Automotive CI/CD: Jenkins + VectorCAST + RocqStat pipeline template

Ship safe, ship fast: a ready-to-run Jenkins + VectorCAST + RocqStat pipeline for automotive CI/CD

Hook: If your automotive release cadence is slowed by fragile pipelines, fragmented tools, and uncertain timing guarantees, you need a repeatable, auditable CI/CD pattern that covers static checks, unit and integration tests, and worst-case execution time (WCET) analysis. This article gives you a downloadable pipeline template and test-lab IaC for Jenkins, VectorCAST and RocqStat so you can run the end-to-end verification loop in a reproducible way.

The payoff up front

In 2026, automotive teams must prove not only functional correctness but also timing safety for real-time ECUs. Vector's 2026 acquisition of RocqStat signals consolidation of timing analysis into mainstream toolchains — and it's your chance to standardize. Use the pipeline and IaC below to automate static analysis, VectorCAST unit/integration tests, and RocqStat timing runs, gather artifacts for ISO 26262/ASIL evidence, and reduce tool sprawl by centralizing execution in Jenkins.

"Vector Informatik has acquired StatInf’s RocqStat software technology ... to strengthen its capabilities in timing analysis and worst-case execution time (WCET) estimation" — Automotive World, January 16, 2026

Why this matters in 2026

• Timing safety is now mandatory — More OEMs demand WCET and Schedulability evidence as vehicles get software-defined features (ADAS, domain controllers, OTA).
• Regulation and audit pressure — ISO 26262 and related standards expect traceable test artifacts and deterministic timing analysis.
• Tool consolidation trends — Following the Vector–RocqStat integration, the market favors unified toolchains over ad-hoc stacks (reduces maintenance and licensing friction).
• Cloud + edge HIL — Test labs are migrating to hybrid infrastructure; you need IaC to provision consistent environments. See patterns for edge registries and cloud filing when designing artifact and model stores.

What you get: templates and lab IaC

This guide describes the components we provide in the downloadable starter project:

• Jenkinsfile (declarative) pipeline template with stages for static analysis, VectorCAST unit/integration, RocqStat timing analysis, artifact archiving and report collection.
• Terraform modules to provision a repeatable test lab on AWS/GCP/Azure (VMs for Jenkins agents, license server, and HIL emulators or QEMU-based targets).
• Dockerfiles and container images for VectorCAST CLI helpers and RocqStat runtime (wraps official tool CLI; requires license).
• Sample jobdsl and Jenkins configuration as code (JCasC) to install needed plugins and credentials bindings.
• Runbooks: how to run the pipeline locally for dev, and how to scale to cloud HIL for integration testing. (Operational patterns are covered in the Advanced Ops Playbook.)

High-level pipeline architecture

Keep the pipeline simple and deterministic. The pipeline uses ephemeral agents (Docker or cloud VMs), centralized artifact storage, and a secure license server for VectorCAST and RocqStat. Key flows:

1. Checkout & preflight — Checkout code, fetch manifest, validate IaC state.
2. Static analysis — Run MISRA/clang-tidy/Cppcheck for C/C++ layers; fail-fast on critical issues.
3. Unit tests (VectorCAST) — Build, instrument, run unit tests; collect coverage and traceability links. For more on turning unit tests into timing guarantees, see From Unit Tests to Timing Guarantees.
4. Integration tests — Execute on target/virtual target; collect logs and functional traces.
5. Timing analysis (RocqStat) — Produce WCET estimates from binary + analysis model; fail if WCET > budget. This step closes the loop described in verification pipeline patterns.
6. Artifact bundling & evidence — Publish test reports, coverage metrics, and the timing report to artifact store for audits. Consider edge filing and registries for discoverability.

Sample Jenkinsfile: declarative pipeline (quick start)

Below is a condensed Jenkinsfile that demonstrates stage structure and how to call VectorCAST and RocqStat CLI. The full template in the repo includes logging, timeouts and retry logic.

pipeline {
  agent { label 'docker && linux' }
  environment {
    VCAST_LICENSE = credentials('vcast-license')
    ROCQ_LICENSE = credentials('rocq-license')
    ARTIFACTS_BUCKET = 's3://my-automotive-artifacts'
  }
  stages {
    stage('Checkout') {
      steps { checkout scm }
    }
    stage('Static Analysis') {
      steps {
        sh 'docker run --rm -v $PWD:/work my-tools/cppcheck:latest cppcheck --enable=all /work/src'
      }
    }
    stage('Build & Unit Tests (VectorCAST)') {
      steps {
        sh '''
          docker run --rm -v $PWD:/work -e VCAST_LICENSE=${VCAST_LICENSE} my-tools/vcast-cli:latest \
            /bin/bash -lc "vcast build /work && vcast run-unit-tests --project /work/project.vc"
        '''
      }
      post { always { archiveArtifacts artifacts: 'vcast/reports/**', fingerprint: true } }
    }
    stage('Integration Tests') {
      steps {
        sh 'docker run --rm -v $PWD:/work my-tools/integration-runner:latest /work/scripts/run_integration.sh'
      }
    }
    stage('Timing Analysis (RocqStat)') {
      steps {
        sh '''
          docker run --rm -v $PWD:/work -e ROCQ_LICENSE=${ROCQ_LICENSE} my-tools/rocq-cli:latest \
            /bin/bash -lc "rocq-analyze --binary /work/build/firmware.elf --map /work/build/firmware.map -o /work/rocq/report.json"
        '''
      }
      post { always { archiveArtifacts artifacts: 'rocq/report.json', fingerprint: true } }
    }
    stage('Publish Artifacts') {
      steps {
        sh 'aws s3 sync ./artifacts ${ARTIFACTS_BUCKET}/${BUILD_NUMBER}/'
      }
    }
  }
}

