Klocwork OverviewUNIXBusinessApplication

Klocwork is the #10 ranked solution in AST tools and #12 ranked solution in application security solutions. PeerSpot users give Klocwork an average rating of 8.2 out of 10. Klocwork is most commonly compared to SonarQube: Klocwork vs SonarQube. Klocwork is popular among the large enterprise segment, accounting for 73% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 22% of all views.
Buyer's Guide

Download the Application Security Tools Buyer's Guide including reviews and more. Updated: November 2022

What is Klocwork?

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Klocwork Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Klocwork Video

Klocwork Pricing Advice

What users are saying about Klocwork pricing:
  • "The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
  • "This solution offers competitive pricing."
  • "There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
  • "Licensing fees are paid annually, but they also have a perpetual license."
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
  • Klocwork Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    AnirbanSarkar - PeerSpot reviewer
    Head - Solution Management Group at Meteonic Innovation Pvt. Ltd.
    Real User
    Top 5Leaderboard
    Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws
    Pros and Cons
    • "The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
    • "What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."

    What is our primary use case?

    We serve as consultants to several clients across different domains, specifically automotive, aviation, electronics, and semiconductors. Our clients require a static analysis solution to find security vulnerabilities specific to certain standards based on their industries. Hence, we support them through Klocwork to find particular vulnerabilities and adhere to industry standards.

    Klocwork is more than a static analysis security testing tool because it also provides maintainability and other types of information apart from security.

    What is most valuable?

    The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies.

    I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python.

    What needs improvement?

    What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity.

    What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.

    For how long have I used the solution?

    I've been working on Klocwork since 2007.

    Buyer's Guide
    Application Security Tools
    November 2022
    Find out what your peers are saying about Perforce, Sonar, Veracode and others in Application Security Tools. Updated: November 2022.
    655,711 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    Klocwork is a very stable solution. It's been in the market since 2003 with gradual improvements and some challenges in the middle because of the handover from Klocwork to Rogue Wave and Perforce, but as a product, Klocwork is stable.

    What do I think about the scalability of the solution?

    Regarding scalability, Klocwork isn't precisely like Acunetix because Klocwork is a static analysis solution for source code, while Acunetix is a web application testing solution that tests your URLs. You can compare Klocwork stability-wise with Coverity, particularly for a small team that's expanding, and in that case, Klocwork is scalable and very simple to upgrade.

    How are customer service and support?

    Klocwork has a presence in more than forty-eight countries, so technical support is available in over thirty countries. If you don't have a support line in your country, there's a nearby country with Klocwork technical support than can provide support to your country in your time zone.

    My team hasn't seen any client that raised a ticket that hasn't been addressed immediately, and even my team is also responsible for providing immediate support at times.

    I'd give Klocwork technical support a five on a scale of one to five.

    How was the initial setup?

    The initial setup for Klocwork is very straightforward, and it's the same as other static analysis tools. As the initial setup is easy, it's a five out of five for me. I didn't observe any glitches when setting up Klocwork.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it.

    The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website.

    My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork.

    My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me.

    Which other solutions did I evaluate?

    I evaluated Coverity. When comparing Coverity with Klocwork, Coverity has a significant advantage in filtering. Still, Klocwork is not exactly a tool to be compared with other SAST tools in the market. After all, it's not only a security analysis tool because it also provides you with reliability, maintainability, and other benefits apart from security.

    Klocwork, which is part of Perforce that has around twenty product lines, is also systematic in terms of providing support and its offerings when compared to Coverity because Coverity, which is part of Synopsys, clumps certain products together to make it a bigger bundle, making it a bit complex for some people to understand.

    This is also the case with Checkmarx. Klocwork is more straightforward with its offerings compared to other products.

    Another pro of Klocwork is you can buy one license for all features and languages, which makes deployment and support simpler, so it's not complicated, unlike with Checkmarx, where you have to buy separate licenses.

    What other advice do I have?

    I have hands-on experience with Klocwork.

    I've been heading the Klocwork operations in India since 2007, so I know the product inside out.

    My company has a team of fifteen to twenty users of Klocwork, but the actual count differs at any point in time, but I can say there's a team of six to ten people, including myself, actively involved in the product.

    As there's always room for improvement, my rating for Klocwork is nine out of ten.

    My company is a partner of Perforce, the parent company of Klocwork.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Senior Product Specialist at a tech services company with 51-200 employees
    Real User
    Top 10Leaderboard
    On-the-fly analysis and incremental analysis are the best parts, and its detection rate is very high for C and C++
    Pros and Cons
    • "On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
    • "Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."

    What is our primary use case?

    We are using it for C and C++ to find security vulnerabilities in our source code. It is a static application security testing (SAST) tool.

    What is most valuable?

    On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.

    What needs improvement?

    Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages. 

