We performed a comparison between CodeSonar and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"It has been able to scale."
"There is nice functionality for code surfing and browsing."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"CodeSonar’s most valuable feature is finding security threats."
"The tool is very good for detecting memory leaks."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"One can increase the number of vendors, so the solution is scalable."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"Technical support is quite good."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"The ability to create custom checkers is a plus."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"There could be a shared licensing model for the users."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"The scanning tool for core architecture could be improved."
"It was expensive."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."
"I believe it should support more languages, such as Python and JavaScript."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"Klocwork has to improve its features to stay ahead of other free solutions."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. CodeSonar is rated 8.2, while Klocwork is rated 8.2. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". CodeSonar is most compared with SonarQube, Coverity, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and Veracode. See our CodeSonar vs. Klocwork report.
See our list of best Application Security Tools vendors and best Static Code Analysis vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.