We just raised a $30M Series A: Read our story

Klocwork OverviewUNIXBusinessApplication

Klocwork is #17 ranked solution in AST tools and #20 ranked solution in application security tools. IT Central Station users give Klocwork an average rating of 8 out of 10. Klocwork is most commonly compared to SonarQube: Klocwork vs SonarQube. The top industry researching this solution is Computer Software Company, accounting for 28% of all views.
What is Klocwork?

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: October 2021

Klocwork Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Klocwork Video

Pricing Advice

What users are saying about Klocwork pricing:
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

Klocwork Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Real Klocwork User
TMS Product Architect with 10,001+ employees
Real User
Top 5
Enables us to resolve violations but it needs integration with Agile DevOps and Agile methodologies

Pros and Cons

  • "There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
  • "We'd like to see integration with Agile DevOps and Agile methodologies."

What is our primary use case?

I'm a product architect and belong to a classic management system team. We're a Klocwork customer. We have around 50-60 developers in the team and I'm involved in the utilization of the tool and I am familiar with its capability. We've just started using the latest version which is the first one that's compatible with .NET framework 4.7.2. The previous version was not fully compatible with Visual Studio 2017.

In our case, the use is for static code analysis for each baseline in order to see what kind of violation we have.

Parallel to that, we use the results and apply some refactoring in order to solve this violation. For us, the violation is considered the highest priority according to our risk assessment model.

What needs improvement?

For an improved product, we'd like to see integration with Agile DevOps and Agile methodologies. Some capability of the tool that allows us to trigger the status analysis report based on actions like regular builds. We would like to have better integration with Microsoft Agile DevOps tools. This would save us a lot of time. In addition, we also sometimes experience issues with false-positive detections - phantom issues.

For the previous version, we realized it wasn't possible to have a quick dashboard for the number of violations. A feature like business intelligence or code coverage could be included. 

For how long have I used the solution?

I've been using Klocwork since I joined the company over two years ago.

What do I think about the stability of the solution?

We consider it a stable product.

What do I think about the scalability of the solution?

I didn't have the chance to test it deeply.

How are customer service and technical support?

I haven't had direct contact with technical support. 

Which solution did I use previously and why did I switch?

Where I worked previously we used SonarQube. I have also used the Microsoft standard rule set by Visual Studio. 

How was the initial setup?

The initial setup is quite straightforward and the configuration from the client-side is also simple. The more difficult part aspect relates to the definition of the rule sets. For instance, if we want to compare a list of rule sets coming from external sources other than Klocwork we don't have native tools. We need to bring the profile list from Microsoft or from another static analysis tool or measuring tool and embed it inside Klocwork. The profiles need to be merged using Excel or something similar.

What about the implementation team?

They provide support and knowledge about the tool. So if we are not able to use a particular function, we ask the central team.

What's my experience with pricing, setup cost, and licensing?

I'm not involved in the financial or licensing aspect of the solution. 

What other advice do I have?

We use Klocwork in two different configurations, on-prem and cloud. Basically we can summarize on-premises. We connect the client directly to the server on-premises remotely. But for certain products and features, we also use a local server that is on-premise but with different configurations. In this case, the server is deployed with some rule set and configured in a certain manner locally with the second option of redirecting the connection directly to our headquarter.

I would recommend the latest version. In the roadmap of the product, a lot of improvements have been made. We are currently on hold with moving over to this tool because of the license but once we're able to, we'll import our profiles from the previous version to the new one.

The previous version was not compatible with the .NET framework. 4.7.2 it didn't fully consider the retargeting option of C++

I would rate Klocwork seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AA
Software Chief Engineer at a transportation company with 10,001+ employees
Real User
Top 20
It allows our team members to collaborate, but the codes between projects need to improve

Pros and Cons

  • "One can increase the number of vendors, so the solution is scalable."
  • "I would like to see better codes between projects and a more user-friendly desktop in the next release."

What is our primary use case?

Our primary use case of Klocwork is for static project analysis and for getting ratios.

What is most valuable?

I really like Klocwork's server client build because it allows collaboration between the team members. It takes the ratios and it has a portal where one can justify the issues.

What needs improvement?

There are many things that can be improved. The code used between projects is one of the very painful points in Klocwork. So if you are using a code and the product is shared between projects, you have to analyze the different projects just to comment if it is good or to justify it in the different projects. And the solutions they provide for the issues, are not fully correct. So this is the main issue is using the code between projects.

For how long have I used the solution?

I have been using Klocwork for around four months now.

What do I think about the stability of the solution?

I think the solution is fairly stable. We've had some issues in the GUI, and even in the server portal and in the server application. We've also had issues with an outside application that is  also a GUI client. So I will say it is stable but there are some issues.

What do I think about the scalability of the solution?

One can increase the number of vendors, so the solution is scalable. We currently have around 3,000 users.

How are customer service and technical support?

We don't deal with the technical team directly, because we have a service line. So if I have an issue, we report to our service line and they report to the technical support team.

How was the initial setup?

The initial setup wasn't complex - it was really straightforward.

What other advice do I have?

My advice to others would be that they should determine their use case before buying the program. If they have many codes, I would not recommend it. If they have a separate project where not many codes are shared between projects, I will recommend it. 

I would like to see better codes between projects and a more user-friendly desktop in the next release. 

On a scale from one to 10, I rate this product a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Perforce, SonarSource, Veracode and others in Application Security. Updated: October 2021.
543,424 professionals have used our research since 2012.
SP
Deputy Manager Quality Assurance at eInfochips
Reseller
Top 20
Easy installation for regular code scanning of C, C++ and MISRA rules, but updates are lengthy and involved

Pros and Cons

  • "Technical support is quite good."
  • "Every update that we receive requires of us a lengthy and involved process."

What is our primary use case?

We are using the latest version.

We use the solution for regular code scanning for C and C++, as well as for MISRA rules

What needs improvement?

When an upgrade is carried out it must be done on both the server and client side, which can make it a bit hectic for all projects to be configured on the private server. Every update that we receive requires of us a lengthy and involved process.

The project reporting status dashboard should also be addressed. As I am on the compliance team, I must open every project to resolve all issues.  The solution does not provide consolidated views. Meanwhile, Kuiwan has a very good feature on its dashboard.

Moreover, Klocwork makes a limited number of languages available to the user, only four. In addition, a good consolidated dashboard, in respect of compliance, would be nice to see.

For how long have I used the solution?

I have been working with Klocwork for seven or eight years.

How are customer service and technical support?

Technical support is quite good. We have a vendor partner in India and they do a good job of supporting us. 

How was the initial setup?

Klocwork was easy to install. But, as we are using an on-premises server, our client's configuration needs are different. Since this is on the user's machine the installation part is easy. Yet, the receipt of frequent updates means that time which could be spent on the project side is consumed by that of development.

What's my experience with pricing, setup cost, and licensing?

When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server. The former is more cost effective than the latter. 

What other advice do I have?

We are currently using SonarQube for other languages, those of Python and Android.

At present, we make use of both the Klocwork and SonarQube tools. However, as we wish to have a combined tool, we are planning to switch to Kuiwan.

I rate Klocwork as a seven out of 10. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate