Try our new research platform with insights from 80,000+ expert users

Klocwork vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.2
Klocwork enhances code quality and compliance, improving efficiency in defect resolution, especially in automotive sectors, despite ROI measurement challenges.
Sentiment score
7.2
SonarQube Server boosts productivity, stability, and security through effective code analysis and vulnerability assessment, enhancing development processes.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
We see productivity increasing based on the fact that the code review is mostly automated, allowing the developer to fix the code themselves before assigning it to someone else to review, thus receiving that ROI.
I have seen a return on the investment from SonarQube Server (formerly SonarQube) because the value it adds relates to static code analysis and vulnerability assessments needed for our FDA approval process.
 

Customer Service

Sentiment score
6.8
Klocwork's support is praised for responsiveness, effective problem-solving, and reducing user contact via comprehensive documentation, despite prioritization issues.
Sentiment score
6.2
SonarQube Server's support is valued for community resources and documentation, though free version technical support is limited.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
They showed us where we can actually get those granular level reporting extracted for Excel, which was a quick guide.
The community support is quite effective.
I would rate the technical support for SonarQube Server (formerly SonarQube) as a 10 because we have not faced any specific issues that required us to contact tech support, which is a very rare case.
 

Scalability Issues

Sentiment score
6.7
Klocwork is scalable, efficient, and integrates well with SAST tools, suitable for teams of all sizes without scalability issues.
Sentiment score
7.1
SonarQube Server efficiently scales for various user volumes and project sizes, though infrastructure demands may rise in physical setups.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
I would rate the scalability of SonarQube Server as a 10 because we can configure the server to scan multiple projects based on the number of lines.
I find SonarQube Server (formerly SonarQube) very scalable because we're able to create a new repository and integrate all the tools on that project and it just works.
 

Stability Issues

Sentiment score
6.8
Klocwork is reliable and stable, effectively handling large codebases but requires significant computing power and faster updates.
Sentiment score
7.7
SonarQube Server is highly reliable, stable with minor issues often related to plugins or environments, and rarely crashes.
Installation is easy, and the solution is stable.
I think SonarQube Server (formerly SonarQube) is stable, and we did not face any problems unless there was a power outage or if the LAN cable was plugged out.
 

Room For Improvement

Klocwork needs improved language support, flexible reporting, better integration with Agile DevOps, and enhanced static and dynamic analysis.
SonarQube Server needs better issue detection, usability, language support, integration, customizable features, and AI-driven dynamic testing enhancements.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
As soon as I see that they've got a new feature that integrates AI that is not as generative as other GenAI platforms that actually generate the code and help developers develop faster, I believe that capability is lacking.
If I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed.
 

Setup Cost

Klocwork's flexible pricing models are valued, though opinions vary on cost-effectiveness, catering to diverse organizational needs.
SonarQube Server provides cost-effective solutions for code quality, with competitive pricing and enhanced features for various project sizes.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
They always offer around a two-year contract, but we always take a one-year contract because it's expensive.
I would rate the pricing for SonarQube Server (formerly SonarQube) as an 8, where 1 is very cheap and 10 is very expensive, because Coverity is very expensive, and while SonarQube is not cheap, it is still less expensive than Coverity.
The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk.
 

Valuable Features

Klocwork provides efficient static code analysis with strong IDE integration, supporting multiple languages and enhancing code quality and collaboration.
SonarQube Server enhances code quality with language support, CI/CD integration, insightful dashboards, and an intuitive interface.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Klocwork positively impacts our organization as it's now part of our development flow, ensuring that all software we develop works as expected.
It takes just half a day to set up.
Some of the static code analysis capabilities are the most beneficial.
We use SonarQube Server's centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve.
The most valuable features of SonarQube Server (formerly SonarQube) for us include having control of the rules, enabling and disabling them.
 

Categories and Ranking

Klocwork
Ranking in Application Security Tools
18th
Ranking in Static Application Security Testing (SAST)
16th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
25
Ranking in other categories
Static Code Analysis (5th)
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
116
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Klocwork is 1.4%, down from 1.4% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 22.7%, down from 26.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

AnirbanSarkar - PeerSpot reviewer
Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws
What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.
Sthembiso Zondi - PeerSpot reviewer
Consistent improvements in code quality and security with effective integration and reliable technical support
The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
860,711 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
24%
Educational Organization
13%
Computer Software Company
13%
Comms Service Provider
5%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Klocwork?
It's integrated into our CI, continuous integration.
What is your experience regarding pricing and costs for Klocwork?
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
What needs improvement with Klocwork?
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improve...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
Information Not Available
Find out what your peers are saying about Klocwork vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: July 2025.
860,711 professionals have used our research since 2012.