Klocwork offers advanced static code analysis with integration capabilities for enhanced development efficiency, supporting various development environments and providing clear defect reports. It streamlines software development by reducing defects and improving code quality.
| Product | Mindshare (%) |
|---|---|
| Klocwork | 1.5% |
| SonarQube | 12.7% |
| Checkmarx One | 8.3% |
| Other | 77.5% |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube | 4.0 | 12.7% | 84% | 135 interviewsAdd to research |
| Snyk | 4.1 | 5.0% | 100% | 51 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 11 |
| Company Size | Count |
|---|---|
| Small Business | 160 |
| Midsize Enterprise | 67 |
| Large Enterprise | 274 |
Klocwork integrates seamlessly into CI/CD pipelines, providing real-time and incremental analysis to identify and rectify code defects quickly. It supports multiple integrated development environments (IDEs) and minimizes false positives in its analysis. While primarily supporting C/C++, Java, and C#, there is a need to expand language support and enhance its static analysis engine. The tool assists in adhering to industry standards with features like automated code parsing and MISRA compliance checks. Ease of setup and collaboration capabilities further promotes efficiency, although the dashboard could benefit from user-friendly updates and better integration with Agile tools.
What are the primary features of Klocwork?Klocwork is extensively implemented in industries that prioritize software quality and security standards, particularly in environments focused on C/C++ development on Linux systems. Its capabilities in automated code parsing, traffic analysis, and support for DevOps integration make it invaluable for industries requiring strict MISRA compliance and internal standards adherence. By aiding refactoring and detecting memory-related vulnerabilities, Klocwork contributes to the maintainability and security standards in these sectors.
ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
| Author info | Rating | Review Summary |
|---|---|---|
| Manager, Quality, Functional Safety, Cybersecurity Embedded Processing at a manufacturing company with 10,001+ employees | 3.5 | I use Klocwork for coding, static analysis, and compliance checks, integrating it into our CI/CD pipeline. It's user-friendly and enhances our development flow. However, its static analysis engine needs improvement, and competitors sometimes find more issues. It boosts compliance and efficiency. |
| Director - Quality Excellence at a manufacturing company with 501-1,000 employees | 4.5 | I use Klocwork to identify defects and vulnerabilities in code. Its reduced setup time and informative user interface are valuable, though it occasionally generates too many warnings. Despite this, it’s more efficient than Coverity for failure categorization. |
| Senior Software Engineering Manager at a tech vendor with 10,001+ employees | 4.5 | I use Klocwork to boost code quality and streamline development. It's stable, support is helpful, and setup is fairly simple. While there's room for improvement, I find its features effective and would rate it 9 out of 10. |
| Integration Supervisor Lead at a manufacturing company with 5,001-10,000 employees | 4.0 | I primarily use Klocwork for early vulnerability detection due to its faster setup and better debugging capabilities compared to Coverity. Despite too many warnings requiring expertise, its easy integration and quick setup make it advantageous. |
| Application Development Team Lead at Miura Pay | 3.0 | We primarily use Klocwork for static analysis, which is valuable for identifying potential security threats and errors. While it integrates well into our CI pipeline, improvements like Git notifications would enhance its utility. We chose Klocwork for its effectiveness and support. |
| Principal Software Engineer at Valeo | 4.0 | I use Klocwork for traffic analysis and code parsing to detect potential problems. It's easy to integrate and automate in our CI environment, but it generates many warnings requiring analysis. We also use Polyspace for areas needing higher quality verification. |
| Principle engineer at a manufacturing company with 10,001+ employees | 3.5 | We use Klocwork for compliance with DO-178 standards in the aerospace market, benefiting from solid support and insightful reporting. Integration was simple, improving our software quality and confidence, although streamlined update processes could enhance user experience. |
| Head - Solution Management Group at Meteonic Innovation Pvt. Ltd. | 4.5 | I value Klocwork for real-time defect detection and broad analysis. It's stable, scalable, with great support and competitive pricing. However, I believe its dashboard and reporting need improvement, and I'd like to see its Cahoots and architecture analysis features return. |
| Head of Customer Succes at a tech services company with 51-200 employees | 5.0 | As a Klocwork partner, we've implemented and supported this advanced static code analysis tool for detecting code vulnerabilities. Its valuable features include on-the-fly analysis and seamless development tool integration. Improvement is needed in language support and architecture management. |
| Sr. Test Engineering Manager - Embedded Linux SW / RF at a comms service provider with 51-200 employees | 3.0 | I find Klocwork's static code analysis valuable and setup was easy. However, its performance is slow, and it's expensive compared to free alternatives. I'm considering discontinuing its use due to diminishing value and high cost. |
I work on tools such as Klocwork, LDRA, as well as Jira and Confluence, focusing more on the software quality assurance aspect.