    I would like to see some more new guidelines added. As you know, this Klocwork tool is fully compliant with MISRA, CERT, and CWE, but a few coding guidelines are still not supported by Klocwork.

    For how long have I used the solution?

    I have been using it for around eight years.

    What do I think about the stability of the solution?

    We have been using Klocwork for many years. That itself speaks of its stability in our organization.

    What do I think about the scalability of the solution?

    We have been trying to scale up this particular tool. We are not only using Klocwork. We are also using other SAST solutions because security cannot be handled by only using one particular tool. Klocwork is the oldest one, but we are using SonarQube and Coverity to filter out more and more defects from our source code. So, it's not really scalable itself, but with the help of other tools, we managed to scale to organization needs.

    Currently, we have nine users who are using it in our organization. It is used once a week to give the reports to our security team, and they act on those reports to filter out all the vulnerabilities.

    How are customer service and support?

    They're hyperresponsive. They have regular calls to see what exactly we are doing with Klocwork and how we are doing. They are super responsive. They are knowledgeable. I would rate them a five out of five.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I used Kiuwan earlier, but I used it for open source. It was primarily to find open sources in our entire source code. It supports modern languages. It has more languages than Klocwork.

    How was the initial setup?

    It is an on-premise solution. It is not very difficult to set up on our premises. It is easy to install and easy to use. I would rate it a five out of five in terms of the setup.

    What other advice do I have?

    If your source code is in C or C++, you should be using Klocwork. We have compared the results of different tools like SonarQube and Coverity with Klocwork. Klocwork was able to find a better number of defects in the source code than SonarQube and Coverity. At times, both Coverity and SonarQube missed some of the defects such as null pointer dereference, memory leak issues, etc. The detection rate of Klocwork is very high for C and C++.

    I would rate Klocwork an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Application Security Tools
    November 2022
    Find out what your peers are saying about Perforce, Sonar, Veracode and others in Application Security Tools. Updated: November 2022.
    655,711 professionals have used our research since 2012.
    SivaneshWaran - PeerSpot reviewer
    Head of Customer Succes at a tech services company with 51-200 employees
    Real User
    Top 10
    Advanced static code analysis tool that assists developers in highlighting defects in real time
    Pros and Cons
    • "There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
    • "This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."

    What is our primary use case?

    We are involved in implementing the applying and supporting Klocwork for various customers as we are a Klokwork partner. Klocwork is an advanced static code analysis tool also used to detect all possible vulnerabilities that are present in the source code.

    What is most valuable?

    There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself. This means that you don't have to wait for the development to finish and waste that time. This provides efficiency. 

    Klocwork also has various plugins available for development tools and they work seamlessly. Our clients often opt for Klocwork due to its accuracy of results and the continuous addition of new features. 

    What needs improvement?

    This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages. 

    In a future release, we would like to have architecture management added.

    For how long have I used the solution?

    We have been using this solution for ten years.

    What do I think about the stability of the solution?

    This is a stable solution and is a specific feature that this solution is well known for. 

    What do I think about the scalability of the solution?

    This is a scalable solution and can be deployed to suit any requirement of a customer. We have customers using 1,200 Klocwork licenses, which is served through only one license server.

    How are customer service and support?

    The customer support team are responsive and provide support via email and phone. 

    I would rate them a five out of five. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward. We can complete the entire deployment in less than 30 minutes and it does not involve any manual configuration. It is fully automated. I have completed more than 100 deployments and have not faced any issues. 

    Once Klocwork is installed and configured as part of your automation pattern, there is no maintenance required. 

    What's my experience with pricing, setup cost, and licensing?

    This solution offers competitive pricing. 

    Which other solutions did I evaluate?

    Klocwork does data flow analysis and is proven to be more accurate. It also supports many industry standards like MISRA, OWASP, CERT and AUTOSAR which many other tools do not. It can also be used to deliver internal coding guidelines. 

    What other advice do I have?

    I would rate this solution a nine out of ten. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner / Integrator / Reseller
    Flag as inappropriate
    PeerSpot user
    Sr. Test Engineering Manager - Embedded Linux SW / RF at a comms service provider with 51-200 employees
    Real User
    Top 5Leaderboard
    Useful code analysis, straightforward implementation, but more features needed
    Pros and Cons
    • "Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
    • "Klocwork has to improve its features to stay ahead of other free solutions."

    What is our primary use case?

    Klocwork is part of our automated system, continuously improving the pipeline. Whenever the software is merged into the project control system, it is going to reduce Klocwork scanning automatically.

    What is most valuable?

    Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem.

    What needs improvement?

    Klocwork has to improve its features to stay ahead of other free or low-cost solutions, like Visual Studio Code Analyzer.

    For how long have I used the solution?

    I have used Klocwork within the last 12 months.

    What do I think about the stability of the solution?

    Klocwork is a stable solution but the performance could improve when compared to other solutions.

    How are customer service and support?

