We performed a comparison between Klocwork and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Technical support is quite good."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"One can increase the number of vendors, so the solution is scalable."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"The ability to create custom checkers is a plus."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The stability is great. We haven't had any issues at all with it."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"Klocwork has to improve its features to stay ahead of other free solutions."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"I believe it should support more languages, such as Python and JavaScript."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points
Klocwork is ranked 18th in Application Security Tools with 20 reviews while Trustwave App Scanner [EOL] doesn't meet the minimum requirements to be ranked in Application Security Tools. Klocwork is rated 8.0, while Trustwave App Scanner [EOL] is rated 7.6. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Trustwave App Scanner [EOL] writes "It helps us troubleshoot failed scans and incomplete statuses". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Checkmarx One, whereas Trustwave App Scanner [EOL] is most compared with .
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.