We use Klocwork for coding and aggregate checks. We use it for static analysis, MISRA compliance, and for HIS metrics as well. We also now use it for the software SBOM.
Klocwork is user-friendly, with a client-server architecture that provides all needed compliance. It also offers CLI options for integration with Jenkins and automation.
Its integration with the CI/CD pipeline has helped streamline the software development process. We have included Klocwork as part of our Bitbucket pull request, which gives us insights into overnight issues or changes when pulling in or pushing new code. Klocwork positively impacts our organization as it's now part of our development flow, ensuring that all software we develop works as expected.
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improvement.
Customers using different static analysis tools report more issues than with Klocwork, indicating that Klocwork's engine is not as superior.
Klocwork should be able to analyze large codebases efficiently, supporting a desktop version for periodic small delta changes before pushing to the server.
I have around 5 years of experience with Klocwork.
I would rate Klocwork's technical support around 4 to 5 because they have a paid service model for faster responses, while the standard service is more on a ticket basis.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
Neutral
I have not used different software for composition before Klocwork.
The initial setup of Klocwork was complex, but now the team has adapted because we built the whole infrastructure around it.
There was a learning curve initially.
I have seen a return on investment with Klocwork. The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
I cannot provide exact numbers, but overall, the quality has improved.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
We have not evaluated other products similar to Klocwork, but we may consider doing so.
I do not have experience with Black Duck's Polaris software and QMetry. QMetry is used internally for Adaptivist Test Management for Jira.
In the last 2 years, I have not been using another SCA solution or any other testing products. I do not have experience with JFrog or Snyk.
LDRA and Klocwork are the main tools I use. Black Duck serves a different purpose than Klocwork and is not in direct comparison to it.
On a scale of 1-10, I rate Klocwork a 7.
I utilize Klocwork for identifying defects and early vulnerabilities in the code, conducting code checks, and categorizing and fixing failures.
The most valuable feature of Klocwork is its reduced setup time. It takes around half a day to set up, making it easier to debug and categorize failures. It provides priority and criticality information in the user interface and is faster to set up compared to Coverity.
Every product has room for improvement. Klocwork sometimes provides too many additional warnings which require expertise to manage. Follow-ups are often needed. The support for plugins also needs to be evaluated.
I have been using Klocwork for around one year.
Klocwork requires substantial computing power, especially when used with the Android framework and higher versions like Android 13 onwards.
The program-to-program enablement is scalable, however, the in-depth usage and categorization are still under evaluation.
Vendor support is okay, however, I do not deal directly with them in my current role. During the initial phase when I did interact with the vendor, the support was satisfactory.
I previously used Coverity but switched to Klocwork since it is faster to set up and offers better features for categorizing failures.
The initial setup of Klocwork is quite easy, taking less than a day.
Klocwork is not expensive, but neither is it very cheap. It is less expensive than Coverity.
I would rate Klocwork at eight out of ten. The main concern is the excessive warnings and the need to evaluate plugin support.
