HCL AppScan and Klocwork compete in the software security and code analysis category. HCL AppScan seems to have the upper hand in support and pricing, while Klocwork is preferred for its advanced features.
Features: HCL AppScan offers extensive security testing capabilities, multiple integration options, and a user-friendly interface for a variety of applications. Klocwork provides advanced static code analysis, supports a wide range of coding languages, and offers comprehensive reporting features.
Room for Improvement: HCL AppScan needs to improve analysis speed, reduce false positives, and enhance user interface for usability. Klocwork could improve user experience with simplified setup processes, more intuitive navigation, and reducing resource consumption during analysis.
Ease of Deployment and Customer Service: HCL AppScan is recognized for straightforward deployment options and responsive customer service. Klocwork is effective in deployment but could benefit from offering more proactive and readily available support.
Pricing and ROI: HCL AppScan is competitively priced with good ROI as reported by users, offering a wide range of features at accessible pricing. Klocwork, though potentially more expensive, delivers value through robust features and is often worth its cost for companies requiring sophisticated code analysis capabilities.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
Installation is easy, and the solution is stable.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
Its integration with the CI/CD pipeline has helped streamline the software development process.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
It takes just half a day to set up.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
