Klocwork SonarQube Plugin


The Emenda Klocwork SonarQube plugin allows you to import issues detected by the Klocwork advanced inter-procedural, control-flow and data-flow Code Analyzer into the SonarQube dashboard and combine that data with the quality and security data from other sources.


Klocwork & SonarQube

klocworkKlocwork is a powerful inter-procedural, control-flow and data-flow static code analysis engine static analysis for C, C++, Java and C# used widely in the safety and security critical industries.  Klocwork also provides coverage of many key industry and internationally recognised coding guidelines such as the MISRA guidelines used across a broad range of safety critical systems and the CWE, CERT, DISA STIG and OWASP security standards.  Learn more here

SonarQubeSonarQube (formerly just Sonar) is an open source platform for continuous inspection of code quality.  In this world of Continuous Integration, Continuous Deployment and now continuous reporting of our development teams’ progress towards our end goals of quality and security, the amount of data and data sources that we are handling for our development operations is growing exponentially.  SonarQube offers a great environment in which to combine, collate and filter that data so that the important bits can ‘bubble up’ to the surface!


Key Features

  • Automatically imports Klocwork project server issues
  • Klocwork issues are added as Sonar Violations
  • Adds to Sonar’s Violation metrics
  • Klocwork issues contribute to technical debt
  • Klocwork rules mapped to Sonar “code smells”, “Vulnerabilities” and “Bugs”
  • Additional custom metrics added to Sonar for use with quality gates
  • Klocwork widget to display total number of Klocwork issues and breakdown by severity (pre-sonar 6.2)
  • Klocwork issues feature status and URL link to Klocwork review
  • Provides the ability to combine multiple Klocwork projects into one SonarQube project
  • Supports multiple Klocwork versions (v9.6, v10.x, v11.x, v12.x)

 



  • Version 2.3 «

    • Fixed user property field that could cause the plugin not to run
    • Fixed NPD bug with some module projects

  • Version 2.2 «

    • Updated Klocwork Rules
    • Added the ability to use Klocwork Views
    • Handles multiple Klocwork projects into one SonarQube project
    • Updated support for quality models

  • Version 2.1 «

    Support to use Klocwork views added and upgraded kwjlib version used to 2.9

  • Version 2.0 «

    Support to use Klocwork modules added

  • Version 1.9 «

    Support for Klocwork C# rules added

  • Version 1.7 «

    Support for project specific settings in sonar to connect to a Klocwork server and project

  • Version 1.6 «

    Updated rules and added some additional debug options

  • Version 1.5 «

    Added the ability to specify the base directory for the project, used by the plugin to match files against Klocwork issue paths



Get in touch about our resources

Name (required)

Email (required)

Company

Department / Business Unit

Resource