Currently, my use cases for Klocwork are focused on improving our code quality and streamlining development processes.
When comparing Klocwork to other solutions, determining their respective strengths would require a detailed assessment, but overall I find Klocwork's features superior for our needs.
For the kind of reviews that we are doing, we need to consider points of improvement and evaluate what Klocwork can do better as of now.
I have not contacted the technical support directly since I have not encountered major issues, but the stability has been satisfactory overall.
I would rate the support out of 10 as a solid 8, as they have been responsive and helpful.
Positive
The reviewer was asked about experience with alternative solutions.
For someone who does not have any experience with Klocwork and is deploying the solution for the first time, it can be straightforward, though consideration should be given to the deployment team size requirements, whether one person can handle a small project, or if a team is necessary.
A comparison between Klocwork and alternative solutions would require detailed assessment.
When starting with Klocwork, new users should consider their specific requirements and implementation approach. I rate Klocwork a 9 out of 10.
I primarily use Klocwork to detect and find early vulnerabilities in the code. It performs code checks and allows me to fix issues. It provides priority and criticality ratings and displays these in the user interface. I moved from Coverity to Klocwork since it is faster and has a shorter setup time.
The best advantage of Klocwork is the reduced setup time. It takes just half a day to set up. It is quite easy for me to debug the failures and categorize them compared to Coverity. Integration enablement is easier and really good. Installation is straightforward, and the setup time is very short.
There are too many warnings, and it requires expertise to determine the correct category for them.
Additionally, I have not fully explored the plugins supported by Klocwork, which I need to evaluate further.
I have been using Klocwork for about one year.
Installation is easy, and the solution is stable. It requires a significant amount of computing power. Low computing does not work as effectively.
The solution is scalable from program to program, yet in-depth usage and categorization are still under evaluation.
Vendor support is adequate. During the initial phase, there was a need for follow-ups and clarifications, which sometimes required multiple calls.
Neutral
I used Coverity before moving to Klocwork since of the more efficient setup time and better debugging capabilities.
The initial setup is straightforward and takes less time than expected.
The solution is not very cheap, however, it is less expensive than Coverity.
To fully evaluate, I need to look into how far plugins are supported. I rate Klocwork an eight out of ten.
The main concern is the numerous warnings, which require expertise to manage.
Our primary use case for Klocwork is static analysis. It highlights potential warnings and errors, assisting us in confirming there isn't anything obviously wrong with our code.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors. It highlights areas that require attention, ensuring safe and error-free code development. We have integrated Klocwork into our CI pipeline and development environment, although we haven't fully utilized all its capabilities.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits. Currently, this feature is absent, but we have suggested it to the team.
We have been working with Klocwork for about a year.
Klocwork runs on all our projects without stability issues.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
Neutral
We did a comparative analysis and chose Klocwork over other solutions based on pricing, quality, and support.
The initial setup of Klocwork was quite easy and took only a couple of days.
Klocwork was competitively priced, making it a cost-effective solution for us.
We considered other organizations before deciding on Klocwork.
I rate Klocwork six out of ten. Even though it does the job, there's room for feature enhancements, such as integrations with Git for better tracking and notifications.
I'm using the product for traffic analysis tool to check or parse our code. The tool works as a code parser to detect possible problems that can happen due to patterns in the code.
The project is very easy to integrate into our development environment that we use to develop the code. It's very easy to integrate and run on your code. It doesn't take much time to set up. It finds all possible problems that can happen within your code. It helps develop better-quality software.
It's also integrated into our CI, continuous integration. It can be automated as part of pushing the code onto the branch.
The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all possible problems in the code. However, many are not actual problems. So you need to analyze and check if certain items flagged can lead to an actual problem or not. Since it's only static, it doesn't run the code itself and there's always a huge number of findings. You have to analyze all of them to know which ones can lead to actual problems.
The organization has been using the solution for five years. I've used it maybe for four years or so.
