Getting started with Perforce Static Analysis extension for Visual Studio Code
The Perforce Static Analysis extension for Visual Studio Code helps you detect and fix issues before check-in. The extension supports analysis of many languages. For more details about what languages are supported, see our Supported IDEs.
Connect to a project or stream on the Validate Server
To cite defects, the project must be connected to the Validate Server. You perform this step only once for each project.
Connect to a project or stream using classic authentication
- In Visual Studio Code, from the Activity Bar, click the Klocwork extension.
- Under Actions, click Authenticate.
- Ensure that the Validate server URL is correct, then press Enter.
- Ensure that the user name is correct, then press Enter.
- Ensure that the password is correct, then press Enter.
- From the Primary Side Bar, under Klocwork Project Settings, expand the Connection Settings.
- Fill in the Klocwork Project field and press enter.
Connect to a project or stream using SAML or OIDC authentication
To learn how to authenticate with Validate using SAML or OIDC in Visual Studio Code, watch this video or review the instructions following the video.
- In Visual Studio Code, click File > Preferences > Settings.
- In the Settings search bar, type "Klocwork".
- Under Klocwork System Properties: Klocwork Auth Location, do either of the following:
- Type the location of kwauth on your machine (for example, in the Build Tools or Auth Tools package).
- To use the kwauth version included in the package specified under Klocwork System Properties: Klocwork Tools Location, leave the field empty.
- From the Activity Bar, click the Klocwork extension.
- Under Klocwork Project Settings, ensure that the Klocwork host and port information is correct.
- Under Actions, click Authenticate.
- Ensure that the Validate server URL against which you want to authenticate is correct, then press Enter. The Validate Device Authorization page will open in your browser. An information dialog appears in Visual Studio Code, which displays your access code and Validate Device Authorization page URL.
- Click Copy code.
- In the Validate Device Authorization page, sign in to your account, then paste the code and click Authorize device. Validate shows that your device is now connected, and the application shows that authentication was successful.
- From the Primary Side Bar, under Klocwork Project Settings, expand the Connection Settings.
- Fill in the Klocwork Project field and press enter.
Update your Klocwork Tools location
If you want to authenticate with a Validate server that is supported by SAML or OIDC and continue to use version 24.1 or earlier of your other desktop or build tools, follow the steps below.
- From the Activity Bar, click Extensions.
- Right-click on Perforce Static Analysis and select Extension Settings.
- In Search settings, type Klocwork Tools Location and press Enter.
- Next to Klocwork Tools location, type the installation path for your 24.1 or earlier tools.
- Click OK.
Klocwork Actions
From the Klocwork menu ('kw' icon in the Activity Bar), you can select the Actions view to run analysis, synchronize your project, or authenticate your project to the Klocwork Server.
Run Analysis
To see detected issues within your code, you can choose one of the following options:
- Click Run Klocwork Analysis on the current file to run analysis on the active file only.
- Click Run Klocwork analysis to run analysis on all open files.
When Klocwork detects issues in a file, you see issue markers on the right margins of the editor, as well as a list of issues in your Problems tab.
Synchronize
Selecting Synchronize allows you to manually synchronize the issues found in your local project with the issue found on the Klocwork Server. Note that synchronization runs automatically when running analysis on a connected project. You may want to run it manually if you have been using the extension for an extended period, you cite a defect from the server, or if you want to quickly pull down any recent citing activity.
Authenticate
Selecting Authenticate allows you to verify your authentication settings. Selecting this option prompts you to enter your Klocwork Server URL, user name and password to authenticate your project against the Klocwork Server. This is required to run analysis and cite defects on a connected project.
Continuous analysis
Continuous analysis provides automatic issue detection and error highlighting while you work in Visual Studio Code. You can enable it by opening File > Preferences > Settings > Extensions > Klocwork and selecting Enable Continuous Analysis. With this setting enabled, Klocwork analyzes your code any time you stop typing for more than two seconds.
