Klocwork Overview

Klocwork is the #16 ranked solution in our list of AST tools. It is most often compared to SonarQube: Klocwork vs SonarQube

What is Klocwork?

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: April 2021

Klocwork Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Klocwork Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sr. Software Solution Engineer at Meteonic Innovation Pvt Ltd at Meteonic Innovation Pvt Ltd
Real User
Top 10
We were able to produce the non-defective code at the developer's desktop

What is our primary use case?

our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler.

What other advice do I have?

Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written. Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first. Take prioritized, corrective action immediately to deliver more secure and reliable code.
.Net Developer at Sure Shield Infotech
Real User
Top 20
The on-the-fly analysis reduces the time for developing code and report generation

What is our primary use case?

Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead.
Find out what your peers are saying about Perforce, SonarSource, Veracode and others in Application Security. Updated: April 2021.
502,104 professionals have used our research since 2012.
Senior H.R - DevOps & Infrastructure Recruitment Consultant at Meteonic Innovation Pvt Ltd
Real User
Support to a vast number of IDEs and so on

What is our primary use case?

My primary case would be checking for memory related issues and some null pointer issues where Klocwork is too strong in this section. We used to check these issues most often, and Klocwork is the one which provides us this clear way.

How has it helped my organization?

We are very concerned about these issues for some of the critical projects which are very important for us. Using Klocwork, we have cleared all these issues without much difficulty.

What is most valuable?

Its vast checkers supportability Custom checker creation Industry standards supportability Support to a vast number of IDEs and so on.

What needs improvement?

Nothing much as of now. I feel Klocwork is going in a great way. The one thing I personally feel is that Klocwork must…
RA
Software Solutions Engineer at Meteonic Innovations
User
Top 10
Its strong Capability in On the fly analysis

What is our primary use case?

Our primary use case is to check our Internal Standards which is always a burden because it involves lot of manual checking. We are using Klocwork for this by writing some algorithms and implementing it in Klocwork. Klocwork is very strong in this section.

Pros and Cons

  • "The ability to create custom checkers is a plus."
  • "I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."

What other advice do I have?

Support for more languages would be helpful since this is my trustworthy tool. One more advice from my side would be to do some webinars on Klocwork will be helpful for some new users.
BD
Principle Engineer at MTSI
Real User
The product has a low false positive rate, but they could loosen up on their licensing

What is our primary use case?

It is a static analysis tool for application security. It does more than that because it does look for code, such as a NULL pointer dereference. Basically, just attempting to get the code as clean and free of errors as possible. I think of application security as a vulnerability within the application that could actually lead to other vulnerabilities, escalation of privileges, or a hostile take-over the computer. I tend to think of denial of service attacks against an application as someone being a problem. They are denying the application from executing. Klocwork goes beyond this and finds… more »

Pros and Cons

  • "I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
  • "Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."
  • "We bought Klocwork, but it was limited to one little program, but the program is now sort of failing. So, we have a license for usage on a program that is sort of failing, and we really can't use the license on anything else."

What other advice do I have?

Make sure before you go to a new major upgrade of Klocwork that you copy your database. Shut down Klocwork and all of its services. Then, back up the database before you decide to migrate, or before you decide to run the JavaScript that checks databases. Back it up first, before you do anything. Otherwise, you could lose everything. The databases are finicky.
Embedded Software Developer at a tech services company with 10,001+ employees
Real User
The tool has good support for static analysis

What is our primary use case?

We are using Klocwork to perform static code analysis of our solutions towards an embedded project. The project is built on an RTOS, and the relevant middleware and applications are developed in C++.

Pros and Cons

  • "The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
  • "We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
  • "The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
Senior Software Engineer at a manufacturing company
Vendor
One of the best tools available for static analysis. There are some false warnings issued.

What other advice do I have?

I recommend this tool as one of the best to be used for static analysis and should at least be tried.
Senior Embedded Software Engineer at a engineering company with 10,001+ employees
Real User
It provides a good set of checks for static code analysis and cybersecurity. While coding, developers see code violations. Global variables sometimes generate false positives.

What other advice do I have?

A good thing is that you are rapidly ramped up and can use the tool.