This is a stable product.
The solution is scalable. Part of the product is checking the measure rules. It's actually configurable. You can configure which rules you want.
We're only developing in C language. I'm not sure what it offers for different coding languages, however, it likely can scale across languages as well.
We are a multinational corporation and have about 1,500 engineers using the solution.
Technical support is very good. They are very supportive. In my case, they have been excellent.
Positive
I've also used Polyspace. Klocwork is cheaper. However, we do use the Code Prover feature from Polyspace. Klocwork only works statically. Polyspace's Code Prover actually runs the code so when it finds a problem, it's actually a problem. The issue is that it takes a lot of time to set up and is much harder. Therefore, we use a combination of both solutions. We use Klocwork for all our code and Polyspace for areas that require more quality standards.
The solution is very easy to install. The basic installation for your project would maybe take one or two days. Then, for each run, it would just take a couple of minutes. Just one person is needed to deploy the solution.
The product is easy to maintain. One person is enough for the setup. Each person developing the code will have the setup integrated and can run the analysis and get a report.
Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into licensing.
We are end-users.
I'd advise users to remember that they need to analyze the static analysis. Just because the product flags something doesn't mean something is wrong. You have to be mindful. If you try to fix all the findings you might have other problems.
I'd rate the solution eight out of ten.
Our use case for Klocwork is somewhat unusual. We're an embedded component provider for the military and aerospace market that produces single-board computers and various platforms for that. We also develop operating systems, device drivers, and low-level interfacing APIs for our hardware. Klocwork helps us achieve compliance with certification because our products must conform to DO-178 standards for aerospace and defense software.
We primarily use Klocwork internally to measure code quality. We get code from third parties and analyze it with Klocwork to get a baseline of its quality to know if we need to improve it or leave it alone.
Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution is not critical to our organized stations because we don't produce the end solutions. However, it allows us to reassure our customers that we're providing them with a solid basis they can build upon within their processes and procedures.
Our customers have their own standards to follow. We don't use it to enforce coding standards because we take things from various places, and the standards change depending on the type of tech.
Our upgrade procedure is coarse, and it requires the client sites to be updated at the same time. We must upgrade in one step, and we're dealing with UK and NIS cybersecurity requirements. We must go through the certification each time, and it's becoming more difficult.
The solution drives developers not to introduce any more errors. We use third-party software to decide whether to fix or analyze what Klocwork provides us. Engineers sometimes question what Klocwork flags, and they must go through that exercise. I like that because it prompts the engineers to think about development, and finding something to spark a discussion is often hard. The tool provides an interesting perspective.
It provides insights that can help new people who join the team. If they try to push code to the system with errors, Klocwork makes them pause and question what they're doing. Klocwork shortens the development cycle and process of third-party reviews by about five percent because the code is a little cleaner. Usually, it will go to review with more people involved. It eliminates some review work because Klocwork provides the individual engineer with insight.
The money saved would be difficult to quantify based on our current utilization of Klocwork. It helps at a fundamental level, reducing the time needed to get to the implementation phase.
In addition to the value we get from the solution itself, we benefit significantly from working with the Klocwork team. When we require support and clarity on how to best use Klocwork in specific conditions and environments, their team advises us on how to use the solution optimally.
The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time.
Klocwork adequately does what we need it to do. It hasn't performed as well as we would have liked in a few edge cases. We went to Klocwork and discussed those issues with them. Ultimately, it gives us confidence. That's what Klocwork is for.
Integrating Klocwork into our development cycle was relatively simple. It only took a few hours to get it to run and to analyze something for the first time. Klocwork can monitor what is built. It can see all the conditions that are compiled or defined within that build process and the files that have been utilized.
Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective.
Maybe there could be a process by which the clients can update themselves as they reconnect to the new server when there's a new version available and install all of the tools currently within that installation environment.
We've used Klocwork on and off since about 2017.
