Getting started with Perforce Static Analysis extension for Visual Studio Code

To learn about the available engine modes for C/C++, see Specifying the C/C++ analysis engine mode.

The Perforce Static Analysis extension for Visual Studio Code helps you detect and fix issues before check-in. The extension supports analysis of many languages. For more details about what languages are supported, see our Supported IDEs.

You can also customize project settings, issue filters and analysis settings to your own preferences. For more information about these features, see the topics below.
You need to have a folder open in Visual Studio Code for the Perforce Static Analysis extension to function as expected.

Connect to a project or stream on the Validate Server

You get the most from desktop analysis when you connect a local project to a project or stream on the Validate Server. The local project is analyzed quickly while incorporating Validate knowledge bases generated on the server where additional source files were analyzed (for example, shared libraries). Connecting to a server project or stream also allows you to share issue status information with the integration build analysis and among team members.

To cite defects, the project must be connected to the Validate Server. You perform this step only once for each project.

Connect to a project or stream using classic authentication

  1. In Visual Studio Code, from the Activity Bar, click the Klocwork extension.
  2. Under Actions, click Authenticate.
  3. Ensure that the Validate server URL is correct, then press Enter.
  4. Ensure that the user name is correct, then press Enter.
  5. Ensure that the password is correct, then press Enter.
  6. From the Primary Side Bar, under Klocwork Project Settings, expand the Connection Settings.
  7. Fill in the Klocwork Project field and press enter.

Connect to a project or stream using SAML or OIDC authentication

To learn how to authenticate with Validate using SAML or OIDC in Visual Studio Code, watch this video or review the instructions following the video.

In Validate 2024.3, the authentication process was updated. If you are still using Validate 2024.2, follow the instructions in the 2024.2 online help.
  1. In Visual Studio Code, click File > Preferences > Settings.
  2. In the Settings search bar, type "Klocwork".
  3. Under Klocwork System Properties: Klocwork Auth Location, do either of the following:
    • Type the location of kwauth on your machine (for example, in the Build Tools or Auth Tools package).
    • To use the kwauth version included in the package specified under Klocwork System Properties: Klocwork Tools Location, leave the field empty.
  4. The kwauth version that you use cannot be older than the Klocwork Command Line Tools version.
  5. From the Activity Bar, click the Klocwork extension.
    • Under Klocwork Project Settings, ensure that the Klocwork host and port information is correct.
    • Under Actions, click Authenticate.
  6. Ensure that the Validate server URL against which you want to authenticate is correct, then press Enter. The Validate Device Authorization page will open in your browser. An information dialog appears in Visual Studio Code, which displays your access code and Validate Device Authorization page URL.
  7. Your access code is valid for three minutes.
  8. Click Copy code.
  9. In the Validate Device Authorization page, sign in to your account, then paste the code and click Authorize device. Validate shows that your device is now connected, and the application shows that authentication was successful.
  10. From the Primary Side Bar, under Klocwork Project Settings, expand the Connection Settings.
  11. Fill in the Klocwork Project field and press enter.

Update your Klocwork Tools location

If you want to authenticate with a Validate server that is supported by SAML or OIDC and continue to use version 24.1 or earlier of your other desktop or build tools, follow the steps below.

  1. From the Activity Bar, click Extensions.
  2. Right-click on Perforce Static Analysis and select Extension Settings.
  3. In Search settings, type Klocwork Tools Location and press Enter.
  4. Next to Klocwork Tools location, type the installation path for your 24.1 or earlier tools.
  5. Click OK.

Klocwork Actions

From the Klocwork menu ('kw' icon in the Activity Bar), you can select the Actions view to run analysis, synchronize your project, or authenticate your project to the Klocwork Server.

Run Analysis

To see detected issues within your code, you can choose one of the following options:

  • Click Run Klocwork Analysis on the current file to run analysis on the active file only.
  • Click Run Klocwork analysis to run analysis on all open files.

When Klocwork detects issues in a file, you see issue markers on the right margins of the editor, as well as a list of issues in your Problems tab.

Synchronize

Selecting Synchronize allows you to manually synchronize the issues found in your local project with the issue found on the Klocwork Server. Note that synchronization runs automatically when running analysis on a connected project. You may want to run it manually if you have been using the extension for an extended period, you cite a defect from the server, or if you want to quickly pull down any recent citing activity.

Authenticate

Selecting Authenticate allows you to verify your authentication settings. Selecting this option prompts you to enter your Klocwork Server URL, user name and password to authenticate your project against the Klocwork Server. This is required to run analysis and cite defects on a connected project.

Continuous analysis

Continuous analysis provides automatic issue detection and error highlighting while you work in Visual Studio Code. You can enable it by opening File > Preferences > Settings > Extensions > Klocwork and selecting Enable Continuous Analysis. With this setting enabled, Klocwork analyzes your code any time you stop typing for more than two seconds.

