We compared SonarQube and Klocwork based on our user's reviews in several parameters.
SonarQube is lauded for its versatility, simplicity, and integration capabilities, offering comprehensive features and usability enhancements. Users praise its customer service and support, reasonable pricing, and positive ROI. Klocwork is valued for its code analysis, real-time notifications, integration options, and reporting functionality. Both tools have areas for improvement such as analysis speed and user interface refinement.
Features: SonarQube offers valuable features such as support for multiple languages, integration with DevOps pipelines, and comprehensive code quality parameters. On the other hand, Klocwork focuses on code analysis capabilities, real-time notifications, and comprehensive reporting functionality.
Pricing and ROI: SonarQube's setup cost is considered straightforward and easy, with users appreciating the simplicity of the process. In contrast, user thoughts on Klocwork's setup cost remain unspecified, leaving uncertainty about its ease and simplicity., SonarQube's ROI lies in its ability to improve code quality, efficiency, and project success, while Klocwork's ROI is indicated by positive user reviews.
Room for Improvement: Areas for improvement in SonarQube include enhancing analysis speed, refining user interface for better navigation, clearer instructions for setup and configuration, improving documentation for advanced functionalities, addressing occasional performance issues, and enhancing integration options. Users have provided suggestions for improvement and identified aspects that require attention in Klocwork.
Deployment and customer support: Based on user feedback, SonarQube takes an average of three months for deployment and one week for setup, while Klocwork varies with some users taking three months for deployment and one week for setup, and others taking one week for both deployment and setup., SonarQube's customer service stands out with exceptional support, prompt and knowledgeable assistance, responsiveness, and willingness to go above and beyond. Users have expressed confidence in its reliability and added value. On the other hand, Klocwork's customer service has been highly praised for excellent assistance, prompt and attentive response, knowledge and expertise, reliable support, effective solutions, and commitment to customer satisfaction.
The summary above is based on 40 interviews we conducted recently with SonarQube and Klocwork users. To access the review's full transcripts, download our report.
"One can increase the number of vendors, so the solution is scalable."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The ability to create custom checkers is a plus."
"Technical support is quite good."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"The most valuable function is its usability."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
"All the features of the solution are quite good."
"SonarQube is scalable. My company has 50 users."
"My focus is mainly on the DevOps pipeline side of things, and from my perspective, the ease of use and configuration is valuable. It is pretty straightforward to take a deployment pipeline or CI/CD pipeline and integrate SonarQube into it."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"Klocwork has to improve its features to stay ahead of other free solutions."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"Every update that we receive requires of us a lengthy and involved process."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"I believe it should support more languages, such as Python and JavaScript."
"The product's user documentation can be vastly improved."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"I would like to see more options for security, beyond the basics like SQL injection."
"When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"Code security scanning could be improved."
Klocwork is ranked 16th in Application Security Tools with 20 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Klocwork is rated 8.2, while SonarQube is rated 8.0. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Klocwork is most compared with Coverity, Polyspace Code Prover, CodeSonar, Checkmarx One and Veracode, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and CAST Highlight. See our Klocwork vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