We've been a split organization because we were recently acquired by another company, so our network infrastructure has changed, and there are more firewalls between infrastructure sites.
The communications protocols Klocwork uses between the client's server and admin tools are not authenticating every time, and it could time out for some reason. We haven't raised a ticket, but that's something we've noticed. We were hoping to get better infrastructure, and maybe that would change the dynamics.
It's a problem as we continue to develop the team between various sites. The server is located in a different region, and we can't move it due to server security requirements.
I rate Klocwork support a nine out of ten. We always get help when we need it.
Positive
We used Helix QAC and LDRA. We decided to use Klocwork because we had a good relationship with the vendor. We were already using it in our normal development environment, and we wanted to take up the preferred activity. The idea was to do both with the same tool. The sub-team was already learning Klocwork, so it made sense for the entire organization to have one product instead of using multiple solutions.
It's hard to measure ROI because compliance is a requirement. The return we get is that Klocwork makes it easier to comply with regulations. We get support in supplying compliance documentation to demonstrate this.
Generally speaking, we also get a return on investment in the form of confidence. The code our engineers produce is of a higher quality. The structure is more refined, reducing some costs associated with low-quality code. We don't sell our software directly to customers, so it's challenging to quantify a monetary return precisely.
It's relatively expensive for our use case because Klocwork isn't central to our output. We're a hardware manufacturing company, so we aren't delivering software solutions. It's difficult for the organization to put a price tag on the software's value. We're not an enterprise software organization. We don't have hundreds of engineers working on software that directly generates revenue.
I rate Klocwork a seven out of ten. I rate Klocwork a seven because of the way we use it. We do not use all the capabilities. It's more solution-oriented, and that's not how we leverage it.
It's designed to meet different standards and provide specific capabilities depending on what each business hopes to get out of it. That flexibility is what makes me lean toward an eight rating. If you know exactly what you want to achieve and your marketplace, then that would be great. However, the process of getting the tool to be what you want it to be is why I rate it as a seven. It can do whatever you need if you invest in it.
I like static code analysis and think it's suitable for development teams. It's like an impartial third party providing you with insight and information. In this day and age, it's good to have some insight and to question what you're doing. I'd recommend it from the point of view that it provides the insights you need.
You must understand what your business needs are to compare Klocwork with competing products. The Klocwork infrastructure offers flexibility and historical knowledge of trends and changes in the build.
Understanding the problems you are trying to solve and engaging Klocwork's technical team about how the solution can work for you is critical. Klocwork knows how to solve your concerns, and they will give you confidence in the tool itself.
We serve as consultants to several clients across different domains, specifically automotive, aviation, electronics, and semiconductors. Our clients require a static analysis solution to find security vulnerabilities specific to certain standards based on their industries. Hence, we support them through Klocwork to find particular vulnerabilities and adhere to industry standards.
Klocwork is more than a static analysis security testing tool because it also provides maintainability and other types of information apart from security.
The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies.
I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python.
What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity.
What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.
I've been working on Klocwork since 2007.
Klocwork is a very stable solution. It's been in the market since 2003 with gradual improvements and some challenges in the middle because of the handover from Klocwork to Rogue Wave and Perforce, but as a product, Klocwork is stable.
Regarding scalability, Klocwork isn't precisely like Acunetix because Klocwork is a static analysis solution for source code, while Acunetix is a web application testing solution that tests your URLs. You can compare Klocwork stability-wise with Coverity, particularly for a small team that's expanding, and in that case, Klocwork is scalable and very simple to upgrade.
Klocwork has a presence in more than forty-eight countries, so technical support is available in over thirty countries. If you don't have a support line in your country, there's a nearby country with Klocwork technical support than can provide support to your country in your time zone.
My team hasn't seen any client that raised a ticket that hasn't been addressed immediately, and even my team is also responsible for providing immediate support at times.
I'd give Klocwork technical support a five on a scale of one to five.