Notes on the Jenkinsfile

• Use Jenkins credentials store for licenses, and bind them as environment variables so they never appear in logs.
• Wrap tool invocations in container images to keep agents immutable and reproducible.
• Archive both human-readable reports (HTML/PDF) and machine-readable artifacts (JSON/XML) for automated audits.

Test lab IaC: Terraform baseline

Provisioning consistent test labs avoids "it works on my desk" problems. The starter IaC uses Terraform modules to provision:

• Bastion and VPN for secure remote HIL access
• Jenkins master (Auto-scaling leader/standby pattern)
• Ephemeral Jenkins agents (VM scale sets or GKE node pools)
• License server VM (secure, internal network only)
• Optional HIL nodes or QEMU instances for target emulation

Example Terraform snippet (AWS):

module "jenkins" {
  source = "git::https://example.com/infra-modules.git//jenkins-ecs"
  region = var.region
  vpc_id = module.network.vpc_id
  agent_ami = data.aws_ami.ubuntu.id
}

module "license_server" {
  source = "./modules/license-server"
  subnet_id = module.network.private_subnet_id
  instance_type = "t3.medium"
}

Practical IaC tips

• Keep secrets out of Terraform state: use HashiCorp Vault or cloud KMS and refer to secrets via Jenkins credentials at runtime. See patterns for automating cloud workflows when integrating secret retrieval.
• Use immutable images: bake agents with Packer to preinstall required CLI tools (VectorCAST helpers, RocqStat CLI) to avoid long startup times. The Advanced Ops Playbook covers similar image and ops patterns.
• Network segmentation: place license servers and HIL equipment in a private subnet with strict security groups.
• Cost controls: enforce auto-shutdown for non-production agents and HIL nodes outside working hours to reduce cloud spend. For storage & cost controls, review storage cost optimization guidance.

How to integrate VectorCAST and RocqStat in the pipeline

VectorCAST handles unit and integration testing in many automotive shops. RocqStat provides advanced timing analysis and WCET. The integration pattern you want:

1. Build instrumented binaries with the same compiler flags used in production — mismatches lead to incorrect WCET.
2. Run VectorCAST to exercise code paths and generate execution traces and coverage artifacts. (This is the same verification approach discussed in verification pipeline guidance.)
3. Feed the binary, map files, and optionally execution traces into RocqStat to produce WCET estimates and path reports.
4. Fail the pipeline if any WCET estimate exceeds the configured budget for the task/ECU.

Example CLI flow (conceptual):

# Build for target
gcc -mcpu=cortex-r7 -O2 -g -o firmware.elf src/*.c

# VectorCAST run (generates coverage & trace)
vcast-cli --project project.vc --build --run --export-trace trace.evt --report report.xml

# RocqStat timing analysis
rocq-analyze --binary firmware.elf --map firmware.map --trace trace.evt --output rocq/report.json

Common pitfalls and mitigations

• Mismatched compiler flags: Keep the build configuration in IaC and ensure Jenkins agents use identical toolchains to local builds.
• Licensing interruptions: Run a highly available internal license server and monitor license usage; include license checks as a preflight stage. Also reconcile vendor uptime and license expectations with guidance like From Outage to SLA.
• Trace variability: Make unit and integration tests deterministic (seed RNGs, fix scheduling) to avoid nondeterministic timing inputs.

Auditability and compliance

ISO 26262 and automotive suppliers expect traceable artifacts. The pipeline captures necessary evidence:

• Build provenance (commit, build environment, compiler versions)
• Test execution logs and VectorCAST reports with trace-to-requirement mapping
• RocqStat WCET reports and assumption documentation
• Signed artifacts (optional) and immutable storage retention policies

Store artifacts in a tamper-evident system (S3 with Object Lock, or an on-premise artifact repository). For audits, provide a single archive per release containing reports, binaries, and the Jenkins pipeline run metadata. See practical storage and cost advice in Storage Cost Optimization.

Operational guidance: metrics and guardrails

Define measurable quality gates:

• Failure thresholds: Block merges if static analysis reports new critical issues.
• Coverage gates: Minimum unit test coverage per module (e.g., 85% line or MC/DC where required).
• Timing budget: Per-task WCET must be below budget with safety margin (e.g., 10%).
• Flakiness tracking: Track flaky test rate; auto-annotate flaky tests and require fixes for repeat offenders. Consider automating parts of this flow with modern cloud automation patterns (prompt-chain driven automation).

