GitHub Advanced Security vs Klocwork comparison

GitHub and Perforce are both solutions in the Application Security Tools category. GitHub is ranked #11 with an average rating of 8.0, while Perforce is ranked #17 with an average rating of 8.2. GitHub holds a 3.9% mindshare in AS, compared to Perforce’s 1.3% mindshare. Additionally, 91% of GitHub users are willing to recommend the solution, compared to 93% of Perforce users who would recommend it.

GitHub Advanced Security

Read 12 GitHub Advanced Security reviews

7,051 Views
7,051 Comparison Views

91% willing to recommend

Klocwork

Read 25 Klocwork reviews

3,729 Views
2,051 Comparison Views

93% willing to recommend

GitHub Advanced Security

Klocwork

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Klocwork and GitHub Advanced Security are key players in the code analysis and security market. Despite Klocwork's affordability, GitHub Advanced Security has the upper hand with its extensive features and strong market preference.

Features: Klocwork delivers effective static code analysis and is noted for detecting critical security vulnerabilities. GitHub Advanced Security presents a wider array of features, offering integration with repositories and advanced automated code scanning that are adaptable to various development environments.

Room for Improvement: Klocwork needs better integration with other tools and enhancements in flexibility and scalability. GitHub Advanced Security occasionally reports false positives and could benefit from more detailed documentation. Klocwork's integration issues are a larger obstacle compared to GitHub's challenges.

Ease of Deployment and Customer Service: Klocwork's deployment is straightforward but can face compatibility issues in different CI/CD pipelines, while its customer service is responsive. GitHub Advanced Security's cloud-based model facilitates easy deployment and excellent customer support, giving it a significant edge over Klocwork's environment-specific deployment hurdles.

Pricing and ROI: Klocwork is known for cost-effectiveness, appealing to budget-conscious teams, yet GitHub Advanced Security offers a superior long-term ROI through its extensive features and integration capabilities.

To learn more, read our detailed GitHub Advanced Security vs. Klocwork Report (Updated: March 2026).

Buyer's Guide

GitHub Advanced Security vs. Klocwork

March 2026

Download the complete report

Helped 885,444 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

GitHub Advanced Security

Ranking in Application Security Tools

11th

Average Rating

8.6

Reviews Sentiment

6.5

Number of Reviews

Ranking in other categories

No ranking in other categories

Klocwork

Ranking in Application Security Tools

17th

Average Rating

8.0

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (15th), Static Code Analysis (3rd)

Mindshare comparison

As of April 2026, in the Application Security Tools category, the mindshare of GitHub Advanced Security is 3.9%, down from 8.0% compared to the previous year. The mindshare of Klocwork is 1.3%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
GitHub Advanced Security	3.9%
Klocwork	1.3%
Other	94.8%

Application Security Tools

Featured Reviews

Devendiran Kandan

DevOps Engineer at a tech vendor with 1,001-5,000 employees

Security scanning has protected our pipelines but currently needs clearer dashboards and controls

We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inline product, I'm not seeing user-friendly things in GitHub Advanced Security. Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, before building and deploying the code, we want to block or do an advanced model, but it is not supporting. During deployment, code scanning is not good. It is a little complicated. It is not a straightforward method we can complete. We need expertise to get the full benefit, and troubleshooting sometimes requires going through that. The security overview dashboard is not really clear. It's not showing centralized information; each repo is showing, but if you compare it with competitors, it is not that great. Mainly in the centralized dashboard, enterprise level needs to improve. A centralized way where we can get that overall view is needed, and we want that code scanning and blocking deployments based on security. There are AI improvements, but however, it is not so easy to configure. It is multiple windows we need to go through and make changes or configure that. A few things we need to enable going into settings, and a few things we can find out in security. One product where security means the security dashboard should cover everything, but it is going here and there in many places.

Read full review

Krishna M Gopalakrishnan

Manager, Quality, Functional Safety, Cybersecurity Embedded Processing at a manufacturing company with 10,001+ employees

Experience with compliance improvements and efficiency boosts but static analysis engine shows a need for enhancement

One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improvement. Customers using different static analysis tools report more issues than with Klocwork, indicating that Klocwork's engine is not as superior. Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."

"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."

"The most valuable is the developer experience and the extensibility of the overall ecosystem."

"Dependency scanning is a valuable feature."

"GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives."

"The initial setup was straightforward and completed in a matter of minutes."

"The best features of GitHub Advanced Security are its flexibility and the multiple options it has compared to other tools."

"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."

More GitHub Advanced Security pros

"Overall I find Klocwork's features superior for our needs."

"Klocwork's most valuable feature is the static code analysis feature, as it detects potential problems earlier to allow the developer to receive feedback quickly and then address issues before they become a problem."

"The most valuable feature of Klocwork is its reduced setup time."

"It's integrated into our CI, continuous integration."

