Checkmarx One and Klocwork are two leading products in the code security landscape. Checkmarx One appears to have the upper hand with more positive feedback on pricing and support services, while Klocwork is acknowledged for its comprehensive feature set.
Features: Checkmarx One integrates with various development tools and CI/CD pipelines, supports a wide range of languages, and offers flexible deployment options. Klocwork provides comprehensive static code analysis, is ideal for large codebases, and supports complex projects effectively.
Room for Improvement: Checkmarx One could enhance real-time detection, reduce false positives, and improve user interface clarity. Klocwork needs better support documentation, streamlined configuration, and more accessible training resources.
Ease of Deployment and Customer Service: Checkmarx One has a straightforward deployment model and responsive customer service. Klocwork's deployment can be more time-consuming, and it would benefit from more proactive support options.
Pricing and ROI: Checkmarx One is recognized for competitive setup costs and favorable ROI for growing businesses. Klocwork, though perceived as more expensive initially, offers value through its advanced features and scalability that appeals to enterprises.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
I would rate the stability of this solution a nine on a scale of 1 to 10 where one is low stability and 10 is high.
Installation is easy, and the solution is stable.
It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
My experience with the initial setup of Checkmarx One is straightforward; it is not complex compared to other tools that I have tried.
Its integration with the CI/CD pipeline has helped streamline the software development process.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
It takes just half a day to set up.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
Checkmarx One offers comprehensive application scanning across the SDLC:
Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
