We performed a comparison between Checkmarx One and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apart from software scanning, software composition scanning is valuable."
"From my point of view, it is the best product on the market."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"One of the most valuable features is it is flexible."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The SAST component was absolutely 100% stable."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Technical support is quite good."
"The most valuable feature is the Incremental analysis."
"One can increase the number of vendors, so the solution is scalable."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"It's integrated into our CI, continuous integration."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"Updating and debugging of queries is not very convenient."
"Its user interface could be improved and made more friendly."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The solution's user interface could be improved because it seems outdated."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"It is an expensive solution."
"I believe it should support more languages, such as Python and JavaScript."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. Checkmarx One is rated 7.6, while Klocwork is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Veracode. See our Checkmarx One vs. Klocwork report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Static Code Analysis vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.