Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Klocwork comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
3.2
HCL AppScan enhances architecture with fewer errors and improved security, achieving 50% return and 20% cost savings.
Sentiment score
6.2
Klocwork enhances code quality and compliance, improving efficiency in defect resolution, especially in automotive sectors, despite ROI measurement challenges.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
 

Customer Service

Sentiment score
6.8
HCL AppScan's support is responsive with mixed reviews, facing regional challenges and lagging behind competitors like Veracode.
Sentiment score
6.8
Klocwork's support is praised for responsiveness, effective problem-solving, and reducing user contact via comprehensive documentation, despite prioritization issues.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
 

Scalability Issues

Sentiment score
5.4
HCL AppScan is scalable yet varies by license, integration issues, infrastructure compatibility, and CI/CD pipeline design effectiveness.
Sentiment score
6.7
Klocwork is scalable, efficient, and integrates well with SAST tools, suitable for teams of all sizes without scalability issues.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
 

Stability Issues

Sentiment score
5.0
HCL AppScan is stable and reliable, with minor hardware issues, improved by recent upgrades enhancing performance and stability.
Sentiment score
6.8
Klocwork is reliable and stable, effectively handling large codebases but requires significant computing power and faster updates.
Installation is easy, and the solution is stable.
 

Room For Improvement

HCL AppScan requires improvements in vulnerability detection, usability, integration, performance, support, pricing, and language/codebase compatibility to stay competitive.
Klocwork needs improved language support, flexible reporting, better integration with Agile DevOps, and enhanced static and dynamic analysis.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
 

Setup Cost

HCL AppScan is considered expensive but cost-effective, with varied pricing opinions influenced by its premium features and discounts.
Klocwork's flexible pricing models are valued, though opinions vary on cost-effectiveness, catering to diverse organizational needs.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
 

Valuable Features

HCL AppScan detects vulnerabilities, integrates with agile processes, offers scalability, user-friendly features, and AI-enhanced rapid scanning for security.
Klocwork provides efficient static code analysis with strong IDE integration, supporting multiple languages and enhancing code quality and collaboration.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
Its integration with the CI/CD pipeline has helped streamline the software development process.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
It takes just half a day to set up.
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
15th
Ranking in Static Application Security Testing (SAST)
15th
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
Klocwork
Ranking in Application Security Tools
18th
Ranking in Static Application Security Testing (SAST)
16th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
25
Ranking in other categories
Static Code Analysis (5th)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of HCL AppScan is 2.7%, up from 2.7% compared to the previous year. The mindshare of Klocwork is 1.4%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
AnirbanSarkar - PeerSpot reviewer
Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws
What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,481 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
Manufacturing Company
25%
Computer Software Company
12%
Educational Organization
10%
Comms Service Provider
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
What do you like most about Klocwork?
It's integrated into our CI, continuous integration.
What is your experience regarding pricing and costs for Klocwork?
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
What needs improvement with Klocwork?
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improve...
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
Find out what your peers are saying about HCL AppScan vs. Klocwork and other solutions. Updated: July 2025.
861,481 professionals have used our research since 2012.