What's new in Klocwork 2025.1

Released March 2025

Here are the highlights for Klocwork 2025.1. If you're upgrading Klocwork, see the Limitations for items that might affect your upgrade and usage.

Klocwork and Validate enhancements

This release includes the following enhancements.

Synchronize groups automatically between Klocwork and SAML/OIDC

Validate now supports group synchronization for SAML and OIDC authentication, allowing user group memberships to be automatically fetched from the identity provider (IdP) during login.

Group synchronization is opt-in and can be enabled by specifying the kw.groupDnAttribute parameter in auth.properties. Note that manual group assignments within Validate will be disabled when this feature is active.

For more information, see Group synchronization in SAML or OpenID.

Clean up orphaned records and duplicate comments

Starting this release, you can take advantage of the following enhancements:

  • Get rid of defects that no longer exist but that may still be referenced during operations by using the RemoveSuppressedIssues utility. For details, see Cleaning up suppressed and orphaned issue records.
  • Delete duplicated comments in your projects by running dbvalidate. The cleanup utility only leaves the most recent version of the comment as determined by citing time. For instructions, see Cleaning up duplicated comments.

Discover enhanced features in issue viewing and compliance reports

A new configuration file lets you customize issue views and compliance reports:

  • Adjust statuses that define Open counts in Validate for projects, views, builds, and CI builds.
  • Fine-tune compliance reports by specifying issue categories.
  • See additional data about the view applied when generating the report, such as view name, search query, and module definitions.

For more information on configuring your issue statuses and compliance reports, see Editing the status configuration file.

Optimize build load times and reduce disk usage

We've optimized load times and reduced disk usage for builds on the Validate server. Medium to large projects now load up to 40% faster, with disk usage reduced by 10–20%. Smaller projects also load 10–30% faster, with minor reductions in disk usage.

Save build load time and disk space with stored metrics

To save build load time and disk space, you can choose what metrics to store in Validate by adjusting the SMC file. You can choose from one of several default SMC files, or create your own SMC file. Note that all metrics will still be created during analysis. To learn more, see Managing stored metrics in Validate.

Maintain encoding compatibility with classic engine mode as default

To ensure that the encoding method is supported, when you specify the kwbuildproject --encoding option, the modern engine mode will be disabled by default and the classic engine mode will be used.

To force the modern engine mode to run when using the kwbuildproject --encoding option, use the environment variable KW_ENABLE_MODERN_ON_DIFFERENT_SOURCE_ENCODING=1.

Simplify Kotlin project capture with kwgradle and kwgradlew

Instead of having to create a separate build specification for Kotlin using kwktspec, you can now capture Kotlin or mixed Kotlin and Java projects using kwgradle or kwgradlew.

C and C++ enhancements

In this release, we:

  • Improved C and C++ support for the Bazel build system on Linux with the kwbazel utility.
  • Improved the support of the Android 15 code base with the kwandroid utility.
  • Added full support for MISRA C 2012 up to Amendment 2 with Klocwork supported checkers. No community checkers are required.

Java enhancements

In this release, we added Java analysis support for Android 14.

Plug-ins and extensions

In this release, we added support for Kotlin analysis with the IntelliJ IDEA and Android Studio IDE plug-ins.

Expanded coverage for coding standards

This release includes new and expanded coverage for the following coding standards:

  • MISRA C 2012 with Amendment 2 (includes 100% coverage)
  • CWE 2024 Top 25 for C/C++, C#, and Java
  • DISA STIG for C/C++, C#, and Java versions 5 and 6

Checker improvements

New checkers

The following checkers were added in this release:

Checker Description
MISRA.UNUSED.GLOBAL_TYPE This MISRA checker provides support for MISRA C 2012 Rule 2.3: A project should not contain unused type declarations and MISRA C 2012 Rule 2.4: A project should not contain unused tag declarations
MISRA.OBJ.FUNC.PARAMS.IDENT This MISRA checker provides support for MISRA 2012: Rule 8.3: All declarations of an object or function shall use the same names and type qualifiers