Scaling from single-team to multi-project labs

Start small and scale horizontally:

1. Use namespaces or folders in Jenkins to isolate teams.
2. Share common LLVM/GCC toolchain containers via an internal registry.
3. Centralize timing models and RocqStat config as reusable modules.
4. Use Terraform modules to replicate lab patterns across regions or cloud accounts — tie this into your micro‑service and composability strategy (see composable services patterns).

2026 trends and next steps

Expect these trends to shape automotive CI/CD this year and beyond:

• Deeper integration between verification and timing tools: Following Vector’s RocqStat acquisition, tighter VectorCAST–RocqStat workflows will reduce manual model handoffs.
• AI-assisted test generation: ML-driven test case generators will populate edge cases and help close hidden timing paths — but human review remains essential for safety evidence. If you want to prototype ML-assisted flows quickly, see starter kits like Ship a micro-app in a week.
• Shift to hybrid cloud HIL: Cloud-native emulation reduces cost for early integration tests, while on-prem HIL remains for final verification of physical interactions.
• Tool consolidation pressure: Teams are consolidating to fewer vendors to cut ops overhead — your pipeline should support vendor-neutral interfaces to avoid lock-in. Read how to audit and consolidate your tool stack.

Quickstart checklist (actionable)

1. Clone the starter repo to your sandbox Jenkins project.
2. Provision a small test lab with Terraform (one Jenkins agent, one license server VM, one QEMU target).
3. Provision secrets in Jenkins for VectorCAST and RocqStat licenses and artifact credentials.
4. Run the pipeline on a trivial module to validate end-to-end flow and artifact collection.
5. Iterate: add stricter gates (coverage, WCET limits) and enable scheduled nightly full integration runs on HIL.

Security and cost controls

Don't treat test labs like toy environments — apply security and cost guardrails:

• Network policies: Limit license server access to Jenkins and agent subnets only.
• Least privilege: Use service accounts with minimal IAM permissions for artifact upload and infra changes.
• Cost tagging and autoscaling: Tag all resources, enforce auto-termination of non-working-hour resources, and use spot/discounted instances where acceptable.
• Audit logs: Forward Jenkins logs to a centralized SIEM for change tracking and compliance evidence retention. Have an incident and recovery plan similar to public-sector outage playbooks like Public-Sector Incident Response Playbook.

Case study: bringing it together (short example)

A Tier-1 supplier reduced integration debug time by 40% after adopting an automated pipeline similar to this template. Key wins:

• Early WCET failures prevented late-stage schedule overruns.
• Centralized reports cut audit prep from weeks to days by automating evidence collection.
• Standardized agents and IaC reduced "works on my desk" builds and environment drift.

Where to get the templates and next actions

The starter project includes:

• Jenkinsfile and JCasC snippets
• Terraform modules for an AWS and GCP test lab
• Dockerfiles for VectorCAST and RocqStat CLI wrappers (note: these do not include licenses)
• Runbooks for integrating with corporate license servers

Download the artifacts, clone the repo and follow the Quickstart checklist above to validate a minimal run. If your organization needs help adapting the template to custom toolchains (different compilers, proprietary HIL), we offer workshops and a hands-on migration kit.

Final takeaways

• Consolidate where it counts: Integrate VectorCAST and RocqStat into a single Jenkins-driven pipeline to reduce manual handoffs and audit friction. See how to audit and consolidate your tool stack.
• Automate evidence: Produce machine-readable artifacts for every run — auditors and engineers both win.
• Provision repeatably: Use Terraform and immutable agent images so test labs behave identically across teams.
• Guard cost and security: Autoscale test capacity and lock down license servers and HIL networks. For storage and cost guidance, review Storage Cost Optimization.

Call to action

Get the Jenkins + VectorCAST + RocqStat pipeline template and test-lab IaC now. Clone the starter repo, run the Quickstart, and validate WCET in your CI loop this week. For tailored integrations, workshops, or enterprise rollout help, contact our team to schedule a 2-day workshop — we’ll adapt the templates to your toolchain and compliance targets.

Related Reading

• From Unit Tests to Timing Guarantees: Building a Verification Pipeline for Automotive Software
• How to Audit and Consolidate Your Tool Stack Before It Becomes a Liability
• Storage Cost Optimization for Startups: Advanced Strategies (2026)
• From Outage to SLA: How to Reconcile Vendor SLAs Across Cloudflare, AWS, and SaaS Platforms
• CES 2026 Sensors That Could Replace Your Expensive Wearable: Reality Check
• Matchday Manchester: A Fan’s Guide to Attending the City Derby
• Mitski-Inspired Road Trips: Build a Moody Music Playlist and the Haunted Routes to Match
• How to Host a Family Twitch Watch Party and Share It on Bluesky
• Walk London in Comfort: Do 3D-Scanned Custom Insoles Make Sightseeing Easier?