Perforce Software now provides Rust language support in its 2026.1 release for the QAC and Klocwork solutions.
As governance of AI becomes more critical, the need for traceability and auditability of AI-generated code has become an essential requirement of static analysis tools, particularly for highly regulated industries like aerospace, automotive, and medical devices. To address these requirements, Perforce QAC and Klocwork are some of the first static analysis tools available to allow for cross-language support for both Rust and C/C++ code to meet embedded engineers where they are: a need to adapt to more nimble and popular programming languages for memory safety assurances while maintaining governance, traceability, and visibility across longstanding C and C++ codebases.
Whether written by a human or AI agent, static analysis helps developers easily find and fix hidden defects in Rust code well before deployment, where they are least costly to address. Up to 85% of defects are introduced during the coding phase of the development lifecycle, and fixing these issues early prevents 640 times the cost if the defects are not found until product release (Jones, Capers, Applied Software Measurement).
“In an era defined by more autonomous AI workflows, scale, concurrency, and escalating security risk, hundreds of embedded software companies worldwide are adopting Rust as they look to further battle-harden systems from the ground up and looking to static analysis tools to help with code quality, security, and auditability with more individuals producing code via AI. What’s driving this shift is not just Rust’s ability to improve safety and security through memory-safe code, but to do this while using AI to deliver fast, efficient, cross-platform software, making Rust a viable alternative to C and C++ for mission-critical embedded systems — exactly where software failures carry the highest cost,” said Steve Howard, Director of Product Management at Perforce.
Rust alone is not a perfect solution in functional safety and embedded environments. A recent CISA report stated that 30% of all vulnerabilities reported to Microsoft and Google were in other categories, such as logic flaws. Perforce Static Analysis offers seamless cross-language visibility within a single workflow while also identifying the logic, concurrency, boundary, and dataflow vulnerabilities that Rust linters and general-purpose AI language models do not address. The result is greater confidence adopting Rust at scale, without sacrificing the assurance required for safety and security-critical software.
Adding to Perforce Static Analysis’s already extensive support for C, C++, C#, Java, JavaScript, Python, and Kotlin, the Rust support in QAC and Klocwork provides extension of Rust’s built-in safety guarantees by identifying security, safety, and compliance issues, particularly in unsafe code, complex control flows, and mixed-language systems. Teams working in mixed-language projects can apply the same deep analysis and dataflow-based detection of system-level defects they have come to expect across C, C++, and Rust. This approach also enables consistent, auditable reporting of security, safety, and compliance findings to support regulated audits.
Developers who already use Rust linters like Clippy can optionally integrate those checks directly into the QAC and Klocwork analysis workflows. This approach unifies Clippy findings with the advanced diagnostics provided by the Perforce Static Analysis tools, extending coverage beyond memory safety to surface deeper logic, concurrency, and maintainability issues that Rust tooling alone does not comprehensively address. Rust support in QAC and Klocwork is available now.
