Klocwork vs OWASP Zap comparison

Perforce and OWASP are both solutions in the Static Application Security Testing (SAST) category. Perforce is ranked #13 with an average rating of 8.4, while OWASP is ranked #11 with an average rating of 7.7. Perforce holds a 1.8% mindshare in SAST, compared to OWASP’s 5.1% mindshare. Additionally, 92% of Perforce users are willing to recommend the solution, compared to 88% of OWASP users who would recommend it.

Klocwork

Read 23 Klocwork reviews

3,397 Views
2,037 Comparison Views

92% willing to recommend

OWASP Zap

Read 40 OWASP Zap reviews

11,136 Views
6,104 Comparison Views

88% willing to recommend

Klocwork

OWASP Zap

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Klocwork and OWASP Zap compete in code analysis and software vulnerability scanning. While users prefer Klocwork for pricing and support, OWASP Zap is favored for its features, offering superior value for those seeking comprehensive functionality.

Features: Klocwork offers comprehensive detection capabilities, seamless integration with CI/CD pipelines, and is cost-effective for larger teams. OWASP Zap provides a vast library of ready-to-use scanning rules, is adaptable to various environments, and its open-source nature allows for flexibility and customization.

Room for Improvement: Klocwork users suggest enhancements in reporting features, more intuitive configuration options, and better usability. OWASP Zap users desire improved scanning performance, more detailed documentation, and focus on performance and resource optimization.

Ease of Deployment and Customer Service: Klocwork is noted for its straightforward deployment and responsive customer service, with a support team that resolves issues efficiently. OWASP Zap offers simpler deployment but requires user knowledge for setup. Both have supportive customer service, though Klocwork often provides more hands-on assistance.

Pricing and ROI: Klocwork is seen as cost-effective with a favorable ROI for large teams, despite higher support costs. OWASP Zap's open-source advantage means lower setup costs and perceived long-term savings, appealing to budget-conscious users. The advanced functionalities often offset initial expenses.

To learn more, read our detailed Klocwork vs. OWASP Zap Report (Updated: April 2025).

Buyer's Guide

Klocwork vs. OWASP Zap

April 2025

Download the complete report

Helped 847,625 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Klocwork

Ranking in Static Application Security Testing (SAST)

13th

Average Rating

8.0

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Application Security Tools (16th), Static Code Analysis (5th)

OWASP Zap

Ranking in Static Application Security Testing (SAST)

11th

Average Rating

7.6

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Klocwork is 1.8%, down from 1.9% compared to the previous year. The mindshare of OWASP Zap is 5.1%, down from 5.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

AnirbanSarkar

Head - Solution Management Group at Meteonic Innovation Pvt. Ltd.

Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws

What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.

Read full review

Amit Beniwal

Project Manager at Al Hassan LLC

Simplifies vulnerability discovery and has high quality support

There are areas for improvement with OWASP Zap, particularly in the alignment of vulnerabilities concerning CVSS scores. Sometimes, a vulnerability initially categorized as high severity may be reduced to medium or low over time after security patches are applied. This alignment with the present severity score and CVSS score could be improved.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."

"One can increase the number of vendors, so the solution is scalable."

"It's integrated into our CI, continuous integration."

"The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met."

"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."

"Technical support is quite good."

"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."

"The ability to create custom checkers is a plus."

More Klocwork pros

"The ZAP scan and code crawler are valuable features."

"Simple to use, good user interface."

"It has improved my organization with faster security tests."

"OWASP Zap is a good tool, one of my favorites for a long time, and I would recommend it."

"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."

"The community edition updates services regularly. They add new vulnerabilities into the scanning list."

"You can run it against multiple targets."

"We use the solution for security testing."

More OWASP Zap pros

Cons

"There are too many warnings, and it requires expertise to determine the correct category for them."

"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."

"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."

"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."

"Klocwork sometimes provides too many additional warnings which require expertise to manage."

"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."

"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."

More Klocwork cons

"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."

"Lacks resources where users can internally access a learning module from the tool."

"Deployment is somewhat complicated."

"The solution is unable to customize reports."

"The product should allow users to customize the report based on their needs."

"OWASP Zap could benefit from a noise cancellation feature like that of Burp Suite Professional, where AI helps reduce certain non-critical findings."

"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."

"It would be a great improvement if they could include a marketplace to add extra features to the tool."

More OWASP Zap cons

Pricing and Cost Advice

"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."

"This solution offers competitive pricing."

"Licensing fees are paid annually, but they also have a perpetual license."

"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."

"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."

"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"We have used the freeware version. I believe Zap only has freeware."

"This is an open-source solution and can be used free of charge."

"It is open source, and we can scan freely."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"The tool is open source."

"This app is completely free and open source. So there is no question about any pricing."

More OWASP Zap pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

847,625 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

36%

Manufacturing Company

20%

Computer Software Company

Financial Services Firm

Computer Software Company

18%

Financial Services Firm

11%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Klocwork?

It's integrated into our CI, continuous integration.

See all answers

What is your experience regarding pricing and costs for Klocwork?

Klocwork is not expensive, but neither is it very cheap. It is less expensive than Coverity.

See all answers

What needs improvement with Klocwork?

Every product has room for improvement. Klocwork sometimes provides too many additional warnings which require expertise to manage. Follow-ups are often needed. The support for plugins also needs t...

See all answers

Is OWASP Zap better than PortSwigger Burp Suite Pro?

OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...

See all answers

What do you like most about OWASP Zap?

The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...

See all answers

What is your experience regarding pricing and costs for OWASP Zap?

OWASP might be cost-effective, however, people prefer to use the free edition available as open source.

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Klocwork

Compared 36% of the time

Coverity vs Klocwork

Compared 29% of the time

Polyspace Code Prover vs Klocwork

Compared 13% of the time

Parasoft SOAtest vs Klocwork

Compared 3% of the time

Checkmarx One vs Klocwork

Compared 3% of the time

More Klocwork Competitors

SonarQube Server (formerly SonarQube) vs OWASP Zap

Compared 21% of the time

Acunetix vs OWASP Zap

Compared 16% of the time

Qualys Web Application Scanning vs OWASP Zap

Compared 9% of the time

Checkmarx One vs OWASP Zap

Compared 9% of the time

Veracode vs OWASP Zap

Compared 9% of the time

More OWASP Zap Competitors

Product Reports

Buyer's Guide

Klocwork

April 2025

Download Klocwork product report

Buyer's Guide

OWASP Zap

March 2025

Download OWASP Zap product report

Overview

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Perforce

OWASP Zap is a free and open-source web application security scanner.

The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.

With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

OWASP

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS

Buyer's Guide

Klocwork vs. OWASP Zap

April 2025

Free Report: Klocwork vs. OWASP Zap

Find out what your peers are saying about Klocwork vs. OWASP Zap and other solutions. Updated: April 2025.

DOWNLOAD NOW

847,625 professionals have used our research since 2012.

See our Klocwork vs. OWASP Zap report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.