Klocwork vs. WhiteSource

As of June 2019, Klocwork is ranked 10th in Application Security with 9 reviews vs WhiteSource which is ranked 14th in Application Security with 3 reviews. The top reviewer of Klocwork writes "The product has a low false positive rate, but they could loosen up on their licensing". The top reviewer of WhiteSource writes "Using it, we can take some measures to improve things, replace a library, or update a library which was too old". Klocwork is most compared with SonarQube, Coverity and Veracode. WhiteSource is most compared with Black Duck Hub, SonarQube and Veracode. See our Klocwork vs. WhiteSource report.
Cancel
You must select at least 2 products to compare!
Klocwork Logo
7,801 views|3,941 comparisons
WhiteSource Logo
5,150 views|3,516 comparisons
Most Helpful Review
Find out what your peers are saying about Klocwork vs. WhiteSource and other solutions. Updated: May 2019.
348,275 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The ability to create custom checkers is a plus.I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not.The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time.We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability.

Read more »

The overall support that we receive is pretty good. ​We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds.We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs.Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed.

Read more »

Cons
Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report.I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc.Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case.We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else.The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion.

Read more »

Make the product available in a very stable way for other web browsers.Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model.

Read more »

Pricing and Cost Advice
Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward.Klocwork should not to be quite so heavy handed on the licensing for very specific programs.The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money.

Read more »

We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​

Read more »

report
Use our free recommendation engine to learn which Application Security solutions are best for your needs.
348,275 professionals have used our research since 2012.
Ranking
10th
Views
7,801
Comparisons
3,941
Reviews
8
Average Words per Review
431
Avg. Rating
8.4
14th
Views
5,150
Comparisons
3,516
Reviews
3
Average Words per Review
632
Avg. Rating
8.0
Top Comparisons
Compared 40% of the time.
Compared 22% of the time.
Compared 17% of the time.
Compared 25% of the time.
Compared 18% of the time.
Compared 11% of the time.
Learn
Rogue Wave
WhiteSource
Overview

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

WhiteSource offers an agile approach to open source management.
WhiteSource is a SaaS solution that integrates with your build process and audits your open source licenses, security and more every time you run your build.

Offer
Learn more about Klocwork
Learn more about WhiteSource
Sample Customers
ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRLAutodesk, Temenos, Indeed.com, GE digital, KPMG, LivePerson, Jack Henry and Associates
Find out what your peers are saying about Klocwork vs. WhiteSource and other solutions. Updated: May 2019.
348,275 professionals have used our research since 2012.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email