Modified checkers

Checker Description
AUTOSAR.ADD.LOGIC.NOT_BOOL. Finds fewer false positives
AUTOSAR.ADD.OVERRIDE.VIRTUAL.SPECIFIER Finds fewer false positives
AUTOSAR.ARRAY.CSTYLE Finds fewer false positives
CL.FFM.ASSIGN Improved support for checker
CL.FFM.COPY Improved support for checker
CWARN.CONSTCOND.TERNARY Finds fewer false positives
MISRA.FUNC.NOPROT.DEF Improved support for checker
MISRA.LOGIC.NOT_BOOL Finds fewer false positives
NUM.OVERFLOW.DF Improved defect detection
UNINIT.CTOR.MUST Finds fewer false positives

Enabled or disabled checkers

No checkers were added to the default enabled field of the checker configuration files in this release.

Taxonomy improvements

As part of the installation, you will find several custom taxonomy files that map Klocwork checkers to coding standards such as MISRA, CWE, OWASP, and DISA STIG.

Taxonomy Improvements
cert_c_all.tconf and cert_c_all_ja.tconf

Added or modified checker mappings to the following rules:

  • WIN00-C
  • MSC01-C
cert_java.tconf and cert_java_ja.tconf

Added or modified checker mappings to the following rules:

  • ENV06-J
  • JNI00-J
  • MET01-J
  • MSC01-J
  • NUM10-J
  • NUM09-J
  • NUM07-J
  • OBJ11-J
  • SER05-J
  • THI03-J
  • THI01-J

cwe_2024_top_25_cxx.tconf and cwe_2024_top_25_cxx_ja.tconf

cwe_2024_top_25_cs.tconf and cwe_2024_top_25_cs_ja.tconf

cwe_2024_top_25_java.tconf and cwe_2024_top_25_java_ja.tconf

Added new taxonomies that map Klocwork checkers to the 2024 CWE Top 25 Most Dangerous Software Weaknesses.
cwe_all_cs.tconf and cwe_all_cs_ja.tconf

Added or modified checker mappings to the following rules:

  • CWE-77
  • CWE-798

disa_stig_v5_cxx.tconf and disa_stig_v5_cxx_ja.tconf

disa_stig_v5_cs.tconf and disa_stig_v5_cs_ja.tconf

disa_stig_v5_java.tconf and disa_stig_v5_java_ja.tconf

Substantial reorganization of the DISA STIG version 5 taxonomies.

disa_stig_v6_cxx.tconf and disa_stig_v6_cxx_ja.tconf

disa_stig_v6_cs.tconf and disa_stig_v6_cs_ja.tconf

disa_stig_v6_java.tconf and disa_stig_v6_java_ja.tconf

Updated the DISA STIG taxonomies to version 6.

Helix QAC taxonomies

Updated the Helix QAC taxonomies to Helix QAC version 2025.1.

misra_c_2023_c99.tconf and misra_c_2023_c99_ja.tconf

misra_c_2023_c90.tconf and misra_c_2023_c90_ja.tconf

misra_c_2023_c11.tconf and misra_c_2023_c11_ja.tconf

misra_c_2012_with_amd2_c99.tconf and misra_c_2012_with_amd2_c99_ja.tconf

misra_c_2012_with_amd2_c90.tconf and misra_c_2012_with_amd2_c90_ja.tconf

misra_c_2012_with_amd2_c11.tconf and misra_c_2012_with_amd2_c11_ja.tconf

Added or modified checker mappings to the following rules:

  • Rule 2.3
  • Rule 2.4
  • Rule 8.3

Improvements to supported compilers

You'll find additional or improved support for the following compilers:

  • Clang

  • Clang-cl

  • Analog Devices SHARC

  • GNU

  • Microsoft Visual C++

For the full list of supported C and C++ compilers, see C/C++ compilers supported for build integration.

