Use the analysis tool store

The analysis tool store is where you store multiple versions of your analysis tools, which can be called upon when running kwanalysis. It is the optional distribution point for:

  • Build tools: kwbuildtools.<version>.linux64.zip or kwbuildtools.<version>.win64.zip

  • Legacy CI agent tools: kwciagent.<version>.linux64.zip or kwciagent.<version>.win64.zip (pre-integration)

    Notes:

    • Starting in 2024.2, the kwciagent package was integrated into kwbuildtools, so separate loading is no longer needed. For version 2024.1 or earlier, loading the kwciagent tools package into the toolstore is required when using desktop tools (kwciagent or kwcheck) for those projects.

    • kwanalysis can run either type (CI agent or check) using kwciagent 2024.1 or earlier.

  • Auth tools: kwauthtools.<version>.linux64.zip or kwauthtools.<version>.win64.zip

Use kwtoolstoreservice in conjunction with kwtoolstore to administer multiple analysis tool versions.

Set up the analysis tool store

You can set up the tool store either in embedded or standalone mode.

Embedded: The tool store is hosted within Validate server process. Used in simple setups, this is the recommended way of hosting the tool store for most customers.

Standalone: The tool store is a separate service with its own configuration and lifecycle. Used in Large or multi-Validate environments. Use this mode on advanced use cases for better scalability.

Set up an embedded tool store

To set up an embedded tool store:

  1. Add the following line in <project_root>/config/admin.conf:

    hosting.analysis.tool.store=true

  2. Start Validate server:

    kwservice start

Set up a standalone tool store

To set up a standalone tool store with multiple Validate servers, follow the steps shown next. If you only have a single Validate server, skip Step 3.

  1. Add the following lines in <project_root>/config/admin.conf:

    hosting.analysis.tool.store=false
tool.store.url=<TOOL_STORE_BASE_URL>

  2. Initialize the tool store service:

    kwtoolstoreservice setup <tool_store_directory>

  3. Copy a keystore file for each of your Validate servers:

    1. Locate the keystore file generated by Validate at <projects_root>/store/toolstore.keystore

    2. Copy and rename the file and give it a unique name. Move the copy to the external tool store directory, for example:

      <tool_store>/store/external/server1.keystore

    3. Repeat this process for each of the Validate servers. Copy each server's toolstore.keystore file to the external folder and rename it so the files do not overwrite one another. Each file name must end with .keystore, but the prefix can be any unique identifier or the server's <domain>.<port> (for example: server2.keystore, localhost.8088.keystore, and so on).

  4. Configure <tool_store_directory>/config/toolstore.properties. The following is an example configuration with SSL enabled. For more information on setting up SSL, see Using a secure server connection.

    server.port=8088       // optional, changes default port for the store. should match the port in your <TOOL_STORE_BASE_URL> //
management.server.port=8089   // optional, changes default management port for the store //

# example for enabling SSL
server.ssl.enabled=true
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=<your passwword>
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=myserver

  5. Start the service:

    kwtoolstoreservice start

Set storage location

By default, Klocwork tools downloaded from the tool store are stored locally in platform-specific directories:

  • Linux: ~/.klocwork/tools

  • Windows: %LOCALAPPDATA%/klocwork/tools

These locations differ from where built-in analysis tools are installed or where you may currently store your Klocwork installations.

If you wish to override the tool store default location, set the environment variable $KW_TOOLS_DIR on either platform.

For containerized CI environments, it’s best to mount $KW_TOOLS_DIR as a persistent volume. This prevents repeated downloads when using ephemeral runners and speeds up your builds.

Upload and download analysis tools

All the following tools have the ability to download versions of analysis tools:

  • kwanalysis

  • kwanalysisw

  • kwtoolstore download

Use the kwtoolstore command to also perform upload, list and delete. Note that only the projects root admin can perform upload and delete subcommands.

Examples 

kwtoolstore upload --url <VALIDATE_URL> kwbuildtools.23.2.0.66.linux64.zip
kwtoolstore delete --url <VALIDATE_URL> <artifact_name>
kwtoolstore list --url <VALIDATE_URL>
kwtoolstore download --url <VALIDATE_URL> <artifact_name> <target-directory> <dir>

For more information, subcommands, and options, see Kwtoolstore.

Automatically infer and download analysis tools

Klocwork automatically determines which tool version to use based on your workflow:

  • For connected projects, such as when running kwbuildproject or kwciagent, the server provides the required tool version, and will block tools that have a different version.

  • When you run kwanalysis, it first checks your local cache for the tools.

  • If the tools are missing and a tool store is configured, they are downloaded automatically.

  • If you specify a version manually using --tool-version, that setting overrides automatic inference.

Best practices for using the analysis tool store

Here are some best practices to keep your environment efficient and predictable:

  • Avoid forcing --tool-version unless you’re performing controlled multi-version comparisons in a staging environment (not in production).

  • Seed your tool store with:

    • The current major version

    • Any versions that you use to analyze existing projects

  • Use wrapper scripts for reproducibility in CI pipelines and for installing across distributed machines (such as developer machines).

  • In containerized CI pipelines, we recommend setting $KW_TOOLS_DIR for persistence to reduce redundant download.