In the below example, we have illustrated Jenkins as a continuous integration tool and JIRA as a task management tool, but these can be replaced by any similar tools.
In this case, we run Jenkins builds that are triggered by source code changes or have scheduled run times (e.g. nightly). The Klocwork analysis compares results with the previous analysis to identify the difference (e.g. new, fixed or existing issues). When new issues are detected, we check whether the developer who is responsible for the new issue has assessed the situation by providing a comment and/or suppression of the issue.
Issues are commented/suppressed using the Klocwork desktop tools, where a developer should already have detected the issue as soon as it was implemented, and thereafter either fixed the issue (in which case it no longer exists) or triaged it and provided an appropriate comment and/or suppression. All this is done within the developer’s preferred IDE or via Klocwork’s graphical desktop utility.
We can illustrate this workflow with the diagram below: