If you were talking to someone whose organization is considering Klocwork, what would you say?
How would you rate it and why? Any other tips or advice?
My advice to others would be that they should determine their use case before buying the program. If they have many codes, I would not recommend it. If they have a separate project where not many codes are shared between projects, I will recommend it. I would like to see better codes between projects and a more user-friendly desktop in the next release. On a scale from one to 10, I rate this product a seven.
We use Klocwork in two different configurations, on-prem and cloud. Basically we can summarize on-premises. We connect the client directly to the server on-premises remotely. But for certain products and features, we also use a local server that is on-premise but with different configurations. In this case, the server is deployed with some rule set and configured in a certain manner locally with the second option of redirecting the connection directly to our headquarter. I would recommend the latest version. In the roadmap of the product, a lot of improvements have been made. We are currently on hold with moving over to this tool because of the license but once we're able to, we'll import our profiles from the previous version to the new one. The previous version was not compatible with the .NET framework. 4.7.2 it didn't fully consider the retargeting option of C++ I would rate Klocwork seven out of ten.
Klocwork is a good product, but keep in mind that before building the code you have to get a report. Then you use the code. If you don't need to get a report after building the source code then this is a good solution for you. I prefer this tool. I would rate Klocwork as eight out of ten.
Not much as of now.
Support for more languages would be helpful since this is my trustworthy tool. One more advice from my side would be to do some webinars on Klocwork will be helpful for some new users.
Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written. Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first. Take prioritized, corrective action immediately to deliver more secure and reliable code.
What are the OWASP Top 10 this year?
What single web app security tool (or a minimum set of tools) would you recommend for overall web app protection (from the most critical security risks covered by these Top 10)?
Let the community know what you think. Share your opinions now!