Configuring taxonomies and categories
|In this topic:|
Klocwork provides three default organizational structures, or taxonomies:
- C and C++
Each taxonomy contains a set of checkers, grouped by category.
The three default taxonomies, as their names suggest, organize all checkers by language. You can set up taxonomies to report on whatever is important to you. For example:
- to measure compliance with a standard such as CWE. In this case, you'd include only the checkers that detect violations of the standard. Taxonomy files for CERT, CWE, DISA STIG and OWASP are provided for you in your <server_installation>/taxonomies folder, which you can import as you choose.
- to measure software quality
- to assess software security
Opening the standalone Taxonomy Editor
The standalone Taxonomy editor is used to configure custom taxonomies, categories and to edit reference information. It is accessed from the command line by running one of the following commands:
To create a new configuration file, run the command:
The Taxonomy Editor will open in a new window and you can make any changes required. Once you are finished making changes, click OK . Now save the file where you can find it easily, then import it for your project using the kwadmin import-config command or by importing it through the Configuration tab for your specific project in Static Code Analysis.
For projects with an existing configuration file, run the command:
In this scenario, make sure you are pointing to the taxonomy file for the project you wish to change.
kwtaxonomyeditor "C:\Klocwork\Server 19.0\taxonomies\cwe_10_cxx.tconf"
Creating and editing taxonomies and categories
You create and edit taxonomies and categories using the standalone Taxonomy Editor. Default taxonomies are read-only and cannot be edited.
- Add a new taxonomy: Right-click on any white space in the editor and click New taxonomy. In the Create new taxonomy dialog, enter a name and click OK.
- Add a new category: Right-click a taxonomy to create a category. Click New category. In the Create new category dialog, enter a name and click OK.
- Rename a category: Right-click and click Rename. In the Rename dialog, enter a new name and click OK. Note: You can't rename a taxonomy.
- Delete a taxonomy or category: Right-click and click Delete. Click OK to confirm. The taxonomy or category and all of its contents are removed. This change can't be undone for non-default taxonomies and categories.
- Delete a checker from a taxonomy : Right-click and click Delete. Click OK to confirm.
Adding a checker to a taxonomy
You can add a checker in a few ways:
- drag from another taxonomy. Note that the checker will be removed from the taxonomy you're dragging it from.
- copy-and-paste or cut-and-paste from another taxonomy (through the right-click menu, or with Ctrl+x, Ctrl+c and Ctrl+v)
- right-click on either a taxonomy or category and click Add issue . In the Add issue dialog, start typing an issue code, and auto-completion will suggest available matches. Double-click an item in the list and click OK. For a list of issue codes, see C and C++ checker reference, Java checker reference and C# checker reference.
Note that because a checker can't appear more than once in a taxonomy, you can't copy-and-paste from one category to another within the same taxonomy; you can only cut-and-paste, or drag-and-drop.
Importing your taxonomy file in Klocwork Static Code Analysis
Once you have created your custom taxonomy file (.tconf), you can import it for your project by doing the following:
- Log in to Klocwork Static Code Analysis.
- In the Klocwork Static Code Analysis analysis project list, click the project you want to upload the file to.
- The project details appear.
- In the project details, click Configuration.
- On the Configuration page, click Add a configuration file.
- In the Choose file dialog, browse to:
- <projects_root>/projects/<project_name>/rules/<yourtaxonomyfile>.tconf (or wherever you chose to save your taxonomy file)
- where<project_name> is the project whose configuration you want to copy.
- Click Upload.
Editing the Reference information for a checker
The Reference field can contain any extra information you'd like to add for a checker. The Reference field is taxonomy-specific; this means that if a checker exists in multiple taxonomies, it can have multiple values for the Reference field. This also means that when you copy or move a checker from one taxonomy to another, the Reference information is not copied or moved.
A typical use for this field is to map the checker to a rule in a standard. For example, the checker MISRA.ASM.ENCAPS detects violations of both MISRA-C rule 2.1 and MISRA-C++ rule 7-4-3. We've included both of these rule numbers in the Reference field for this checker.
To change the reference value for a checker:
- Open the standalone Taxonomy Editor.
- Expand an issue category to display the checker you want to change.
- Right-click the checker.
- In the pop-up menu, click Edit reference.
- In the Specify Reference dialog, enter a value.
- Click OK to save your changes.
Reference information is included as a part of your customized .tconf file.