Klocwork, the company that earned InfoWorld's nod for best code analyzer solution for 2006, made a subset of its K7 analyzer engine available yesterday as an Eclipse plug-in at a discounted price. The product, called Klocwork Developer for Java v. 7.6 (the version number refers to the release of the larger K7 product from which it’s derived and which I reviewed last year), goes beyond the usual style-oriented wa Klocwork, the company that earned InfoWorld’s nod for best code analyzer solution for 2006, made a subset of its K7 analyzer engine available yesterday as an Eclipse plug-in at a discounted price. The product, called Klocwork Developer for Java v. 7.6 (the version number refers to the release of the larger K7 product from which it’s derived and which I reviewed last year), goes beyond the usual style-oriented warnings of the built-in Eclipse source checkers. Instead, it steps through the program logic and finds subtle errors in code that would otherwise appear correct. For example, in test code for this posting, it found a suspicious test for a null passed parameter inside a method. What made the test suspicious was that it occurred lines after the parameter was first accessed. This is the type of error that can only be found by advanced code checkers that go beyond enforcing of rules from various style guides or making sure you’re hewing to coding conventions.You may customize the warnings in Klockwork Developer for Java so that it complains about only the errors and infelicities you’re interested in. One set of alerts you will not want to reconfigure is the product’s security recommendations. These detect numerous practices that can lead programs to fail in ways a cracker can exploit, such as not closing files and streams when you’re done with them; not checking user data for excessive length (risking a buffer overflow); and not checking user data that is subsequently used in databases (potential for SQL injection), HTTP headers (possible spoofing and cross-site scripting), or directory or filenames (can cause exceptions that might not be trapped). Like most products that detect security vulnerabilities, Klocwork Developer for Java is sold on a subscription basis: $299/year per developer. It works on J2EE, J2SE, and J2ME code, and from what I saw, it works pretty well. Klocwork Developer for Java v. 7.6 Cost: $299/year per developer Availablity: Now Verdict: This subset of Klockwork’s K7 analyzer engine is an inexpensive way to get one of the best static code checkers and security analyzers onto a developer’s desktop. Remember that it requires Eclipse or IBM Rational Application Developer. Technology Industry