Klocwork Review

It provides a good set of checks for static code analysis and cybersecurity. While coding, developers see code violations. Global variables sometimes generate false positives.

What is most valuable?

  • Good set of checkers for static code analysis, cyber security
  • Possibility of creating custom checkers- Good and easy integration into continuous integration (CI)
  • The whole package offers a lot of possibilities: add-ons for Eclipse, standalone clients, access via web site, support, documentation, command line.

How has it helped my organization?

More and more departments are targeting static code analysis now, as they see the benefits. Klocwork with its capabilities is helping with this, providing the integration. The advantage is that while coding, developers see code violations.

What needs improvement?

  • Global variables sometimes generate false positives. Variables with global scopes sometimes produce False Positives. It means, I get violations from KW which after personal analysis turn out to be not true. At the moment it seems Klocwork is not able to track the values of variables with global scope. Thus the tool makes assumptions for the value range. It occurs that I get violations due to values which simply cannot occur > as the global variables are not tracked. This is annoying and time consuming. One simpler thing on variables with global scope: unused variables with global scope cannot be detected by checkers. This is highly recommended to have it in order to clean the code.
  • The preprocessor needs better integration for custom checkers as the tool focuses more on static code analysis; after preprocessing the file.- Updating from one version to the other takes too much time. The process somehow needs too much CPU power.
  • Once there are bugs detected and accepted by KW, it takes some time to integrate the changes. This means that what does not fit on the Rogue Wave road map is not definitely considered.

For how long have I used the solution?

I have used it for four years.

What do I think about the stability of the solution?

I did not encounter any stability issues; only that the update process takes too long. Here, the process could be speeded up.

What do I think about the scalability of the solution?

Scalability is good, from small teams to multisite project teams.

How are customer service and technical support?

Technical support is good (7/10).

Which solution did I use previously and why did I switch?

I previously used PC-lint. I switched because KW is more mature.

How was the initial setup?

Initial setup is going well; very straightforward and following its documentation.

Which other solutions did I evaluate?

I evaluated QAC/QAC++, LDRA Testbed.

What other advice do I have?

A good thing is that you are rapidly ramped up and can use the tool.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Klocwork reviews from users
Find out what your peers are saying about Perforce, SonarSource, Veracode and others in Application Security. Updated: September 2021.
536,548 professionals have used our research since 2012.
Add a Comment
ITCS user