Klocwork Review

We were able to produce the non-defective code at the developer's desktop

What is our primary use case?

our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler. 

How has it helped my organization?

It has helped our organization to produce the non-defective code right at the developer's desktop. So we were able to deliver releases on time.

What is most valuable?

The pre-checkin code review, industry standard checks, continuous integration (CI) and customized checkers are the most valuable features.

What needs improvement?

It would be nice to consider having more language support ability. Currently Klocwork supports C/C++, Java and C#, (Android*)

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Klocwork is very stable. i have seen Klocwork running on 40 million lines of code without any problem. 

What do I think about the scalability of the solution?

Klocwork has almost all the features what an advanced Static code analyser should have. 

How are customer service and technical support?

Customer Service:

Customer service is great. We are getting responses from support within a day. The local support (I am from India) is also good.

Technical Support:

Technical support from Klocwork is great. The Klocwork documentations are available online so we hardly contact the Klocwork support.

Which solution did I use previously and why did I switch?

We were using three Open Source static analyzers and faced lots of false-positives and false-negatives. Klocwork has given us better results with real issues.

How was the initial setup?

Setup was straightforward with the installation shields (a single .exe for Windows and .sh file for Linux).

What about the implementation team?

For the very first time, the vendor team had helped us in the deployment. Their support was great. From the second time onwards, our internal team was able to upgrade and install with the help of online documentations.

What was our ROI?

We got what we have expected. Klocwork worth the price. 

What's my experience with pricing, setup cost, and licensing?

The Klocwork tool is worth the price that they have quoted.

Which other solutions did I evaluate?

we have evaluated multiple open source tools and few commercial tools.

What other advice do I have?

Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written.

Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first.

Take prioritized, corrective action immediately to deliver more secure and reliable code.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Klocwork reviews from users
Find out what your peers are saying about Perforce, SonarSource, Veracode and others in Application Security. Updated: September 2021.
536,548 professionals have used our research since 2012.
Add a Comment
ITCS user