• Home
  • Klocwork vs. Veracode

Klocwork vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Perforce Logo
Klocwork
Read 20 Klocwork reviews
3,452 views|2,086 comparisons
91% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|17,157 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Klocwork vs. Veracode
May 2024
Executive Summary

We performed a comparison between Klocwork and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Klocwork vs. Veracode Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Anonymous User
Their technical team helps us get the most out of the solution, but we've faced some stability problems in our...
Klocwork created an environment where the engineers have checks and balances as they develop and progress through our release process. The solution... Read more →
Sai Srinivas B
Makes our code secure and integrates well with GitHub
There are multiple ways to use Veracode. We can use Veracode directly in our ID environment, and we can use it in the UI environment in our... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself.""We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability.""The most valuable feature is the Incremental analysis.""It's integrated into our CI, continuous integration.""The ability to create custom checkers is a plus.""There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely.""On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.""I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."

More Klocwork Pros →

"It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in.""The solution is stable. we've never had any issues surrounding its stability.""The time savings has been tremendous. We saw ROI in the first six months.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.""The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.""It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that.""The source composition analysis had very good reporting.""One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."

More Veracode Pros →

Cons
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity.""Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report.""The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion.""I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc.""Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages.""Klocwork has to improve its features to stay ahead of other free solutions.""I would like to see better codes between projects and a more user-friendly desktop in the next release.""Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."

More Klocwork Cons →

"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced.""Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans.""In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology.""The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""We use Ruby on Rails and we still don't have any support for that from Veracode.""The scanning takes a lot of time to complete.""If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."

More Veracode Cons →

Pricing and Cost Advice
  • "Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
  • "Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
  • "The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
  • "When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
  • "Licensing fees are paid annually, but they also have a perpetual license."
  • "There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
  • "The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
  • "This solution offers competitive pricing."

    • More Klocwork Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Klocwork?
    Top Answer:It's integrated into our CI, continuous integration.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for Klocwork?
    Top Answer:Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into… more »
    Read all 11 answers   →
    What needs improvement with Klocwork?
    Top Answer:The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all… more »
    Read all 14 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    16th
    out of 74 in Application Security Tools
    Views
    3,452
    Comparisons
    2,086
    Reviews
    6
    Average Words per Review
    850
    Rating
    8.0
    2nd
    out of 74 in Application Security Tools
    Views
    25,312
    Comparisons
    17,157
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. Klocwork
    Compared 36% of the time.
    Coverity logo
    Coverity vs. Klocwork
    Compared 34% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. Klocwork
    Compared 9% of the time.
    CodeSonar logo
    CodeSonar vs. Klocwork
    Compared 5% of the time.
    Parasoft SOAtest logo
    Parasoft SOAtest vs. Klocwork
    Compared 3% of the time.
    More Klocwork Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    OWASP Zap logo
    OWASP Zap vs. Veracode
    Compared 4% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    Perforce
    Veracode
    Overview

    Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Manufacturing Company50%
    Engineering Company10%
    Non Tech Company10%
    Transportation Company10%
    VISITORS READING REVIEWS
    Educational Organization39%
    Manufacturing Company19%
    Computer Software Company10%
    Financial Services Firm4%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business52%
    Midsize Enterprise5%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise45%
    Large Enterprise46%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Klocwork vs. Veracode
    May 2024
    Free Report: Klocwork vs. Veracode
    Find out what your peers are saying about Klocwork vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    Klocwork is ranked 16th in Application Security Tools with 20 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Klocwork is rated 8.2, while Veracode is rated 8.2. The top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and Parasoft SOAtest, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Klocwork vs. Veracode report.

    See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Static Code Analysis vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.