No more typing reviews! Try our Samantha, our new voice AI agent.

GitHub Advanced Security vs Klocwork comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

GitHub Advanced Security
Ranking in Application Security Tools
12th
Average Rating
8.6
Reviews Sentiment
6.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
Klocwork
Ranking in Application Security Tools
20th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
25
Ranking in other categories
Static Application Security Testing (SAST) (15th), Static Code Analysis (3rd)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of GitHub Advanced Security is 2.4%, down from 8.4% compared to the previous year. The mindshare of Klocwork is 1.5%, up from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
GitHub Advanced Security2.4%
Klocwork1.5%
Other96.1%
Application Security Tools
 

Featured Reviews

Devendiran Kandan - PeerSpot reviewer
DevOps Engineer at a tech vendor with 1,001-5,000 employees
Security scanning has protected our pipelines but currently needs clearer dashboards and controls
We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inline product, I'm not seeing user-friendly things in GitHub Advanced Security. Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, before building and deploying the code, we want to block or do an advanced model, but it is not supporting. During deployment, code scanning is not good. It is a little complicated. It is not a straightforward method we can complete. We need expertise to get the full benefit, and troubleshooting sometimes requires going through that. The security overview dashboard is not really clear. It's not showing centralized information; each repo is showing, but if you compare it with competitors, it is not that great. Mainly in the centralized dashboard, enterprise level needs to improve. A centralized way where we can get that overall view is needed, and we want that code scanning and blocking deployments based on security. There are AI improvements, but however, it is not so easy to configure. It is multiple windows we need to go through and make changes or configure that. A few things we need to enable going into settings, and a few things we can find out in security. One product where security means the security dashboard should cover everything, but it is going here and there in many places.
KG
Manager, Quality, Functional Safety, Cybersecurity Embedded Processing at a manufacturing company with 10,001+ employees
Experience with compliance improvements and efficiency boosts but static analysis engine shows a need for enhancement
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improvement. Customers using different static analysis tools report more issues than with Klocwork, indicating that Klocwork's engine is not as superior. Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"GitHub Advanced Security is a very developer-friendly solution that is integrated within my development environment."
"I have not experienced any performance or stability issues with GitHub Advanced Security."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives."
"GitHub Advanced Security's secret scanning is good."
"Dependency scanning is a valuable feature."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"It saves a lot of time when it comes to finding defects, it's basically inputted in every access we do."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"The most valuable feature of Klocwork is its reduced setup time."
"It's integrated into our CI, continuous integration."
"Klocwork is user-friendly, with a client-server architecture that provides all needed compliance."
"The ability to create custom checkers is a plus."
"Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow."
"One can increase the number of vendors, so the solution is scalable."
 

Cons

"We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security."
"The report limitations are the main issue."
"There could be DST features included in the product."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning."
"GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner."
"The reporting feature might need improvement. While it integrates seamlessly with my workflow, it doesn't provide management with oversight, such as statistics and the number of vulnerabilities."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"Klocwork has to improve its features to stay ahead of other free solutions."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"Every update that we receive requires of us a lengthy and involved process."
"For an improved product, we'd like to see integration with Agile DevOps and Agile methodologies."
"Support for AUTOSAR C++14 by adding a new taxonomy that you can use to ensure compliance with the AUTOSAR C++14 Standard, release 18-03."
"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free."
 

Pricing and Cost Advice

"The solution is expensive."
"The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth."
"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
"This solution offers competitive pricing."
"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
"Licensing fees are paid annually, but they also have a perpetual license."
"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
10%
Manufacturing Company
8%
Government
7%
Manufacturing Company
22%
Construction Company
8%
Transportation Company
8%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise4
Large Enterprise7
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise2
Large Enterprise13
 

Questions from the Community

What needs improvement with GitHub Advanced Security?
We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inli...
What is your primary use case for GitHub Advanced Security?
I'm working with software development nowadays. As a process, we are using the dependent bot alerts and the code scanning for Java, and some of the code scanning is happening. Security secrets in c...
What advice do you have for others considering GitHub Advanced Security?
Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, ...
What is your experience regarding pricing and costs for Klocwork?
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
What needs improvement with Klocwork?
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improve...
What is your primary use case for Klocwork?
I work on tools such as Klocwork, LDRA, as well as Jira and Confluence, focusing more on the software quality assurance aspect. We use Klocwork for coding and aggregate checks. We use it for static...
 

Overview

 

Sample Customers

Information Not Available
ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
Find out what your peers are saying about GitHub Advanced Security vs. Klocwork and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.