Creating a compliance report

You can create compliance reports in Validate which can help you determine the health of your code base when following industry standards such as MISRA. This report generates a document which identifies whether your current code base passes each compliance rule that is relevant to you.

As well as a compliance summary, each report provides details of global or file-based suppressions applied through the build's suppression configuration file (.sconf). For more information on issue suppression, see Filtering out issues using macros or files.

If you create a compliance report related to a QAC project, select the taxonomy that applies to the QAC RCF file. The C/C++ taxonomy is for Klocwork projects only. If you only have QAC results in your project, do not use Klocwork taxonomies as the reports will be empty.
 To get started, open the compliance report tool:
  1. From the Reports tab in Validate, click Compliance Report at the bottom of the menu. The Compliance Report UI appears. You can access previously generated reports in the left panel; the right panel provides the controls you can use to generate reports.
  2. Select the taxonomy you want to run the report against, for example, C and C++.
  3. Under Build, select which build you want to use in the report.
  4. Under Views, select the view used in the report. If this field is blank, the report uses the default view.
  5. Under Report Format, you can select the MISRA option to generate a report in the MISRA 2020 guidelines format.
  6. Under Output File Type, select the output type for the report. The default is PDF.
  7. Under Output File Name, select the name of the report. By default, the file name is '<project_name> <specified build>'
  8. Under Output Folder Name, select where to save the report. The default is the root folder of the compliance reports in the left sidebar.
  9. Select Summary Only to only show the summary of rule violations in the report. By default, both summary and detailed violation and deviation tables are included in the report.
  10. Optionally, select the Defects Limit (the number of issues included in the report) for the generated report. Note that increasing this increases both the size of the report and the time it takes to generate. Adding a defect limit only impacts the full, non-summary report because it applies a limit to the number of issues in the deviation details tables. You may want to use this option when generating a non-summary report with a large number of deviations.
  11. Click Generate to build the report.
You can find the generated report in the reports panel on the left.
If you want to delete a previously generated report, you need to remove it from the 'projects_root/projects/custom_reports' folder.

Interpreting the violations and deviations lists

The status of an issue determines whether it appears as a violation or a deviation.

The report, by default, classifies the following types of issues as violations:

  • Analyze
  • Fix
  • Fix in later release
  • Fix in next release

The report, by default, classifies the following types of issues as deviations:

  • Defer
  • Filter
  • Ignore
  • Not a problem
The issue_aggregation_config.yaml, located in <projects root>/config/, allows administrators to customize how compliance report deviations and violations are calculated. For more information, see Editing the status configuration file.

Deleting compliance reports

You can delete specific compliance reports or folders by selecting the reports or folders and clicking Delete Reports.

Alternatively, you can delete the files manually through web API or from the compliance_reports folder for the project in the projects_root.

Note that to delete compliance reports and their containing folders, you must have the "Delete compliance report" permission. This permission is pre-assigned to projects root admins, project admins, and stream admins. It can be added to, or removed from, any role or user except for projects root admin.