klocwork C checkers that map to the Hyundai-Kia Motor Corp (HKMC) Secure C Coding Standard for Automotive Development. | hkmc_c.tconf and hkmc_c_ja.tconf |
| 55/80: 69% | HKMC Secure C++ Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers | List of Klocwork C++ checkers that map to the Hyundai-Kia Motor Corp (HKMC) Secure C++ Coding Standard for Automotive Development. |
hkmc_cpp.tconf and hkmc_cpp_ja.tconf |
|
| ISO/IEC TS 17961 | 78%: 36/46 rules | ISO/IEC TS 17961 C rules mapped to Klocwork checkers | List of Klocwork checkers that map to the ISO/IEC TS 17961 C secure coding rules. | iso_iec_ts_17961_c.tconf and iso_iec_ts_17961_c_ja.tconf |
| Joint Strike Fighter Air Vehicle Coding Standard | 68%: 65/139 IDs | Joint Strike Fighter Air Vehicle C++ IDs mapped to Klocwork C++ checkers | List of Klocwork C++ checkers that map to the Joint Strike Fighter Air Vehicle C++ coding standard. | jsf_av_rev_c_community_cpp.tconf and jsf_av_rev_c_community_cpp_ja.tconf |
| Klocwork Quality | 100%: 16/16 categories | Klocwork Quality Standard mapped to Klocwork C and C++ checkers | List of Klocwork C/C++ checkers that focus on improving overall code quality. | kw_quality_std_cxx.tconf and kw_quality_std_cxx_ja.tconf |
| 100% | Klocwork Quality Standard mapped to Klocwork community C and C++ checkers | List of Klocwork community C/C++ checkers that focus on improving overall code quality. | quality_community_cxx.tconf and quality_community_cxx_ja.tconf | |
| MISRA | 70%: 125/175 rules* | MISRA C++:2023 rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C++:2023 standard. | misra_cpp_2023.tconf and misra_cpp_2023_ja.tconf |
| 91%: 195/216 rules | MISRA C++:2008 rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C++:2008 standard. | misra_cpp_2008.tconf and misra_cpp_2008_ja.tconf | |
| *coverage for MISRA C 2012 or MISRA C 2023 requires an additional package from Customer Support. | ||||
| 78%: 156/200 rules* | MISRA C:2023 C11 rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C:2023 C11 standard. | misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf | |
| 78%: 156/200 rules* | MISRA C:2023 C90/C99 rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C:2023 C90/C99 standard. | misra_c_2023_c90.tconf, misra_c_2023_c90_ja.tconf, misra_c_2023_c99.tconf, and misra_c_2023_c99_ja.tconf | |
| 97%: 154/158 rules* | MISRA C:2012 with Amendment 2 (C11) rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 (C11) standard. | misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf | |
| 97%: 154/158 rules* | MISRA C:2012 with Amendment 2 (C90/C99) rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C:2012 Amendment 2 (C90/C99) standard. | misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf, misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf | |
| 96%: 124/131 rules | MISRA C:2004 rules mapped to Klocwork checkers | List of Klocwork checkers that map to the MISRA C:2004 standard. | misra_c_2004.tconf and misra_c_2004_ja.tconf | |
| NASA: Power of Ten: Rules for Developing Safety-Critical Code | 70%: 7/10 rules | NASA: Ten Rules for Safety Critical Coding mapped to Klocwork checkers | List of Klocwork C/C++ checkers that map to the ten rules for safety critical coding as defined by NASA. | nasa_10_c.tconf and nasa_10_c_ja.tconf |
| OWASP | 70%: 7/10 risks | OWASP Top 10 Security Risks for 2021 mapped to Klocwork C/C++ checkers | List of Klocwork C/C++ checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2021_10_cxx.tconf and owasp_2021_10_cxx_ja.tconf |
| Payment Card Industry Data Security Standard | 78%: 7/9 IDs | Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers | List of Klocwork C/C++ checkers that map to the PCI DSS, version 3.2.1. | pci_3_2_1_cxx.tconf and pci_3_2_1_cxx_ja.tconf |
C# coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| CWE | CWE IDs mapped to Klocwork C# checkers | List of Klocwork C# checkers that map to the Common Weakness Enumeration (CWE) types. | cwe_all_cs.tconf and cwe_all_cs_ja.tconf | |
| 72%: 18/25 weaknesses | 2023 CWE Top 25 Most Dangerous Software Weaknesses mapped to Klocwork checkers | List of Klocwork C# checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_cs.tconf and cwe_2023_top_25_cs_ja.tconf | |
| 76%: 19/25 weaknesses | 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork C# checkers that map to the 2020 top 25 most dangerous software errors as defined by the CWE. | cwe_2021_top_25_cs.tconf and cwe_2021_top_25_cs_ja.tconf | |
| DISA STIG | List of Klocwork C# checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). | disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf | ||
| Klocwork Quality | 100%: 11/11 categories | Klocwork Quality Standard mapped to Klocwork C# checkers | List of Klocwork C# checkers that focus on improving overall code quality. | kw_quality_std_cs.tconf and kw_quality_std_cs_ja.tconf |