    I have used the support from Klocwork. There was a transition time when we started using the solution which was not smooth. However, we didn't need to report any problems after that.

    Which solution did I use previously and why did I switch?

    I have previously used Apple Xcode and Microsoft Visual Studio static code analysis and then JetBrains ReSharper type of the code analysis from the third-party tool, which is much cheaper than the Klocwork. Additionally, they are faster. I do not think we will be using Klocwork for much longer.

    How was the initial setup?

    Klocwork was straightforward to implement and took us a half-day to implement and the upgrade took less time.

    What's my experience with pricing, setup cost, and licensing?

    There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value.

    Klocwork is an expensive solution.

    What other advice do I have?

    When we first purchased Klocwork I would have rated it a nine or ten out of ten. However, because of the performance of the execution and cost, I would no longer rate it that high.

    I rate Klocwork a six out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    VP Delivery & Customer Success at a computer software company with 11-50 employees
    Real User
    Top 20
    Mature, saves time in finding defects, and is simple to maintain
    Pros and Cons
    • "The most valuable feature is the Incremental analysis."
    • "I believe it should support more languages, such as Python and JavaScript."

    What is our primary use case?

    Klocwork is part of the DevOps process. It is scaling the code on every request.

    How has it helped my organization?

    It saves a lot of time when it comes to finding defects, it's basically inputted in every access we do.

    What is most valuable?

    The most valuable feature is the Incremental analysis.

    What needs improvement?

    I believe it should support more languages, such as Python and JavaScript.

    I would like to see dynamic analysis as well.

    For how long have I used the solution?

    I have been working with Klocwork for seven years.

    We are using version 2021.2.

    What do I think about the stability of the solution?

    Klocwork is very stable and very mature.

    What do I think about the scalability of the solution?

    It is very scalable.

    In our organization, we have 50 users.

    It is used on a daily basis. It's one of the most important tools that every developer has.

    How are customer service and support?

    The support is good. We have no problems with the support.

    Which solution did I use previously and why did I switch?

    We used Coverity in the past, but they shifted their focus, and we switched to Klocwork.

    How was the initial setup?

    The initial setup is straightforward.

    It is simple to set up and can be done by any developer.

    The initial deployment took a couple of days.

    We have one person, working half-time to maintain this solution. That is all that is needed.

    What about the implementation team?

    I didn't require any assistance because I installed it myself.

    What was our ROI?

    We have seen a return on investment. Each developer invests at least half an hour a day less on defects. 

    What's my experience with pricing, setup cost, and licensing?

    Licensing fees are paid annually, but they also have a perpetual license.

    There are no additional costs.

    What other advice do I have?

    I would recommend, first creating a baseline of their source code with all of the issues, and then handling the new issues on a daily basis while gradually resolving the old ones.

    I would rate Klocwork a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Deputy Manager Quality Assurance at eInfochips
    Reseller
    Top 10
    Easy installation for regular code scanning of C, C++ and MISRA rules, but updates are lengthy and involved
    Pros and Cons
    • "Technical support is quite good."
    • "Every update that we receive requires of us a lengthy and involved process."

    What is our primary use case?

    We are using the latest version.

    We use the solution for regular code scanning for C and C++, as well as for MISRA rules

    What needs improvement?

    When an upgrade is carried out it must be done on both the server and client side, which can make it a bit hectic for all projects to be configured on the private server. Every update that we receive requires of us a lengthy and involved process.

    The project reporting status dashboard should also be addressed. As I am on the compliance team, I must open every project to resolve all issues.  The solution does not provide consolidated views. Meanwhile, Kuiwan has a very good feature on its dashboard.

    Moreover, Klocwork makes a limited number of languages available to the user, only four. In addition, a good consolidated dashboard, in respect of compliance, would be nice to see.

    For how long have I used the solution?

    I have been working with Klocwork for seven or eight years.

    How are customer service and technical support?

    Technical support is quite good. We have a vendor partner in India and they do a good job of supporting us. 

    How was the initial setup?

    Klocwork was easy to install. But, as we are using an on-premises server, our client's configuration needs are different. Since this is on the user's machine the installation part is easy. Yet, the receipt of frequent updates means that time which could be spent on the project side is consumed by that of development.

    What's my experience with pricing, setup cost, and licensing?

    When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server. The former is more cost effective than the latter. 

    What other advice do I have?

    We are currently using SonarQube for other languages, those of Python and Android.

    At present, we make use of both the Klocwork and SonarQube tools. However, as we wish to have a combined tool, we are planning to switch to Kuiwan.

    I rate Klocwork as a seven out of 10. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
    PeerSpot user
    Buyer's Guide
    Download our free Application Security Tools Report and find out what your peers are saying about Perforce, Sonar, Veracode, and more!
    Updated: November 2022
    Buyer's Guide
    Download our free Application Security Tools Report and find out what your peers are saying about Perforce, Sonar, Veracode, and more!