• Home
  • CodeSonar vs. Klocwork

CodeSonar vs Klocwork comparison

Cancel
You must select at least 2 products to compare!
CodeSecure Logo
CodeSonar
Read 7 CodeSonar reviews
1,941 views|1,240 comparisons
87% willing to recommend
Perforce Logo
Klocwork
Read 20 Klocwork reviews
3,452 views|2,086 comparisons
91% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
CodeSonar vs. Klocwork
May 2024
Executive Summary

We performed a comparison between CodeSonar and Klocwork based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed CodeSonar vs. Klocwork Report (Updated: May 2024).
Download the complete report
771,212 professionals have used our research since 2012.
Featured Review
Manjunath Nada
Useful buffering and beneficial categorized classes
The solution has helped out the organization because of the buffer usage. There was a vehicle identification number that we had to configure and... Read more →
Anonymous User
Their technical team helps us get the most out of the solution, but we've faced some stability problems in our...
Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There is nice functionality for code surfing and browsing.""The most valuable feature of CodeSonar is the catching of dead code. It is helpful.""The tool is very good for detecting memory leaks.""CodeSonar’s most valuable feature is finding security threats.""What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.""It has been able to scale.""The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."

More CodeSonar Pros →

"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.""One can increase the number of vendors, so the solution is scalable.""It's integrated into our CI, continuous integration.""The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python.""The ability to create custom checkers is a plus.""Technical support is quite good.""The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time.""We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."

More Klocwork Pros →

Cons
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C.""It would be beneficial for the solution to include code standards and additional functionality for security.""It was expensive.""In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.""The scanning tool for core architecture could be improved.""In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.""There could be a shared licensing model for the users."

More CodeSonar Cons →

"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze.""Every update that we receive requires of us a lengthy and involved process.""This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages.""The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion.""I believe it should support more languages, such as Python and JavaScript.""We'd like to see integration with Agile DevOps and Agile methodologies.""Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective.""Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."

More Klocwork Cons →

Pricing and Cost Advice
  • "Pricing is a bit costly."
  • "The solution's price depends on the number of licenses needed and the source code for the project."
  • "Our organization purchased a license to use the solution."
  • "The application’s pricing is high compared to other tools."

    • More CodeSonar Pricing and Cost Advice →

  • "Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
  • "Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
  • "The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
  • "Licensing fees are paid annually, but they also have a perpetual license."
  • "There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
  • "The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
  • "This solution offers competitive pricing."

    • More Klocwork Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,212 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CodeSonar?
    Top Answer:CodeSonar’s most valuable feature is finding security threats.
    Read all 6 answers   →
    What is your experience regarding pricing and costs for CodeSonar?
    Top Answer:The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
    Read all 6 answers   →
    What needs improvement with CodeSonar?
    Top Answer:Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will… more »
    Read all 6 answers   →
    What do you like most about Klocwork?
    Top Answer:It's integrated into our CI, continuous integration.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for Klocwork?
    Top Answer:Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into… more »
    Read all 11 answers   →
    What needs improvement with Klocwork?
    Top Answer:The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all… more »
    Read all 14 answers   →
    Ranking
    21st
    out of 74 in Application Security Tools
    Views
    1,941
    Comparisons
    1,240
    Reviews
    6
    Average Words per Review
    505
    Rating
    8.2
    16th
    out of 74 in Application Security Tools
    Views
    3,452
    Comparisons
    2,086
    Reviews
    6
    Average Words per Review
    850
    Rating
    8.0
    Comparisons
    SonarQube logo
    SonarQube vs. CodeSonar
    Compared 51% of the time.
    Coverity logo
    Coverity vs. CodeSonar
    Compared 18% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. CodeSonar
    Compared 7% of the time.
    Semgrep Code logo
    Semgrep Code vs. CodeSonar
    Compared 6% of the time.
    More CodeSonar Competitors   →
    SonarQube logo
    SonarQube vs. Klocwork
    Compared 36% of the time.
    Coverity logo
    Coverity vs. Klocwork
    Compared 34% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. Klocwork
    Compared 9% of the time.
    Checkmarx One logo
    Checkmarx One vs. Klocwork
    Compared 5% of the time.
    Veracode logo
    Veracode vs. Klocwork
    Compared 4% of the time.
    More Klocwork Competitors   →
    Learn More
    CodeSecure
    Perforce
    Overview

    GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

    Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

    Sample Customers
    Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
    ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
    Top Industries
    VISITORS READING REVIEWS
    Manufacturing Company22%
    Computer Software Company16%
    University9%
    Government6%
    REVIEWERS
    Manufacturing Company50%
    Engineering Company10%
    Non Tech Company10%
    Transportation Company10%
    VISITORS READING REVIEWS
    Educational Organization39%
    Manufacturing Company19%
    Computer Software Company10%
    Financial Services Firm4%
    Company Size
    REVIEWERS
    Small Business63%
    Midsize Enterprise13%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    REVIEWERS
    Small Business52%
    Midsize Enterprise5%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise45%
    Large Enterprise46%
    Buyer's Guide
    CodeSonar vs. Klocwork
    May 2024
    Free Report: CodeSonar vs. Klocwork
    Find out what your peers are saying about CodeSonar vs. Klocwork and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,212 professionals have used our research since 2012.

    CodeSonar is ranked 21st in Application Security Tools with 7 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. CodeSonar is rated 8.2, while Klocwork is rated 8.2. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". CodeSonar is most compared with SonarQube, Coverity, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and Veracode. See our CodeSonar vs. Klocwork report.

    See our list of best Application Security Tools vendors and best Static Code Analysis vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.