| 100% | Klocwork Quality Standard mapped to Klocwork community C# checkers | List of Klocwork Community C# checkers that focus on improving overall code quality. | quality_community_cs.tconf and quality_community_cs_ja.tconf | |
| OWASP | 70%: 7/10 risks | OWASP Top 10 Security Risks for 2021 mapped to Klocwork C# checkers | List of Klocwork C# checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2021_10_cs.tconf and owasp_2021_10_cs_ja.tconf |
| 100%: 10/10 risks | OWASP Top 10 Security Risks for 2017 mapped to Klocwork C# checkers | List of Klocwork C# checkers that map to the 2017 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2017_10_cs.tconf and owasp_2017_10_cs_ja.tconf | |
| Payment Card Industry Data Security Standard | 50%: 5/10 IDs | Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers | List of Klocwork C# checkers that map to the PCI DSS, version 3.2.1. | pci_3_2_1_cs.tconf and pci_3_2_1_cs_ja.tconf |
Java coding standards
| Standard | Coverage | Mapping | Description | Taxonomy File Name |
|---|---|---|---|---|
| CERT Secure Coding Standard | CERT Java IDs mapped Klocwork Java checkers | List of Klocwork Java checkers that map to the secure coding standard defined by the computer emergency response team (CERT). | cert_java.tconf and cert_java_ja.tconf | |
| CWE | CWE IDs mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the Common Weakness Enumeration (CWE) types. | cwe_all_java.tconf and cwe_all_java_ja.tconf | |
| 76%: 19/25 weaknesses | 2023 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork Java checkers that map to the 2023 top 25 most dangerous software errors as defined by the CWE. | cwe_2023_top_25_java.tconf and cwe_2023_top_25_java_ja.tconf | |
| 84%: 21/25 weaknesses | 2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers | List of Klocwork Java checkers that map to the 2021 top 25 most dangerous software errors as defined by the CWE. | cwe_2021_top_25_java.tconf and cwe_2021_top_25_java_ja.tconf | |
| DISA STIG | DISA STIG version 5 IDs mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 5). | disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf | |
| DISA STIG version 4 IDs mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 4). | disa_stig_v4_java.tconf and disa_stig_v4_java_ja.tconf | ||
| Klocwork Quality | 100%: 12/12 categories | Klocwork Quality Standard mapped to Klocwork Java checkers | List of Klocwork Java checkers that focus on improving overall code quality. | kw_quality_std_java.tconf and kw_quality_std_java_ja.tconf |
| 100% | Klocwork Quality Standard mapped to Klocwork community Java checkers | List of Klocwork community Java checkers that focus on improving overall code quality. | quality_community_java and quality_community_java_ja | |
| OWASP | 100%: 10/10 risks | OWASP Top 10 Security Risks for 2021 mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2021_10_java.tconf and owasp_2021_10_java_ja.tconf |
| 100%: 10/10 risks | OWASP Top 10 Security Risks for 2017 mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the 2017 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2017_10_java.tconf and owasp_2017_10_java_ja.tconf | |
| 80%: 8/10 risks | OWASP Top 10 Security Risks for 2013 mapped to Klocwork Java checkers | List of Klocwork Java checkers that map to the 2013 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). | owasp_2013_10_java.tconf and owasp_2013_10_java_ja.tconf | |
| Payment Card Industry Data Security Standard | 100%: 9/9 IDs | Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers | List of Klocwork Java checkers that map to the PCI DSS, version 3.2.1. | pci_3_2_1_java.tconf and pci_3_2_1_java_ja.tconf |
JavaScript coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| CWE | CWE IDs mapped to Klocwork JavaScript checkers | List of JavaScript checkers that map to the Common Weakness Enumeration (CWE) types. | cwe_all_js.base.tconf and cwe_all_js.base_ja.tconf | |
| OWASP | OWASP Top 10 Security Risks for 2021 mapped to Klocwork JavaScript checkers | List of Python checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). |
owasp_2021_10_js.base.tconf and owasp_2021_10_js.base_ja.tconf |
Kotlin coding standards
| Standard | Coverage | Mapping | Description | Taxonomy File Name |
|---|---|---|---|---|
| CWE | CWE IDs mapped to Klocwork Kotlin checkers | List of Klocwork Kotlin checkers that map to the Common Weakness Enumeration (CWE) types. | cwe_all_kt.tconf and cwe_all_kt_ja.tconf |
Python coding standards
| Standard | Coverage | Mapping | Description | File Name |
|---|---|---|---|---|
| CWE | CWE IDs mapped to Klocwork Python checkers | Lists of Python checkers that map to the Common Weakness Enumeration (CWE) types. |
cwe_all_py3.tconf and cwe_all_py3_ja.tconf |
|
| OWASP | OWASP Top 10 Security Risks for 2021 mapped to Klocwork Python checkers | List of Python checkers that map to the 2021 Top 10 security risks as defined by the Open Web Application Security Project (OWASP). |
owasp_2021_10_py3.tconf and owasp_2021_10_py3_ja.tconf |
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.