Static Analysis 2024.2 Release Provides CI/CD Integration and Analysis Options for Modern Development

The latest release of Helix QAC and Klocwork features significant improvements to the static analysis tools, empowering development teams to shift left by fixing errors early, reducing development costs and releasing faster. 

Here, we provide an overview of the new features and functionality of the 2024.2 release. 

➡️ Sign Up for Your Free Trial

CI/CD and Shifting Left for Continuous Compliance

Modern software development practices require development teams to be adaptable, prioritizing flexibility and collaboration while ensuring the quality and reliability of the code. Implementing continuous integration (CI) and continuous delivery (CD) processes into the software development pipeline is key to modern DevOps practices. 

📕 Related Resource: A Guide to Shifting Left in the Software Development Lifecycle 

Continuous integration is important during the build and test phases of the software development lifecycle (SDLC). It allows developers to identify issues, eliminate code conflicts, keep repository code updated, and reduces repository commit bottlenecks. 

Continuous delivery comes in after the CI build and automated tests are completed successfully, helping teams produce software in short cycles, so that changes can be tested and uploaded to a repository. 

Static analysis tools are essential in automating the CI/CD pipeline. Developers can use static analysis tools, like Helix QAC and Klocwork, to extend CI/CD and shift testing to the left of the SDLC, finding errors and standard rule violations for continuous compliance as the code is being written — all without having to execute the program. 

📕 Related Resource: What You Need to Know About the CI/CD Process

These tools have many benefits, such as being used as quality gates to ensure that any changes made to the code are integrated into the mainline and pass the CI build and tests successfully, before moving to the next phase of development. In addition, Klocwork, for example, can perform differential static analysis. Because it maintains system-wide knowledge of the code in a centralized server, it needs to analyze only the new and changed code. This provides the shortest possible analysis times and accelerates the CI/CD process. 

New CI/CD Integration Support in Helix QAC 2024.2

With the introduction of Helix QAC 2024.2, users get full CI/CD integration support with the Perforce Validate platform via the new Delta Analysis. That means developers can now manage results from CI/CD analyses to identify any defects introduced by new changes. 

Here's how it works: 

1. Helix QAC produces Delta Analysis results for change sets as part of a new feature branch commit, merge request, or pull request. 
2. Helix QAC then reports these results through the Validate platform. 

CI Delta results.  

Helix QAC's analysis for CI/CD pipelines capability enables organizations identify and communicate errors faster, without waiting for nightly builds. 

Development teams can also work beyond the desktop: results are integrated and published to Validate in a centralized store of analysis data, trends, and metrics for users to access across the organization.

CI Builds.

This support extends to analysis jobs running in cloud-based CI pipelines, containerized build tasks, and integration into various CI/CD platforms via the built-in Web API. That way, development teams can find and fix defects earlier in the SDLC and get to market faster. 

Modern Embedded Development: Improved Analysis Engine and Enhanced Security in Klocwork 2024.2

Developers also get improved features and functionality for modern software development with the new release of Klocwork. Klocwork 2024.2 introduces significant accuracy and performance improvements to the C/C++ analysis engine. 

Not only does this extend language support for modern C and C++ code constructs, but it also introduces the option to run the analysis engine alone in "modern mode." 

(Note: "Modern Mode" may result in a more significant change in results due to increased analysis coverage and understanding.)

There are exciting benefits to this new modern functionality: 

• Greater code coverage and defect detection for C++17 and newer.
• Lower false positives and false negatives rates. 
• Faster analysis times of up to 25%.*

(*based on internally benchmarked OSS projects)

2024.2 also comes with all the modern authentication improvements developers need, included enhanced security in Klocwork via the Validate platform, using Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). 

These updates provide enhanced security through centralized authentication and help IT teams simplify user management and user experience through single-sign-on (SSO). 

User authentication has evolved significantly in recent years, with multi-factor authentication (MFA) becoming a standard security practice. Perforce Static Analysis tools are equipped to embrace the future of security by continuing to stay a step ahead, implementing authentication and password improvements in new releases. 

Why Choose Helix QAC?

The improvements introduced in Helix QAC 2024.2 have helped solidify Helix QAC as the most accurate and precise code analyzer for continuous compliance across all embedded software development industries. 

To learn more about all the new enhancements to Helix QAC, visit What's New in Helix QAC. And, if you want to see the latest version of Helix QAC in action, register for a free trial. 

➡️ Free Trial Helix QAC

Why Choose Klocwork? 

The improvements introduced in Klocwork 2024.2 have helped solidify Klocwork as the go-to SAST tool for enforcing continuous compliance, security, and quality at scale. It integrates with complex environments and provides control, collaboration, and reporting across the entire enterprise. 

To learn more about all the new enhancements to Klocwork, visit What's New in Klocwork. And, if you want to see the latest version of Klocwork in action, register for a free trial. 

➡️ Free Trial Klocwork