What's new in Klocwork 2025.2
Released June 2025
Here are the highlights for Klocwork 2025.2. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.
Klocwork and Validate enhancements
This release includes the following enhancements.
View and Manage issues with greater flexibility
In Validate's Issues tab, you can now use either List or Table view to sort, select, search, and update issues, with full support for bulk actions and smart ranking.
Expanded support for rule reference queries
Enjoy greater support for querying by rule reference across the entire Klocwork toolset:
- In Validate, you can now search the issue list by taxonomy and reference. Taxonomy and reference queries are also supported by the Web API.
- The Perforce Static Analysis extension for VS Code now includes a rule reference column, allowing you to sort by rule name and category.
- Previously in Validate’s Issues tab and Issue Details panel, only a single taxonomy or reference value was shown per issue. Now you can see all taxonomy and reference values applicable to an issue. Reference values are also displayed more consistently.
Get broader C++ analysis with modern engine as default
If you do not specify an analysis engine mode, modern mode is now used by default instead of classic mode. Modern mode provides the greatest capacity for language support and advanced capabilities for analyzing modern C++ code.
Using modern mode can significantly increase the number of new defects found. When you upgrade to release 2025.2, we recommend that you run analysis on the same code version that you used for your last analysis before you upgraded. This will isolate changes caused by the upgrade, so that you can decide how to handle them in relation to your issue backlog (for example, by deferring or filtering as needed).
To compare and learn how to switch between modes, see Specifying the C/C++ analysis engine mode.
Improved workflow for build retention policy
Klocwork's automatic build deletion feature helps you manage storage by removing older builds once a specified limit is reached. You can now configure build retention at the project or stream level more granularly across the Validate Portal, the Web API, and the kwadmin and validate admin commands.
For more information, see Build management.
kwcheck and kwciagent now show exit codes upon failure
To help you detect problems with your analysis flow and fix missing permissions, the kwcheck and kwciagent commands now fail with non-zero exit codes when issues are encountered.
The affected commands are as follows:
clean
disable
discard
enable
export
import
set-status
Database improvements for CI builds
The database structure for CI builds has been updated to reduce the storage footprint and database churn during loads. This provides you with better performance and scalability, especially for projects with frequent CI activity.
Tip: When you migrate to release 2025.2, the system performs a cleanup of unused entities to optimize the new structure. For projects where disk space is not critical, to temporarily skip cleanup and speed up onboarding you can set the environment variable SKIP_MIGRATE_ENTITIES_CLEANUP=true
. To migrate projects in batches, use the exclusion list and selectively set or unset SKIP_MIGRATE_ENTITIES_CLEANUP
per project, based on whether cleanup is required.
Access clearer insights with redesigned compliance reports
Take advantage of compliance report enhancements with suppressed defect information, updated report formatting, new ways to delete reports, and more.
Get clearer insights on project compliance
Previously, compliance reports were generated based on the current configuration of the project. To show compliance more clearly, reports are now generated using the checker and rule configurations enabled at the time of the build for which the report was generated.
Assess violations and deviations per file with File Summary
The Violation Details section has been renamed to File Summary for clarity. This section shows whether each file complies with the rules, along with any violations or deviations.
See improved context with updated Rule Summaries
Instead of finding only checker codes and descriptions in the Rule Summary, you’ll now find rule names and descriptions that help you assess issues without having to interpret technical codes.
View clearer reports with separate rule names and descriptions
Rule names and descriptions are now split into separate columns, making it easier to read and understand each rule’s details.
Enabled column now reflects status for rule instead of checker
Previously, the Enabled column showed whether a checker was enabled
or disabled
. To help you check for compliance more effectively, the Enabled column now shows whether a rule is enabled
(if all checkers mapped to the rule are enabled), disabled
(if all checkers mapped to the rule are disabled), or partial
(if some checkers mapped to the rule are enabled).
Similarly, the Number of rules disabled
metric now specifies the number of disabled rules instead of disabled checkers.
Identify suppressed defects in compliance reports with suppression details
To provide greater visibility into which issues were excluded during analysis, you’ll find details of global and file-based suppressions applied via the build’s suppression configuration (.sconf) file in each compliance report.
For more information, see Filtering out issues using macros or files.
Choose how and where to delete compliance reports
Previously, you could only delete compliance reports from the compliance_reports folder for the projects_root directory. Now you can delete reports by using the Validate Portal or the Web API.
For more information, see Creating a compliance report.
C and C++ enhancements
In this release, you can now:
- Set a specific source encoding without losing access to the modern engine mode’s advanced analysis features.
- Run kwbazel with improved handling of include directories in special cases.
Plug-ins and extensions
The Eclipse update site has been upgraded from site.xml-based to p2-based, providing you with the following benefits:
- Faster and more reliable installations
- Automatic dependency resolution
- Support for uninstallation and rollback
- Improved compatibility with newer Eclipse versions
- Enhanced overall plug-in management
For installation instructions, see Installing the Klocwork plug-in from the Eclipse update site.
Expanded coverage for coding standards
This release includes a new taxonomy for MISRA C:2025.
Checker improvements
New checkers
No new checkers were added in this release.
Modified checkers
Checker | Description |
---|---|
CONC.DBL_UNLOCK | Finds fewer false positives |
CXX.USE.MAGIC_NUMBER | Finds fewer false positives |
MISRA.FUNC.MODIFIEDPAR.2012 | Improved support for checker |
MISRA.INCOMPLETE.STRUCT | Finds fewer false positives |
UNINIT.STACK.ARRAY.MIGHT | Improved support for checker |
UNINIT.STACK.ARRAY.MUST | Improved support for checker |
Enabled or disabled checkers
No checkers were added to the default enabled
field of the checker configuration files in this release.