When you run Klocwork Analysis, the extension saves all files. When analysis is finished, you can find the results in the Problems tab. See Filter options for more details about this tab.

Manage your defects

Defect History allows you to see any previous comments or citing changes made for a selected issue. You can access it as follows:

  1. Any issues found during Klocwork analysis are found in the Problems tab. To view this tab, select View > Appearance > Show Panel. Double-click an issue in the list to view it in source code.
  2. You can access the quick actions menu (light bulb icon) for an issue, which allows you to:
    • Use Show Klocwork Defect History to see the history of the issue (if previous issue history exists).
    • Access checker help for the issue
    • Set the issue status

    If multiple defects exist within the same range, individual help links are visible for each detected issue.

Filter Options

With the Klocwork extension for Visual Studio Code, you can customize how issues are displayed within your Problems tab.

  • filter to show issues with specified status ('analyze' and 'fix' are selected by default)
  • filter to show local issues and/or system issues
  • filter to show taxonomies
  • filter to show severity

After adjusting your filters, select Apply Filters under your Filters Options view to apply the changes.

Klocwork Project Settings

Within Visual Studio Code, you can configure settings for your Klocwork extension by opening your Klocwork Project Settings, found in the Klocwork menu. You can do the following:

  • Under Connection Settings, you can define:
    • the location of your Klocwork server (host, port and secure connection)
    • license host and port (if different from your Klocwork Server's configured license settings)
    • the name of the Klocwork project you want to connect to
    The first time you open this dialog, you must select Initialize Klocwork Project settings to automatically create Klocwork analysis folders for your workspace.
  • Under Build Specification Settings, you can:
    • set 'Automatically Update Build Specification' to let the Klocwork extension generate the build specification. Otherwise, it needs to be generated externally to the extension.
    • add your Build Specification Generation Command (for example, kwinject msbuild /t:rebuild cs.sln -p:UseSharedCompilation=false -p:ProduceReferenceAssembly=false)
    • set the Build Specification Location manually (it defaults to the root directory of your current workspace).

Use 'task.json' to manually create your 'Build Specification Generation Command'

The Visual Studio Code extension is able to automatically manage the creation and updating of the build specification file. To do so, the Build Specification Settings in the Klocwork Project Settings view from the Klocwork menu must be set correctly:
  • Configure Automatically Update Build Specification to let the Klocwork extension generate the build specification.
  • Build Specification Location specifies the location of the buildspec. This will default to the workspace root directory, in a file named kwinject.out.
  • Build Specification Generation Command is the Klocwork command that will generate the build specification using the configured Klocwork tools.

To create this command manually, you can use your task.json file as a guide. See Creating a build specification.

For example, for a maven project, you may have a task defined in your task.json file as follows:
        {
            "label": "compile",
            "type": "shell",
            "command": "mvn",      <-- (1) maven project
            "args": [
                "compile"          <-- (2) compilation arguments
            ],
            "group": "build"
        }
From this task, you can extrapolate that it's a maven project and the compilation arguments it would need to run. With your knowledge on how to create buildspec files, you can manually set the Build Specification Generation Command to kwmaven compile.

Do not add the --output <location> parameter to your buildspec command manually. The extension does this with the 'buildspec location' setting.

Add key bindings for the Visual Studio Code extension

The custom commands used for the Klocwork extension for Visual Studio Code can be accessed with key bindings. The extension does not contribute any such key bindings by default, but here are a few examples you can add to customize your work flow.

You can find the commands contributed by the extension under Extensions -> Klocwork -> Feature Contributions -> Commands.
To add a custom key binding
  1. Open the command palette in Visual Studio Code by pressing F1 (or CTRL+SHIFT+P).
  2. From the command palette, run Preferences: Open Keyboard Shortcuts.
  3. Find the setting for which you want to add a shortcut key. For example, 'View: Show Klocwork' is the command to open the Klocwork panel in the Activity Bar; 'Run Klocwork Analysis' is the command to run the Klocwork Analysis.
  4. Select the '+' sign beside the setting, and enter the key binding you wish to have
Below are some examples you can add for the Klocwork extension:
Example 1: Add a key binding to run Klocwork Analysis
    {
        "key": "ctrl+k ctrl+a",
        "command": "kwvscodeextension.runAnalysis"
    }
Example 2: Add a key binding to open the Klocwork panel
    {
        "key": "alt+shift+k",
        "command": "workbench.view.extension.klocwork-options"
    }

Enable and disable checkers

You enable or disable checkers with the Configuration Editor. To find out more about checkers, see C and C++ checker reference, Java checker reference or C# checker reference. Use the Search field to search by checker code, title, reference, category or taxonomy. Your changes don't take effect until the next analysis is triggered.

You can also use the commands kwcheck enable and kwcheck disable.

Note for Visual Studio Code: For connected projects, the VS Code extension uses the Server project checker configurations and automatically synchronizes them. If you would like to enable or disable checkers for your local project, see Using the standalone Configuration Editor.