Veracode and Klocwork compete in the application security tools category. Veracode holds an advantage in pricing and support, while Klocwork is preferred for its advanced features.
Features: Veracode offers robust scanning capabilities, comprehensive reporting features, and straightforward solutions for quick security checks. Klocwork provides powerful debugging, advanced code review capabilities, and adaptability for complex code analysis in technical environments.
Room for Improvement: Veracode could enhance integration options with existing workflows, improve scalability, and offer better customization. Klocwork may improve in updating processes, better handling of false positives, and streamlining user experience to reduce the learning curve.
Ease of Deployment and Customer Service: Veracode has a straightforward deployment model and responsive customer service. Klocwork's deployment is more complex but comes with robust support to assist users in navigating the setup challenges.
Pricing and ROI: Veracode is known for competitive pricing and solid return on investment. Klocwork, though potentially costlier initially, is worthwhile for its feature-rich capabilities and long-term value due to its depth and complexity.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
We did see a return on investment with Veracode, as we segregated our remediation efforts, which reduced our time to delivery as well as the number of engineers needed to help us in delivering a secure solution.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
During the initial phase, there was a need for follow-ups and clarifications.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They share detailed information via email, including screenshots or further clarification about the issue.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
Installation is easy, and the solution is stable.
If the Veracode server is down, we experience many issues during the scan.
I have observed that it is not that reliable in terms of security because Veracode was not able to find some security threats in our application that existed since the product was developed.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
There are too many warnings, and it requires expertise to determine the correct category for them.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
It is less expensive than Coverity.
The solution is not very cheap, however, it is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
It's not the most expensive solution.
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
If there's a security gap, you'll never know the cost or effect.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
| Product | Mindshare (%) |
|---|---|
| Veracode | 4.4% |
| Klocwork | 1.4% |
| Other | 94.2% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 13 |
| Company Size | Count |
|---|---|
| Small Business | 69 |
| Midsize Enterprise | 45 |
| Large Enterprise | 115 |
Klocwork offers advanced static code analysis with integration capabilities for enhanced development efficiency, supporting various development environments and providing clear defect reports. It streamlines software development by reducing defects and improving code quality.
Klocwork integrates seamlessly into CI/CD pipelines, providing real-time and incremental analysis to identify and rectify code defects quickly. It supports multiple integrated development environments (IDEs) and minimizes false positives in its analysis. While primarily supporting C/C++, Java, and C#, there is a need to expand language support and enhance its static analysis engine. The tool assists in adhering to industry standards with features like automated code parsing and MISRA compliance checks. Ease of setup and collaboration capabilities further promotes efficiency, although the dashboard could benefit from user-friendly updates and better integration with Agile tools.
What are the primary features of Klocwork?Klocwork is extensively implemented in industries that prioritize software quality and security standards, particularly in environments focused on C/C++ development on Linux systems. Its capabilities in automated code parsing, traffic analysis, and support for DevOps integration make it invaluable for industries requiring strict MISRA compliance and internal standards adherence. By aiding refactoring and detecting memory-related vulnerabilities, Klocwork contributes to the maintainability and security standards in these sectors.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