The initial setup for Klocwork is very straightforward, and it's the same as other static analysis tools. As the initial setup is easy, it's a five out of five for me. I didn't observe any glitches when setting up Klocwork.
The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it.
The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website.
My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork.
My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me.
I evaluated Coverity. When comparing Coverity with Klocwork, Coverity has a significant advantage in filtering. Still, Klocwork is not exactly a tool to be compared with other SAST tools in the market. After all, it's not only a security analysis tool because it also provides you with reliability, maintainability, and other benefits apart from security.
Klocwork, which is part of Perforce that has around twenty product lines, is also systematic in terms of providing support and its offerings when compared to Coverity because Coverity, which is part of Synopsys, clumps certain products together to make it a bigger bundle, making it a bit complex for some people to understand.
This is also the case with Checkmarx. Klocwork is more straightforward with its offerings compared to other products.
Another pro of Klocwork is you can buy one license for all features and languages, which makes deployment and support simpler, so it's not complicated, unlike with Checkmarx, where you have to buy separate licenses.
I have hands-on experience with Klocwork.
I've been heading the Klocwork operations in India since 2007, so I know the product inside out.
My company has a team of fifteen to twenty users of Klocwork, but the actual count differs at any point in time, but I can say there's a team of six to ten people, including myself, actively involved in the product.
As there's always room for improvement, my rating for Klocwork is nine out of ten.
My company is a partner of Perforce, the parent company of Klocwork.
We are involved in implementing the applying and supporting Klocwork for various customers as we are a Klokwork partner. Klocwork is an advanced static code analysis tool also used to detect all possible vulnerabilities that are present in the source code.
There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself. This means that you don't have to wait for the development to finish and waste that time. This provides efficiency.
Klocwork also has various plugins available for development tools and they work seamlessly. Our clients often opt for Klocwork due to its accuracy of results and the continuous addition of new features.
This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages.
In a future release, we would like to have architecture management added.
We have been using this solution for ten years.
This is a stable solution and is a specific feature that this solution is well known for.
This is a scalable solution and can be deployed to suit any requirement of a customer. We have customers using 1,200 Klocwork licenses, which is served through only one license server.
The customer support team are responsive and provide support via email and phone.
I would rate them a five out of five.
Positive
The initial setup is straightforward. We can complete the entire deployment in less than 30 minutes and it does not involve any manual configuration. It is fully automated. I have completed more than 100 deployments and have not faced any issues.
Once Klocwork is installed and configured as part of your automation pattern, there is no maintenance required.
This solution offers competitive pricing.
Klocwork does data flow analysis and is proven to be more accurate. It also supports many industry standards like MISRA, OWASP, CERT and AUTOSAR which many other tools do not. It can also be used to deliver internal coding guidelines.
I would rate this solution a nine out of ten.
Klocwork is part of our automated system, continuously improving the pipeline. Whenever the software is merged into the project control system, it is going to reduce Klocwork scanning automatically.
Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem.
Klocwork has to improve its features to stay ahead of other free or low-cost solutions, like Visual Studio Code Analyzer.
I have used Klocwork within the last 12 months.
Klocwork is a stable solution but the performance could improve when compared to other solutions.
I have used the support from Klocwork. There was a transition time when we started using the solution which was not smooth. However, we didn't need to report any problems after that.
I have previously used Apple Xcode and Microsoft Visual Studio static code analysis and then JetBrains ReSharper type of the code analysis from the third-party tool, which is much cheaper than the Klocwork. Additionally, they are faster. I do not think we will be using Klocwork for much longer.
Klocwork was straightforward to implement and took us a half-day to implement and the upgrade took less time.
There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value.
Klocwork is an expensive solution.
When we first purchased Klocwork I would have rated it a nine or ten out of ten. However, because of the performance of the execution and cost, I would no longer rate it that high.
I rate Klocwork a six out of ten.
