The Emenda Klocwork SonarQube plugin allows you to import issues detected by the Klocwork advanced inter-procedural, control-flow and data-flow Code Analyzer into the SonarQube dashboard and combine that data with the quality and security data from other sources.
Klocwork & SonarQube
Klocwork is a powerful inter-procedural, control-flow and data-flow static code analysis engine static analysis for C, C++, Java and C# used widely in the safety and security critical industries. Klocwork also provides coverage of many key industry and internationally recognised coding guidelines such as the MISRA guidelines used across a broad range of safety critical systems and the CWE, CERT, DISA STIG and OWASP security standards. Learn more here
SonarQube (formerly just Sonar) is an open source platform for continuous inspection of code quality. In this world of Continuous Integration, Continuous Deployment and now continuous reporting of our development teams’ progress towards our end goals of quality and security, the amount of data and data sources that we are handling for our development operations is growing exponentially. SonarQube offers a great environment in which to combine, collate and filter that data so that the important bits can ‘bubble up’ to the surface!
- Automatically imports Klocwork project server issues
- Klocwork issues are added as Sonar Violations
- Adds to Sonar’s Violation metrics
- Klocwork issues contribute to technical debt
- Klocwork rules mapped to Sonar “code smells”, “Vulnerabilities” and “Bugs”
- Additional custom metrics added to Sonar for use with quality gates
- Klocwork widget to display total number of Klocwork issues and breakdown by severity (pre-sonar 6.2)
- Klocwork issues feature status and URL link to Klocwork review
- Provides the ability to combine multiple Klocwork projects into one SonarQube project
- Supports multiple Klocwork versions (v9.6, v10.x, v11.x, v12.x)