Taxonomy improvements
As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.
Taxonomy | Improvements |
---|---|
autosar_cpp_18_10.tconf and autosar_cpp_18_10_ja.tconf autosar_cpp_18_10_strict.tconf and autosar_cpp_18_10_strict_ja.tconf |
Substantial reorganization of AUTOSAR C++14 version 18-10 taxonomies. |
cert_cpp_rules.tconf and cert_cpp_rules_ja.tconf |
Added or modified checker mappings to the following rules:
|
cwe_2021_top_25_cs.tconf and cwe_2021_top_25_cs_ja.tconf cwe_2021_top_25_cxx.tconf and cwe_2021_top_25_cxx_ja.tconf cwe_2021_top_25_java.tconf and cwe_2021_top_25_java_ja.tconf |
Removed the list of Klocwork C/C++, C#, and Java checkers that map to the CWE 2021 top 25 most dangerous software errors from the documentation. Versions 2023 and 2024 are still supported. |
disa_stig_v4_cxx.tconf and disa_stig_v4_cxx_ja.tconf disa_stig_v4_java.tconf and disa_stig_v4_java_ja.tconf |
Removed the list of Klocwork C/C++ and Java checkers that map to the Security Technical Implementation Guides (STIGs) provided by IASE (Version 4) from the documentation. Versions 5 and 6 are still supported. |
misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf |
Corrected the checker categories (Advisory, Required, Mandatory) that appeared for certain MISRA taxonomies. |
misra_c_2025_c11.tconf and misra_c_2025_c11_ja.tconf misra_c_2025_c90.tconf and misra_c_2025_c90_ja.tconf misra_c_2025_c99.tconf and misra_c_2025_c99_ja.tconf |
Added new taxonomies that map Klocwork checkers to the MISRA C:2025 standards. |
owasp_2013_10_java.tconf and owasp_2013_10_java_ja.tconf |
Removed the list of Klocwork Java checkers that map to the OWASP 2013 Top 10 security risks from the documentation. Versions 2017 and 2021 are still supported. |
Improvements to supported compilers
You'll find additional or improved support for the following compilers:
-
armcc
-
armcpp (ARM)
-
cl430 (TI msp430 C/C++)
-
Clang GenFw utility
-
GNU ar linker
-
GNU iccarm (IAR Systems C compiler)
-
llvm-ar linker
-
QNX (qcc, q++)
-
rsync utility
For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.
Licensing
Klocwork supports Reprise License Manager (RLM).
- 2024 licenses are not compatible with Klocwork 2025.1 or newer. To use the latest version of the product, obtain a new license by contacting license@perforce.com. For more information, see Supported versions of RLM and Operating systems that support RLM dongles.
- The RLM command line utility
rlmstat
can be installed from the Validate or RLM license server package.
Changes to system requirements
We added support for the following environments:
-
Amazon Linux 2 (2.0.20250512.0 Update)
-
Android Studio Meerkat (up to 2024.3.1 Patch 2)
-
CLion 2024.2 (up to 2024.2.5), 2024.3 (up to 2024.3.5), 2025.1 (up to 2025.1.1)
-
Debian 12.11
-
Eclipse 4.35 (2025-03)
-
Fedora 41 to 42
-
Google Chrome 126.x to 136.x
-
Gradle and gradlew 3.x to 8.14.1
-
IntelliJ IDEA 2024.2 (up to 2024.2.6) and 2024.3 (up to 2024.3.5)
-
Microsoft Edge 126.x to 136.x
-
Mozilla Firefox 127.x to 138.x
-
Visual Studio 2017 (up to 15.9.73), 2019 (up to 16.11.47), and 2022 (up to 17.14.2)
-
VS Code 1.91.1 to 1.100.2
We ended support for the following environments:
-
Fedora 40
-
Google Chrome 123.x to 125.x
-
Microsoft Edge 123.x to 125.x
-
Mozilla Firefox 124.x to 126.x
-
VS Code 1.88.1 to 1.90.2
For the complete list of supported versions, see the System Requirements.
End of life notice for Visual Studio 2015 plug-in in 2025.4
Starting in release 2025.4, the Klocwork Desktop plug-in for Visual Studio is no longer provided or supported for Visual Studio 2015 in alignment with Microsoft's end of extended support for Visual Studio 2015.
Removal of compliance licenses for compliance reports in 2025.2
Starting in release 2025.2, a compliance license is no longer required to generate full (non-summary) compliance reports. To learn more about compliance reports, see Creating a compliance report.
Removal of the kwmatch utility in 2025.2
Starting in release 2025.1, the kwmatch utility has been removed. If you are upgrading from a previous version, we recommend using streams to manage project branches and kwxsync for cross-project issue synchronization.
If you previously used kwmatch for specific projects and created a database for it, and then you migrate those projects to 2025.2 or later, your database will no longer be used and you can remove it.
Removal of the dbvalidate cleanup utility in 2025.2
Starting in release 2025.2, you can no longer run the dbvalidate cleanup utility directly. Some dbvalidate commands for removing duplicated issues and comments remain available for use if advised specifically by Klocwork Support.
Removal of separate licenses for streams in 2025.1
Starting in release 2025.1, separate licenses for streams are no longer required.
Discontinuation of NIS access control starting in 2024.3
Starting in release 2024.3, NIS access control is not supported. Some functionalities may be affected in release 2024.2.
When migrating from an earlier version to release 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade.
For migration information, see Setting up NIS access control.
End of life notice for CentOS Linux 7 starting in 2024.3
Starting in release 2024.3, CentOS Linux 7 is not supported.