"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."

"One can increase the number of vendors, so the solution is scalable."

"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."

"The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met."

More Klocwork pros

Cons

"GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner."

"The reporting feature might need improvement. While it integrates seamlessly with my workflow, it doesn't provide management with oversight, such as statistics and the number of vulnerabilities."

"We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security."

"There could be a centralized dashboard to view reports of all the projects on one platform."

"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."

"Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning."

"There could be DST features included in the product."

"The customizations are a little bit difficult."

More GitHub Advanced Security cons

"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."

"Klocwork sometimes provides too many additional warnings which require expertise to manage."

"There are too many warnings, and it requires expertise to determine the correct category for them."

"I would like to see better codes between projects and a more user-friendly desktop in the next release."

"Every update that we receive requires of us a lengthy and involved process."

"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."

"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."

"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."

More Klocwork cons

Pricing and Cost Advice

"The solution is expensive."

"The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth."

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."

"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."

"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."

"This solution offers competitive pricing."

"Licensing fees are paid annually, but they also have a perpetual license."

"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

885,444 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

14%

Computer Software Company

10%

Manufacturing Company

Government

Manufacturing Company

22%

Computer Software Company

Transportation Company

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	4
Large Enterprise	7

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	2
Large Enterprise	12

Questions from the Community

What needs improvement with GitHub Advanced Security?

See all answers

What is your primary use case for GitHub Advanced Security?

I'm working with software development nowadays. As a process, we are using the dependent bot alerts and the code scanning for Java, and some of the code scanning is happening. Security secrets in c...

See all answers

What advice do you have for others considering GitHub Advanced Security?

Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, ...

See all answers

What is your experience regarding pricing and costs for Klocwork?

Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.

See all answers

What needs improvement with Klocwork?

See all answers

What is your primary use case for Klocwork?

I work on tools such as Klocwork, LDRA, as well as Jira and Confluence, focusing more on the software quality assurance aspect. We use Klocwork for coding and aggregate checks. We use it for static...

See all answers

Comparisons

SonarQube vs GitHub Advanced Security

Compared 31% of the time

Snyk vs GitHub Advanced Security

Compared 12% of the time

Veracode vs GitHub Advanced Security

Compared 10% of the time

Checkmarx One vs GitHub Advanced Security

Compared 7% of the time

Mend.io vs GitHub Advanced Security

Compared 5% of the time

More GitHub Advanced Security Competitors

SonarQube vs Klocwork

Compared 15% of the time

Coverity Static vs Klocwork

Compared 14% of the time

Polyspace Code Prover vs Klocwork

Compared 8% of the time

Helix QAC vs Klocwork

Compared 7% of the time

Axivion Static Code Analysis vs Klocwork

Compared 4% of the time

More Klocwork Competitors

Product Reports

Buyer's Guide

GitHub Advanced Security

March 2026

Download GitHub Advanced Security product report

Buyer's Guide

Klocwork

March 2026

Download Klocwork product report

Overview

GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.

GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It provides valuable integration with Azure DevOps, maintaining control within dashboards and enabling external systems' support through APIs. With CodeQL, users can perform custom queries across projects. Propelled by Microsoft, the platform enhances operational frameworks with essential security features, although improvements are needed in dashboard consolidation, reporting, and integration mechanisms. Users seek better customizability, language support, and training resources to ensure smoother implementation.

What are the key features of GitHub Advanced Security?

Security and Dependency Scanning: Identifies vulnerabilities in code and dependencies.
Secret Scanning: Detects sensitive information exposure.
Cost-effectiveness: Reduces the need for multiple security tools.
Developer Experience: Integrates seamlessly with development environments.
Extensibility: Custom queries via CodeQL and integration support.

What benefits and ROI can users expect?

Improved Security Posture: Enhanced visibility reduces risk.
Operational Efficiency: Streamlines processes with fewer tools.
Actionable Insights: AI-driven analysis provides clear guidance.
Enhanced Collaboration: Facilitates team integration through shared dashboards.

Industries implement GitHub Advanced Security to maintain robust security standards. It is favored by technology sectors seeking seamless integration with Azure DevOps and looking for customizable security tools tailored to project needs. Financial institutions value its accurate threat detection and compliance support, while enterprises focus on its comprehensive dependency scanning and code analysis capabilities to safeguard critical assets. The adaptability of GitHub Advanced Security across different operational environments illustrates its practical benefits.

GitHub

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Perforce

Sample Customers

Information Not Available

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Buyer's Guide

GitHub Advanced Security vs. Klocwork

March 2026

Free Report: GitHub Advanced Security vs. Klocwork

Find out what your peers are saying about GitHub Advanced Security vs. Klocwork and other solutions. Updated: March 2026.

DOWNLOAD NOW

885,444 professionals have used our research since 2012.

See our GitHub Advanced Security vs. Klocwork report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.