Perforce Launches Full CI/CD Integration and Delivers Enhanced Security in Latest Static Analysis Release
Latest updates provide broader code coverage while allowing embedded developer teams to detect and fix security and compliance issues earlier in the testing cycle.
MINNEAPOLIS, July 31, 2024 — Perforce Software, the DevOps company for global teams requiring speed, quality, security, and governance at scale along the development lifecycle, announced the availability of the latest version of its static analysis tools with the latest release, providing enhanced security and maximum CI/CD process flexibility for safety-critical development projects.
Perforce static analysis engines ensure software quality, safety and security, and offer continuous compliance throughout the development process by alerting developers to defects, vulnerabilities and standards rule violations as the code is being written.
Adoption of shift-left strategies — processes and tooling to automate testing and security scanning earlier in the CI/CD pipeline — is growing. According to the 2024 State of Automotive Development Report by Perforce, 59% of embedded software professionals have adopted or are actively implementing shift-left practices. Shifting to the left of the linear development timeline makes fixing errors more manageable, improves product quality, increases efficiency, ensures compliance to standards, and reduces time-to-market. Using static analysis tools can empower development teams to adopt a shift-left methodology faster, more accurately, and at scale.
With the latest release, Perforce now offers market-leading CI/CD integration capabilities, providing maximum flexibility for modern development practices. This includes the ability to produce delta analysis results for change sets as part of a new feature branch commit, merge request or pull request, and then reporting of these results through Perforce Validate, the continuous security and code compliance platform that provides a centralized store of Perforce static analysis data for codebases across the organization, making peer reviews and deviation approvals simple and efficient. Support also extends to analysis jobs running in cloud-based CI pipelines, containerized build tasks and integration into all manner of different CI/CD platforms via the built-in Web API, allowing development teams to find and fix defects earlier in the development lifecycle and go to market faster.
Customers also get enhanced and simplified security with the new Validate authentication improvements, including support for integration of identity providers with Validate using SAML and OIDC, allowing IT teams to manage users and groups more efficiently, and making it more convenient for users.
“We’re committed to evolving our tools with our customers’ needs,” said Steve Howard, Director of Product Management for Static Analysis at Perforce. “As we add more powerful, flexible analysis functionalities and security authentication, we’re set up to grow with a development pipeline the modern world requires, and customers expect.”
“Tools, platforms and workflows common already within the enterprise software development space are steadily cross-pollinating into the traditionally more reserved embedded software development space,” said Stephen Feloney, Vice President of Product Management at Perforce. “And we are right there now to meet them, where they are, integrated into the same platforms and tools, making static analysis easier to use and the whole process more efficient and more effective.”
Additional enhancements of Helix QAC 2024.2 and Klocwork 2024.2 include:
- Klocwork’s new modern C/C++ analysis engine ships with significant performance improvements and a “modern mode” functionality with greater code coverage and defect detection for C++17 and newer language versions, lower false positives and false negatives rates, and improved precision and faster analysis times of up to 25 percent.
- Improved language feature support for C++20 and C23.
- New support for projects using multiple compilers in Helix QAC.
- Extended compiler support in Klocwork for Clang, Clang-cl, GCC, IAR, Renesas.
- New and expanded coding standards coverage.
- Improved presentation of the MISRA® C and MISRA C++ taxonomies in Klocwork.
Get more details on the latest release for Helix QAC hereandKlocwork here. To see how Helix QAC and Klocwork can help you streamline development and ensure code quality, register for a free trial.
##
About Helix QAC
For over 30 years, QAC has been the de facto static code analyzer for C and C++ code compliance, both for safety and security. With its depth and accuracy of analysis and exhaustive abstract interpretation dataflow analysis, Helix QAC has been the preferred static code analysis tool for the tightly regulated and mission-critical industries. Independently certified for use in the development of safety-critical software, QAC finds and reports on violations of many coding guidelines and standards, including the latest MISRA® C and C++ standards.
About Klocwork
Klocwork is a static analysis and SAST tool for C, C++, C#, Java, JavaScript, Python and Kotlin programming languages. It identifies software security, quality, and reliability issues, fast, helping to enforce compliance with industry standards as quickly and efficiently as possible. Built for scalability and speed, Klocwork can perform dataflow-based analysis for the very biggest and most complex codebases, making it a vital and efficient solution, where many other tools cannot cope. This has made Klocwork the preferred static analyzer for helping to keep development velocity high while still enforcing compliance for security and safety requirements.
About Perforce
The best run DevOps teams in the world choose Perforce. Perforce’s suite of products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts. Power Innovation with Perforce.