What is Klocwork?
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
Download the Application Security Buyer's Guide including reviews and more. Updated: April 2021
ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
Filter Archived Reviews (More than two years old)
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Sr. Software Solution Engineer at Meteonic Innovation Pvt Ltd at Meteonic Innovation Pvt Ltd
Real UserTop 10
Jan 9, 2019
We were able to produce the non-defective code at the developer's desktop
What is our primary use case?our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler.
What other advice do I have?Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written. Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first. Take prioritized, corrective action immediately to deliver more secure and reliable code.
Real UserTop 20
Jan 2, 2019
The on-the-fly analysis reduces the time for developing code and report generation
What is our primary use case?Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead.
Find out what your peers are saying about Perforce, SonarSource, Veracode and others in Application Security. Updated: April 2021.
502,104 professionals have used our research since 2012.
Senior H.R - DevOps & Infrastructure Recruitment Consultant at Meteonic Innovation Pvt Ltd
Dec 30, 2018
Support to a vast number of IDEs and so on
What is our primary use case?My primary case would be checking for memory related issues and some null pointer issues where Klocwork is too strong in this section. We used to check these issues most often, and Klocwork is the one which provides us this clear way.
How has it helped my organization?We are very concerned about these issues for some of the critical projects which are very important for us. Using Klocwork, we have cleared all these issues without much difficulty.
What is most valuable?Its vast checkers supportability Custom checker creation Industry standards supportability Support to a vast number of IDEs and so on.
What needs improvement?Nothing much as of now. I feel Klocwork is going in a great way. The one thing I personally feel is that Klocwork must…
Software Solutions Engineer at Meteonic Innovations
Dec 12, 2018
Its strong Capability in On the fly analysis
What is our primary use case?Our primary use case is to check our Internal Standards which is always a burden because it involves lot of manual checking. We are using Klocwork for this by writing some algorithms and implementing it in Klocwork. Klocwork is very strong in this section.
Pros and Cons
- "The ability to create custom checkers is a plus."
- "I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
What other advice do I have?Support for more languages would be helpful since this is my trustworthy tool. One more advice from my side would be to do some webinars on Klocwork will be helpful for some new users.
Principle Engineer at MTSI
Aug 6, 2018
The product has a low false positive rate, but they could loosen up on their licensing
What is our primary use case?It is a static analysis tool for application security. It does more than that because it does look for code, such as a NULL pointer dereference. Basically, just attempting to get the code as clean and free of errors as possible. I think of application security as a vulnerability within the application that could actually lead to other vulnerabilities, escalation of privileges, or a hostile take-over the computer. I tend to think of denial of service attacks against an application as someone being a problem. They are denying the application from executing. Klocwork goes beyond this and finds… more »
Pros and Cons
- "I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
- "Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
- "We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."
Embedded Software Developer at a tech services company with 10,001+ employees
Apr 26, 2018
The tool has good support for static analysis
What is our primary use case?We are using Klocwork to perform static code analysis of our solutions towards an embedded project. The project is built on an RTOS, and the relevant middleware and applications are developed in C++.
Pros and Cons
- "The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
- "We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
- "The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
Senior Software Engineer at a manufacturing company
Jul 14, 2017
One of the best tools available for static analysis. There are some false warnings issued.
What other advice do I have?I recommend this tool as one of the best to be used for static analysis and should at least be tried.
Senior Embedded Software Engineer at a engineering company with 10,001+ employees
Sep 5, 2016
It provides a good set of checks for static code analysis and cybersecurity. While coding, developers see code violations. Global variables sometimes generate false positives.
What other advice do I have?A good thing is that you are rapidly ramped up and can use the tool.
Download our free Application Security Report and find out what your peers are saying about Perforce, SonarSource, Veracode, and more!
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- SAST vs. DAST: Which is better for application security testing?
- What are the OWASP top 10 in 2020?