

Find out what your peers are saying about Veracode, Snyk, Black Duck and others in Software Composition Analysis (SCA).
Money saved is equal to approximately one FTE worth of manual research time per quarter.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
Some support team members are helpful, and others lack in-depth knowledge of the tool, which might cause challenges.
I interacted with customer support regarding one of my project results related to vulnerabilities and license risks, and they explained everything clearly, leaving me very satisfied.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
The processing time per new report stays consistent, experiencing no slowdowns even when we had over 200 new reports dropped in a week.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
CAST Highlight proves reliable in nature.
Installation is easy, and the solution is stable.
Understanding only the OS-specific blockers means I would avoid resolving irrelevant issues, thus saving time.
For example, showing all security quotes from healthcare companies with more than 1,000 employees over the last 90 days would enable better filtering, and exportable dashboards would streamline quarterly reviews.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
There are too many warnings, and it requires expertise to determine the correct category for them.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
It gives fresh review alerts, pinging us when new reviews come in with strong, castable quotes, so we do not miss new proof points for trending topics.
In cloud migration, I use CAST highlight to identify blockers, which are the negative road patterns, and also the boosters, which are positive code patterns.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Klocwork positively impacts our organization as it's now part of our development flow, ensuring that all software we develop works as expected.
The most valuable feature of Klocwork is its reduced setup time.
| Product | Mindshare (%) |
|---|---|
| CAST Highlight | 1.3% |
| Snyk | 11.1% |
| Black Duck SCA | 9.1% |
| Other | 78.5% |
| Product | Mindshare (%) |
|---|---|
| Klocwork | 1.5% |
| SonarQube | 12.4% |
| Checkmarx One | 8.2% |
| Other | 77.9% |

| Company Size | Count |
|---|---|
| Small Business | 2 |
| Midsize Enterprise | 1 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 13 |
CAST Highlight is a SaaS software intelligence technology that delivers rapid, fact-based insights across your entire application portfolio. By automatically analyzing the source code of hundreds or thousands of applications, CAST Highlight helps organizations assess cloud maturity, AI & Agentic readiness, software health, open source risk, resiliency, technical debt, and sustainability from a single lightweight scan.
CAST Highlight is designed for CIOs, CTOs, enterprise architects, cloud leaders, application owners, security teams, and modernization teams that need a fact-based way to prioritize modernization, cloud, and AI adoption decisions at scale. It helps teams identify which applications are ready to move quickly, which require remediation, and where hidden software risks may affect transformation cost, timelines, security, resilience, or business outcomes.
Unlike traditional manual or survey-based assessments, CAST Highlight analyzes application source code directly to rapidly segment portfolios, prioritize modernization paths, and uncover risks before they impact transformation programs.
Klocwork offers advanced static code analysis with integration capabilities for enhanced development efficiency, supporting various development environments and providing clear defect reports. It streamlines software development by reducing defects and improving code quality.
Klocwork integrates seamlessly into CI/CD pipelines, providing real-time and incremental analysis to identify and rectify code defects quickly. It supports multiple integrated development environments (IDEs) and minimizes false positives in its analysis. While primarily supporting C/C++, Java, and C#, there is a need to expand language support and enhance its static analysis engine. The tool assists in adhering to industry standards with features like automated code parsing and MISRA compliance checks. Ease of setup and collaboration capabilities further promotes efficiency, although the dashboard could benefit from user-friendly updates and better integration with Agile tools.
What are the primary features of Klocwork?Klocwork is extensively implemented in industries that prioritize software quality and security standards, particularly in environments focused on C/C++ development on Linux systems. Its capabilities in automated code parsing, traffic analysis, and support for DevOps integration make it invaluable for industries requiring strict MISRA compliance and internal standards adherence. By aiding refactoring and detecting memory-related vulnerabilities, Klocwork contributes to the maintainability and security standards in these sectors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.