We performed a comparison between Klocwork and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"Technical support is quite good."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"One can increase the number of vendors, so the solution is scalable."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"Its ease of use and good results are the most valuable."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"Klocwork has to improve its features to stay ahead of other free solutions."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"The UI is not that friendly and you need to learn how to navigate easily."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
Klocwork is ranked 18th in Application Security Tools with 20 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Klocwork is rated 8.2, while Mend.io is rated 8.4. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Checkmarx One, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Veracode. See our Klocwork vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.