In order for teams to spot security problems and vulnerabilities in their code, Rogue Wave is updating its static code analysis tool with a new security report, new Java checkers, extensive updates to its CERT taxonomy, and more.
Rogue Wave’s Klocwork 2017.1 is the company’s latest release, and it introduces a new built-in graphical security report outlining the top three vulnerabilities, as well as the hotspots for where these issues occur.
According to the company, these reports are “ideal” for including in project status reports to management or stakeholders. Teams can create security reports based on the most popular security rules, including CWE Top 25, CERT-C, DISA-STIG, and others.
Each report provides the top three new vulnerabilities, it identifies risky areas of code, and it provides vulnerability trends.
Klocwork 2017.1 also adds support for Visual Studio 2017, adds 100 percent coverage for C#6.0 language features, upgrades its analysis engine for speed and performance, and adds coverage for additional Java security vulnerabilities. In addition, there is new MISRA 2012 support, with MISRA 2012 rules added.
Other recent features that were introduced by Klocwork include its SmartRank feature, which lets developers prioritize their issues and select the defects they want to work on first. It also gives developers a recommendation on which issues should be looked at first, providing the most valuable issues at the top of SmartRank’s list.
In addition to these updates, Rogue Wave upgraded its analysis engine. The latest development includes improved tracking of numeric intervals for symbolic expressions. A number of algorithmic improvements were made to the engine as well.