Perforce static analysis engines ensure software quality, safety and security, and offer continuous compliance throughout the development process by alerting developers to defects, vulnerabilities and standards rule violations as the code is being written.
Adoption of shift-left strategies - processes and tooling to automate testing and security scanning earlier in the CI/CD pipeline - is growing and according to the 2024 State of Automotive Development Report by Perforce, 59% of embedded software professionals have adopted or are actively implementing shift-left practices.
Shifting to the left of the linear development timeline makes fixing errors more manageable, improves product quality, increases efficiency, ensures compliance to standards, and reduces time-to-market.
Using static analysis tools can empower development teams to adopt a shift-left methodology faster, more accurately, and at scale.
With the latest release, Perforce is now offering market-leading CI/CD integration capabilities, providing maximum flexibility for modern development practices. This includes the ability to produce delta analysis results for change sets as part of a new feature branch commit, merge request or pull request, and then reporting of these results through Perforce Validate, the continuous security and code compliance platform that provides a centralised store of Perforce static analysis data for codebases across the organisation, making peer reviews and deviation approvals simple and efficient.
Support also extends to analysis jobs running in cloud-based CI pipelines, containerised build tasks and integration into all manner of different CI/CD platforms via the built-in Web API, allowing development teams to find and fix defects earlier in the development lifecycle and go to market faster.
Customers also get enhanced and simplified security with the new Validate authentication improvements, including support for integration of identity providers with Validate using SAML and OIDC, allowing IT teams to manage users and groups more efficiently, and making it more convenient for users.
“We’re committed to evolving our tools with our customers’ needs,” said Steve Howard, Director of Product Management for Static Analysis at Perforce. “As we add more powerful, flexible analysis functionalities and security authentication, we’re set up to grow with a development pipeline the modern world requires, and customers expect.”
“Tools, platforms and workflows common already within the enterprise software development space are steadily cross-pollinating into the traditionally more reserved embedded software development space,” said Stephen Feloney, Vice President of Product Management at Perforce. “And we are right there now to meet them, where they are, integrated into the same platforms and tools, making static analysis easier to use and the whole process more efficient and more effective.”
Additional enhancements of Helix QAC 2024.2 and Klocwork 2024.2 include:
• Klocwork’s new modern C/C++ analysis engine ships with significant performance improvements and a “modern mode” functionality with greater code coverage and defect detection for C++17 and newer language versions, lower false positives and false negatives rates, and improved precision and faster analysis times of up to 25 percent.
• Improved language feature support for C++20 and C23.
• New support for projects using multiple compilers in Helix QAC.
• Extended compiler support in Klocwork for Clang, Clang-cl, GCC, IAR, Renesas.
• New and expanded coding standards coverage.
• Improved presentation of the MISRA C and MISRA C++ taxonomies in Klocwork.