When you run Klocwork Analysis, the extension saves all files. When analysis is finished, you can find the results in the Problems tab. See Filter options for more details about this tab.
Manage your defects
Defect History allows you to see any previous comments or citing changes made for a selected issue. You can access it as follows:
- Any issues found during Klocwork analysis are found in the Problems tab. To view this tab, select View > Appearance > Show Panel. Double-click an issue in the list to view it in source code.
- You can access the quick actions menu (light bulb icon) for an issue, which allows you to:
- Use Show Klocwork Defect History to see the history of the issue (if previous issue history exists).
- Access checker help for the issue
- Set the issue status
If multiple defects exist within the same range, individual help links are visible for each detected issue.
Filter Options
With the Klocwork extension for Visual Studio Code, you can customize how issues are displayed within your Problems tab.
- filter to show issues with specified status ('analyze' and 'fix' are selected by default)
- filter to show local issues and/or system issues
- filter to show taxonomies
- filter to show severity
After adjusting your filters, select Apply Filters under your Filters Options view to apply the changes.
Klocwork Project Settings
Within Visual Studio Code, you can configure settings for your Klocwork extension by opening your Klocwork Project Settings, found in the Klocwork menu. You can do the following:
- Under Connection Settings, you can define:
- the location of your Klocwork server (host, port and secure connection)
- license host and port (if different from your Klocwork Server's configured license settings)
- the name of the Klocwork project you want to connect to
- Under Build Specification Settings, you can:
- set 'Automatically Update Build Specification' to let the Klocwork extension generate the build specification. Otherwise, it needs to be generated externally to the extension.
- add your Build Specification Generation Command (for example, kwinject msbuild /t:rebuild cs.sln -p:UseSharedCompilation=false -p:ProduceReferenceAssembly=false)
- set the Build Specification Location manually (it defaults to the root directory of your current workspace).
Use 'task.json' to manually create your 'Build Specification Generation Command'
- Configure Automatically Update Build Specification to let the Klocwork extension generate the build specification.
- Build Specification Location specifies the location of the buildspec. This will default to the workspace root directory, in a file named kwinject.out.
- Build Specification Generation Command is the Klocwork command that will generate the build specification using the configured Klocwork tools.
To create this command manually, you can use your task.json file as a guide. See Creating a build specification.
{ "label": "compile", "type": "shell", "command": "mvn", <-- (1) maven project "args": [ "compile" <-- (2) compilation arguments ], "group": "build" }
Do not add the --output <location> parameter to your buildspec command manually. The extension does this with the 'buildspec location' setting.
Add key bindings for the Visual Studio Code extension
The custom commands used for the Klocwork extension for Visual Studio Code can be accessed with key bindings. The extension does not contribute any such key bindings by default, but here are a few examples you can add to customize your work flow.
- Open the command palette in Visual Studio Code by pressing F1 (or CTRL+SHIFT+P).
- From the command palette, run Preferences: Open Keyboard Shortcuts.
- Find the setting for which you want to add a shortcut key. For example, 'View: Show Klocwork' is the command to open the Klocwork panel in the Activity Bar; 'Run Klocwork Analysis' is the command to run the Klocwork Analysis.
- Select the '+' sign beside the setting, and enter the key binding you wish to have
{ "key": "ctrl+k ctrl+a", "command": "kwvscodeextension.runAnalysis" }
{ "key": "alt+shift+k", "command": "workbench.view.extension.klocwork-options" }
Enable and disable checkers
You enable or disable checkers with the Configuration Editor. To find out more about checkers, see C and C++ checker reference, Java checker reference or C# checker reference. Use the Search field to search by checker code, title, reference, category or taxonomy. Your changes don't take effect until the next analysis is triggered.
Note for Visual Studio Code: For connected projects, the VS Code extension uses the Server project checker configurations and automatically synchronizes them. If you would like to enable or disable checkers for your local project, see Using the standalone Configuration Editor.