Our use case for Klocwork is somewhat unusual. We're an embedded component provider for the military and aerospace market that produces single-board computers and various platforms for that. We also develop operating systems, device drivers, and low-level interfacing APIs for our hardware. Klocwork helps us achieve compliance with certification because our products must conform to DO-178 standards for aerospace and defense software. 

We primarily use Klocwork internally to measure code quality. We get code from third parties and analyze it with Klocwork to get a baseline of its quality to know if we need to improve it or leave it alone. 

I'm using the product for traffic analysis tool to check or parse our code. The tool works as a code parser to detect possible problems that can happen due to patterns in the code. 

We serve as consultants to several clients across different domains, specifically automotive, aviation, electronics, and semiconductors. Our clients require a static analysis solution to find security vulnerabilities specific to certain standards based on their industries. Hence, we support them through Klocwork to find particular vulnerabilities and adhere to industry standards.

Klocwork is more than a static analysis security testing tool because it also provides maintainability and other types of information apart from security.

It is a static analysis tool for application security. It does more than that because it does look for code, such as a NULL pointer dereference. Basically, just attempting to get the code as clean and free of errors as possible.

I think of application security as a vulnerability within the application that could actually lead to other vulnerabilities, escalation of privileges, or a hostile take-over the computer. I tend to think of denial of service attacks against an application as someone being a problem. They are denying the application from executing.

Klocwork goes beyond this and finds things like coding problems, such as you need to divide by zero. 

I'm a product architect and belong to a classic management system team. We're a Klocwork customer. We have around 50-60 developers in the team and I'm involved in the utilization of the tool and I am familiar with its capability. We've just started using the latest version which is the first one that's compatible with .NET framework 4.7.2. The previous version was not fully compatible with Visual Studio 2017.

In our case, the use is for static code analysis for each baseline in order to see what kind of violation we have.

Parallel to that, we use the results and apply some refactoring in order to solve this violation. For us, the violation is considered the highest priority according to our risk assessment model.

We are using the latest version.

We use the solution for regular code scanning for C and C++, as well as for MISRA rules

Klocwork is part of the DevOps process. It is scaling the code on every request.

We are involved in implementing the applying and supporting Klocwork for various customers as we are a Klokwork partner. Klocwork is an advanced static code analysis tool also used to detect all possible vulnerabilities that are present in the source code.

Klocwork is part of our automated system, continuously improving the pipeline. Whenever the software is merged into the project control system, it is going to reduce Klocwork scanning automatically.

Our primary use case of Klocwork is for static project analysis and for getting ratios.

We are using it for C and C++ to find security vulnerabilities in our source code. It is a static application security testing (SAST) tool.

our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler. 

Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead. 

One more is on the fly analysis which is the most important feature which Klocwork provides I believe. 

Our primary use case is to check our Internal Standards which is always a burden because it involves lot of manual checking. We are using Klocwork for this by writing some algorithms and implementing it in Klocwork. Klocwork is very strong in this section.

Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead.

We currently use Klocwork mainly for static code analysis.

My primary case would be checking for memory related issues and some null pointer issues where Klocwork is too strong in this section. We used to check these issues most often, and Klocwork is the one which provides us this clear way.

We are using Klocwork to perform static code analysis of our solutions towards an embedded project. The project is built on an RTOS, and the relevant middleware and applications are developed in C++.