Blog

August 25, 2021

How to Generate Compliance Reports in Perforce Static Code Analyzers

Security & Compliance,

DevOps

Ensuring and verifying that your codebase is compliant with a particular coding standard or industry regulation can be a difficult and time-consuming process. However, by using a static code analysis tool — such as Helix QAC and Klocwork — you can generate a compliance report to see whether your codebase is compliant or not.

Read along or jump ahead to the section that interests you the most:

➡️ experience the benefits of Compliance Reports

Why Compliance Reports Are Important

Compliance reports enable you to quickly view and report on the progress of your project with respect to compliance to particular coding standards or industry regulation and identify remaining gaps. Perforce static code analysis tools — Helix QAC and Klocwork — help you generate necessary reports and to prioritize remaining compliance issues.

What’s more, compliance reports provide a perfect printed or electronic report to share with management, end-customers, auditors, or certification bodies as evidence of compliance.

What Compliance Reports Are Available

Helix QAC and Klocwork both have specific compliance reports available to generate.

Available Compliance Reports:

  • Standards Compliance Report
  • MISRA Compliance Report – this provides all the data needed for MISRA 2020 Compliance

Reports can be generated for any of the supported coding standards plus custom standards

CODING STANDARD

HELIX QAC

KLOCWORK

MISRA C 2004

X

X

MISRA C 2012

X

X

MISRA C++ 2008

X

X

AUTOSAR C++14

X

X

High Integrity C++ (HIC++)

X

 

JSF AV C++

X

X

CERT C

X

X

CERT C++

X

X

CERT JAVA

 

X

CWE C

X

X

CWE C++

X

X

CWE Top 25 (C, C++, Java, and JavaScript)

 

X

ISO/IEC TS 17961 (C Secure)

X

X

OWASP

 

X

DISA STIG

 

X

PCI DSS

 

X

Custom Coding Standards

X

X

 

How to Generate Compliance Reports

Here we explain the step-by-step process for generating a compliance report. The process with Helix QAC and Klocwork is slightly different for each tool.

How to Generate a Compliance Report with Helix QAC

To generate a compliance report with Helix QAC GUI, follow these step-by-step instructions.

  1. Select the project that you would like to generate a compliance report for.

(The project should have been previously analyzed with the rcf for the required coding standard)

  1. From the Reports tab, click “Generate Report For Project:”.
     
  2. Select the Report Type. For compliance, select “Standards Compliance Report” or “MISRA Compliance Report”
     
  3. Optional: Select the Output Location  This defaults to the Helix QAC project folder \prqa\configs\<config name>\reports
  4. Optional: Select the Report Name.   This defaults to <project name>_<report name>_<datestamp>_<timestamp>
  5. Optional: Select Parameters for the MISRA Compliance Report (MCR) and Standards Compliance Report (SCR)

-L | --limit <n>  - limit each non summary table to <n> rows

-S | --summary-only  - only output the summary page, not the detailed output

  1. Click “OK” to generate the selected report.

The reports can also be generated on the command line.

How to Generate a Compliance Report in Klocwork

To learn how to generate a compliance report with Klocwork, watch the following tutorial.

 

If you don’t want to watch the video tutorial, here are the step-by-step instructions for how to generate a compliance report.

  1. From the Reports tab in Static Code Analysis, click “Compliance Report” at the bottom of the menu. The Compliance Report UI will appear.

    From the Compliance Report UI, you will be able to access previously generated reports in the left panel, while the right panel provides you with the controls to generate new reports.
     
  2. Select the taxonomy that you want to run the report against. For example, C and C++.
     
  3. Under “Build”, select which build you want to use in the report.
     
  4. Under “Views”, select the view used in the report. Note: If you leave this field blank, the report will use the default view.
     
  5. Under “Report Format”, you can select the MISRA option to generate a report in the MISRA 2020 guidelines format. By default, the report uses the Klocwork generic compliance format.
     
  6. Under “Output File Type”, select the output type for the report. Note: The default is PDF.
     
  7. Under “Output File Name”, select the name of the report. Note: The default file name is “<project_name> <specified build>”.
     
  8. Under “Output Folder Name”, select where to save the report. Note: The default is the root folder of the compliance reports in the left sidebar.
     
  9. Select “Summary Only” to only show the summary of rule violations in the report. Note: The default for both the summary and detailed violation/deviation tables are included in the report.

    If you would like to see the full, non-summary version of the report, you must have a Compliance License. For more information on Compliance Licenses, contact Klocwork Customer Support.
     
  10. Click “Generate” to build the report. The generated report will appear in the reports panel on the left. Note: To delete a previously generated report, remove it from the “projects_root/projects/custom_reports” folder.

An optional step you can take before you generate the report is to set the defects limit for the report. However, it should be noted that by increasing the number of defects, the generation time will be slowed down and will also increase the report size. In addition, adding a defect limit only impacts the full, non-summary report as it applies a limit to the number of issues in the violation and deviation details tables.

This can also be run via the WebAPI.

Start Using Compliance Reports

Receive detailed information on standards compliance by using reports. Start your free Perforce static code analysis free trial today.

➡️ static analysis Free Trial