We performed a comparison between Fortify on Demand and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It helps deploy and track changes easily as per time-to-time market upgrades."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The licensing was good."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"We have the option to test applications with or without credentials."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"One can increase the number of vendors, so the solution is scalable."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"There are many false positives identified by the solution."
"Takes up a lot of resources which can slow things down."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"I would like the solution to add AI support."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"Klocwork has to improve its features to stay ahead of other free solutions."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. Fortify on Demand is rated 8.0, while Klocwork is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and Snyk. See our Fortify on Demand vs. Klocwork report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.