Licensing

Starting in 2025.1, the following licensing changes apply:

  • Administration tasks no longer consume a build license.

  • Streams do not require separate licenses.

  • Reprise License Manager has been upgraded to 16.1.0BL1. See the RLM documentation and the Klocwork documentation on Reprise and its subsections for details. In addition, License token names no longer contain the year.

  • Instructions for licenses (including build, user, and concurrent licenses) have been updated. See How licensing works for details.

Klocwork supports Reprise License Manager (RLM).

2024 licenses are not compatible with Klocwork 2025.1 or newer. To use the latest version of the product, obtain a new license by contacting Perforce at license@perforce.com.

For more information, see Supported versions of RLM and Operating systems that support RLM dongles.

Changes to system requirements

In this release, we added support for:

  • AlmaLinux 9.5

  • Amazon Linux 2 (2.0.20250201.0 Update)

  • Android Studio Ladybug (up to 2024.2.2 Patch 2)

  • CLion 2024.2 (up to 2024.2.4), 2024.3 (up to 2024.3.4)

  • Debian 12.9

  • Eclipse 4.34 (2024-12)

  • Fedora 41

  • glibc 2.41

  • Google Chrome 123.x to 133.x

  • gradle, gradlew 8.13

  • IntelliJ IDEA 2024.2 (up to 2024.2.5), 2024.3 (up to 2024.3.3)

  • Microsoft Edge 123.x to 133.x

  • Mozilla Firefox 124.x to 136.x

  • Oracle Linux 9.5

  • Red Hat Enterprise Linux 9.5

  • RLM version 15.1.1BL2

  • Rocky Linux 9.5

  • Ubuntu 24.04.2 LTS

  • Visual Studio 2017 (up to 15.9.70), 2019 (up to 16.11.44), 2022 (up to 17.13.2)

  • VS Code (up to 1.97.2)

In this release, we ended support for:

  • Fedora 39

  • glibc 2.15 to 2.26

  • Google Chrome 119.x to 122.x

  • Microsoft Edge 119.x to 122.x

  • Mozilla Firefox 120.x to 123.x

  • openSUSE Leap 15.5

  • VS Code 1.85.2 to 1.87.2

For the complete list of supported versions, see the System Requirements.

End of life notice for Visual Studio 2015 IDE plug-in in 2025.4

Starting in Klocwork 2025.4, the IDE plug-in for Visual Studio 2015 will no longer be provided or supported in alignment with Microsoft's end of extended support for Visual Studio 2015.

Deprecation of the kwmatch utility in 2025.1

The kwmatch utility is deprecated as of Klocwork 2025.1 and will be removed in a future release. If you are upgrading from a previous version, we recommend using streams to manage project branches and kwxsync for cross-project issue synchronization.

Removal of separate licenses for streams in 2025.1

Starting in Klocwork 2025.1, separate licenses are no longer required for streams.

Discontinuation of NIS access control starting in Klocwork 2024.3

Starting in Klocwork 2024.3, NIS access control will no longer be supported. Some functionalities may be affected in Klocwork 2024.2.

When migrating from an earlier version to Klocwork 2024.2, you will need to switch to a different authentication method. It is recommended that you switch authentication methods before migrating, to ensure that you can continue to sign in after the upgrade. For migration information, see Setting up NIS access control.

End of life notice for CentOS Linux 7 starting in Klocwork 2024.3

Starting in Klocwork 2024.3, the following operating systems and installers are not supported:

  • CentOS Linux 7

Removal of the Jenkins plug-in starting in 2024.2

Starting in Klocwork 2024.2, the Jenkins plug-in has been removed from Klocwork and the installation package is no longer provided.

Removal of Validate Code Review starting in 2024.2

Starting in Klocwork 2024.2, the Code Review function and its associated command line tools have been removed from Validate.