OpenText Core Application Security and Klocwork compete in the application security domain. Klocwork has the upper hand with reliable static code analysis and better customer support.
Features: OpenText Core Application Security provides dynamic application security testing, real-time dashboards, and integration into development pipelines. Klocwork is noted for its static code analysis, on-the-fly defect detection, and deep integration into CI processes.
Room for Improvement: OpenText Core Application Security could improve integration with incident management and enhance reporting features. Klocwork needs better false positive management, expanded language support, and enhanced dashboards.
Ease of Deployment and Customer Service: OpenText offers deployment across on-premises, public, and hybrid clouds. Klocwork focuses on on-premises and private cloud options. Users find OpenText's customer service internationally accessible but report mixed satisfaction. Klocwork's customer service is highly rated, but licensing is seen as restrictive.
Pricing and ROI: OpenText Core Application Security has flexible pricing but is seen as costly, justified by its comprehensive features. Klocwork is competitively priced and offers a cost-effective solution with flexible licensing models.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
I had direct interaction with them, which facilitated how we onboarded Fortify.
Support tickets often stay open for one month to three months, which leads to customer frustration.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
If a customer wants to know the tools and the technology used for their application to scan their application, they provide less information on that.
Installation is easy, and the solution is stable.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
It would be beneficial if Fortify could check for CVEs (Common Vulnerabilities and Exposures) in third-party libraries, which I currently use a separate dependency checker tool for.
One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together.
It would be better for Fortify on Demand if they could analyze not only the security pillar but also maintainability, portability, and reliability, covering all pillars of ISO 25000.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
The solution is not very cheap, however, it is less expensive than Coverity.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
The most valuable feature of Klocwork is its reduced setup time.
Additionally, you can integrate Fortify in CICD pipeline, so you get real-time updates about the security issues in your pipeline.
On demand you have two levels of reports: the first from the tool, which is the same as we can get from Fortify on-premises, and a next level reporting made by experts from OpenText, leading to a more condensed and precise report as level three.
Fortify helps me find serious issues, such as developers inadvertently leaving access tokens, including API access tokens, in the source code.
| Product | Market Share (%) |
|---|---|
| OpenText Core Application Security | 3.4% |
| Klocwork | 1.4% |
| Other | 95.2% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 17 |
| Midsize Enterprise | 8 |
| Large Enterprise | 44 |
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.
OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.
What features define OpenText Core Application Security?Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
