We performed a comparison between HCL AppScan and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"We leverage it as a quality check against code."
"The product has valuable features for static and dynamic testing."
"The reporting part is the most valuable feature."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"There's extensive functionality with custom rules and a custom knowledge base."
"The most valuable feature of HCL AppScan is scanning QR codes."
"One can increase the number of vendors, so the solution is scalable."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"It's integrated into our CI, continuous integration."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"The most valuable feature is the Incremental analysis."
"The ability to create custom checkers is a plus."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"Many silly false positives are produced."
"AppScan is too complicated and should be made more user-friendly."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"Sometimes it doesn't work so well."
"One thing which I think can be improved is the CI/CD Integration"
"They could add a software component analysis tool."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"I believe it should support more languages, such as Python and JavaScript."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Klocwork is ranked 18th in Application Security Tools with 20 reviews. HCL AppScan is rated 7.6, while Klocwork is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and PortSwigger Burp Suite Professional, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Checkmarx One. See our HCL AppScan vs. Klocwork report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
