Klocwork vs Veracode Comparison 2024

Klocwork

Veracode

Klocwork

Read 20 Klocwork reviews

3,452 views|2,086 comparisons

Veracode

Read 194 Veracode reviews

25,312 views|17,157 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Klocwork vs. Veracode

May 2024

Executive Summary

We performed a comparison between Klocwork and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Klocwork vs. Veracode Report (Updated: May 2024).

Download the complete report

771,170 professionals have used our research since 2012.

Featured Review

Anonymous User

Principle engineer at a manufacturing company

Their technical team helps us get the most out of the solution, but we've faced some stability problems in our...

Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution... Read more →

Evan Gertis

Penetration Tester at a tech vendor

Enables us to provide a certificate showing stakeholders and potential customers the proof that we take security...

My case is different from other individuals. I worked for a startup, so we had to find a way to capitalize on all the resources in Veracode. Larger... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The most valuable feature is the Incremental analysis.""There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself.""It's integrated into our CI, continuous integration.""There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely.""One can increase the number of vendors, so the solution is scalable.""On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.""The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python.""The ability to create custom checkers is a plus."

More Klocwork Pros →

"Veracode creates a list of issues. You can go through them one by one and click through to a new window with all the information about the issue discovered.""It's comprehensive from a feature standpoint.""Static Scanning is the most valuable feature of Veracode.""The feature I like most in Veracode is that it clearly specifies the line in the entire file where a vulnerability is found.""The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy.""Veracode is a valuable tool in our secure SDLC process.""When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are.""It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase."

More Veracode Pros →

Cons

"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc.""The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion.""We'd like to see integration with Agile DevOps and Agile methodologies.""The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze.""Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective.""Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages.""Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case.""Klocwork has to improve its features to stay ahead of other free solutions."

More Klocwork Cons →

"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict.""Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas.""The scanning could be improved, because some scans take a bit of time.""They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages.""Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans.""I would like Veracode to add more language support."

More Veracode Cons →

Pricing and Cost Advice

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."

"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."

"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

"Licensing fees are paid annually, but they also have a perpetual license."

"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."

"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."

"This solution offers competitive pricing."

More Klocwork Pricing and Cost Advice →

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"The pricing is pretty high."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

"It's worth the value"

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

More Veracode Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See Recommendations

771,170 professionals have used our research since 2012.

Questions from the Community

What do you like most about Klocwork?

Top Answer:It's integrated into our CI, continuous integration.

Read all 9 answers →

What is your experience regarding pricing and costs for Klocwork?

Top Answer:Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into… more »

Read all 11 answers →

What needs improvement with Klocwork?

Top Answer:The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all… more »

Read all 14 answers →

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The SAST and DAST modules are great.

Read all 96 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Read all 66 answers →

Ranking

16th

out of 74 in Application Security Tools

Views

3,452

Comparisons

2,086

Reviews

Average Words per Review

850

Rating

8.0

2nd

out of 74 in Application Security Tools

Views

25,312

Comparisons

17,157

Reviews

101

Average Words per Review

989

Rating

8.1

Comparisons

SonarQube vs. Klocwork

Compared 36% of the time.

Coverity vs. Klocwork

Compared 34% of the time.

Polyspace Code Prover vs. Klocwork

Compared 9% of the time.

CodeSonar vs. Klocwork

Compared 5% of the time.

Parasoft SOAtest vs. Klocwork

Compared 3% of the time.

More Klocwork Competitors →

SonarQube vs. Veracode

Compared 26% of the time.

Checkmarx One vs. Veracode

Compared 14% of the time.

Fortify on Demand vs. Veracode

Compared 7% of the time.

Snyk vs. Veracode

Compared 6% of the time.

OWASP Zap vs. Veracode

Compared 4% of the time.

More Veracode Competitors →

Also Known As

Crashtest Security , Veracode Detect

Learn More

Perforce

Veracode

Overview

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Top Industries

REVIEWERS

Manufacturing Company50%

Engineering Company10%

Non Tech Company10%

Transportation Company10%

VISITORS READING REVIEWS

Educational Organization39%

Manufacturing Company19%

Computer Software Company10%

Financial Services Firm4%

REVIEWERS

Computer Software Company26%

Financial Services Firm23%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Financial Services Firm18%

Computer Software Company15%

Manufacturing Company8%

Government6%

Company Size

REVIEWERS

Small Business52%

Midsize Enterprise5%

Large Enterprise43%

VISITORS READING REVIEWS

Small Business8%

Midsize Enterprise45%

Large Enterprise46%

REVIEWERS

Small Business31%

Midsize Enterprise20%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise13%

Large Enterprise70%

Buyer's Guide

Klocwork vs. Veracode

May 2024

Free Report: Klocwork vs. Veracode

Find out what your peers are saying about Klocwork vs. Veracode and other solutions. Updated: May 2024.

DOWNLOAD NOW

771,170 professionals have used our research since 2012.

Klocwork is ranked 16th in Application Security Tools with 20 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Klocwork is rated 8.2, while Veracode is rated 8.2. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Parasoft SOAtest, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Klocwork vs. Veracode report.

See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Static Code Analysis vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Klocwork vs Veracode comparison