Differential analysis for CI/CD pipelines and Klocwork analysis

This section explains differential analysis for CI/CD pipelines and Klocwork analysis.

Klocwork tools are DevOps ready, allowing you to include Static Code Analysis (SCA) as part of your continuous delivery pipelines.

For a build analysis, you typically run a nightly integration build. Klocwork also offers the ability to run differential analysis for CI/CD pipelines, in conjunction with your regular integration analysis. Differential analysis identifies and communicates issues without waiting for nightly builds, helping developers fix code earlier.

Using differential analysis to examine a subset of project files, such as a Continuous Integration (CI) change set, with a preexisting baseline provides a quick, approximate result. For full accuracy, perform a complete project analysis during the CI stage.

Using system context data from your integration analysis from the Klocwork Server, you can analyze only the files that changed, while also providing differential analysis results as if the entire system had been analyzed. This provides the shortest possible analysis times.

As developers update and commit code, the CI build system detects changes and performs many small, incremental builds throughout the day. Klocwork CI analyzes new code and notifies developers about problems in real time instead of waiting for nightly builds.

The process is as follows:

  1. Developers make changes to the code and commit them.
  2. The CI build system detects the changes and builds the software.
  3. Klocwork CI analyzes the changes and generates a list of new issues in the specified format.

Supported environments

Klocwork CI supports the following environments:

  • C/C++, C#, Java
  • Windows and Linux agents