Klocwork and OpenText Static Application Security Testing are two leading static analysis tools. OpenText seems to have the upper hand due to its robust feature set, although Klocwork is favored for its cost-effectiveness and customer service.
Features: Klocwork offers on-the-fly analysis, custom checkers, and CI/CD pipeline integration, with incremental analysis and IDE plugins enhancing development efficiency. OpenText excels with wide-ranging language support and integration in various development environments, praised for its accuracy in detecting vulnerabilities and providing remediation guidance.
Room for Improvement: Klocwork should expand language support and enhance handling of global variables and false positives. Other improvements could include more modern language integration and additional checkers. OpenText could reduce false positives and improve deployment processes, with further interface refinement and expanded language compatibility enhancing usability.
Ease of Deployment and Customer Service: Klocwork predominantly deploys on-premises, offering good technical assistance globally, appreciated for its documentation and community support. OpenText provides flexible deployment options, including hybrid cloud configurations, with strong technical support. While both have strong customer service, Klocwork’s responsive localized support is a notable advantage.
Pricing and ROI: Klocwork is recognized for cost-effectiveness, offering competitive pricing appealing to small businesses and enterprises, with ROI seen in compliance and development efficiency. OpenText, though more expensive, justifies its premium with extensive features, robust performance, and comprehensive security capabilities, making it a worthwhile investment despite being a potential barrier for smaller organizations.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
The technical support has been good because we always received answers to our questions.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
Fortify Static Code Analyzer integrates well and is scalable.
Installation is easy, and the solution is stable.
The stability of Fortify Static Code Analyzer is generally good.
I would rate the product stability as an eight.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
There are too many warnings, and it requires expertise to determine the correct category for them.
We are not ready to transfer our code without control to AI instruments.
It would be really helpful to include trending vulnerabilities and how to manage them.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
| Product | Market Share (%) |
|---|---|
| Klocwork | 5.5% |
| OpenText Static Application Security Testing | 7.4% |
| Other | 87.1% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 3 |
| Large Enterprise | 11 |
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
