• Home
  • Klocwork vs. Veracode

Klocwork vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Perforce Logo
Klocwork
Read 20 Klocwork reviews
3,452 views|2,086 comparisons
91% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|17,157 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Klocwork vs. Veracode
May 2024
Executive Summary

We performed a comparison between Klocwork and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Klocwork vs. Veracode Report (Updated: May 2024).
Download the complete report
771,170 professionals have used our research since 2012.
Featured Review
Anonymous User
Their technical team helps us get the most out of the solution, but we've faced some stability problems in our...
Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution... Read more →
Everton Yoshitani
I like the ease of integration and onboarding
Veracode helps us improve our overall security and build trust with our customers. For example, some of our customers have strict security... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself.""The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time.""The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time.""There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely.""The most valuable feature is the Incremental analysis.""I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not.""The ability to create custom checkers is a plus.""We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."

More Klocwork Pros →

"The integration capabilities with our existing development tools are very good.""I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc.""The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen.""To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors.""The most valuable feature is detecting security vulnerabilities in the project.""We use it to get our scan results and see where our software is vulnerable or not vulnerable.""The coverage of the last vulnerabilities reported.""The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."

More Veracode Pros →

Cons
"I would like to see better codes between projects and a more user-friendly desktop in the next release.""Klocwork has to improve its features to stay ahead of other free solutions.""We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else.""The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion.""This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages.""The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze.""Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages.""We'd like to see integration with Agile DevOps and Agile methodologies."

More Klocwork Cons →

"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had.""Veracode would benefit greatly from more training resources. The videos are great, but I would like more hands-on training writing a script, validating a script with a unit test in a different language, etc. That's something that would be very valuable.""Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis.""Veracode Static Analysis lacks penetration testing, so that's a concern. The tool is also unable to scan when it's a C or C++ model, so that's another area for improvement.""Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues.""The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity.""The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement.""I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."

More Veracode Cons →

Pricing and Cost Advice
  • "Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
  • "Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
  • "The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
  • "Licensing fees are paid annually, but they also have a perpetual license."
  • "There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
  • "The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
  • "This solution offers competitive pricing."

    • More Klocwork Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,170 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Klocwork?
    Top Answer:It's integrated into our CI, continuous integration.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for Klocwork?
    Top Answer:Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into… more »
    Read all 11 answers   →
    What needs improvement with Klocwork?
    Top Answer:The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all… more »
    Read all 14 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    16th
    out of 74 in Application Security Tools
    Views
    3,452
    Comparisons
    2,086
    Reviews
    6
    Average Words per Review
    850
    Rating
    8.0
    2nd
    out of 74 in Application Security Tools
    Views
    25,312
    Comparisons
    17,157
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. Klocwork
    Compared 36% of the time.
    Coverity logo
    Coverity vs. Klocwork
    Compared 34% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. Klocwork
    Compared 9% of the time.
    CodeSonar logo
    CodeSonar vs. Klocwork
    Compared 5% of the time.
    Parasoft SOAtest logo
    Parasoft SOAtest vs. Klocwork
    Compared 3% of the time.
    More Klocwork Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    OWASP Zap logo
    OWASP Zap vs. Veracode
    Compared 4% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    Perforce
    Veracode
    Overview

    Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Manufacturing Company50%
    Engineering Company10%
    Non Tech Company10%
    Transportation Company10%
    VISITORS READING REVIEWS
    Educational Organization39%
    Manufacturing Company19%
    Computer Software Company10%
    Financial Services Firm4%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business52%
    Midsize Enterprise5%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise45%
    Large Enterprise46%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Klocwork vs. Veracode
    May 2024
    Free Report: Klocwork vs. Veracode
    Find out what your peers are saying about Klocwork vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,170 professionals have used our research since 2012.

    Klocwork is ranked 16th in Application Security Tools with 20 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Klocwork is rated 8.2, while Veracode is rated 8.2. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Parasoft SOAtest, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Klocwork vs. Veracode report.

    See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Static Code Analysis vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.