Klocwork vs SonarQube Cloud (formerly SonarCloud) comparison

Perforce and Sonar are both solutions in the Static Application Security Testing (SAST) category. Perforce is ranked #15 with an average rating of 8.3, while Sonar is ranked #10 with an average rating of 8.5. Perforce holds a 1.8% mindshare in SAST, compared to Sonar’s 6.7% mindshare. Additionally, 92% of Perforce users are willing to recommend the solution, compared to 100% of Sonar users who would recommend it.

Klocwork

Read 22 Klocwork reviews

3,723 Views
2,198 Comparison Views

92% willing to recommend

SonarQube Cloud (formerly S...

Read 12 SonarQube Cloud (formerly SonarCloud) reviews

9,964 Views
8,153 Comparison Views

100% willing to recommend

Klocwork

SonarQube Cloud (formerly S...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 30, 2024

Klocwork and SonarQube Cloud compete in the software analysis and code quality market. SonarQube Cloud has the upper hand due to its advanced integration capabilities and flexibility, which appeal to users prioritizing seamless workflow integration.

Features: Klocwork excels in security vulnerability analysis, critical code issue detection, and offers extensive usability across various IDEs. SonarQube Cloud provides robust integration with CI/CD pipelines, comprehensive security hotspot identification, and customizable rules for managing false positives effectively.

Room for Improvement: Klocwork could enhance its ease of deployment and focus on reducing its setup time. It may benefit from expanding its cloud capabilities to match market trends. SonarQube Cloud needs more comprehensive documentation to simplify its integration process. It could further refine its false-positive rates and improve its interface to enhance the user experience.

Ease of Deployment and Customer Service: Klocwork's on-premises setup offers enterprises greater control but requires longer deployment times and in-depth technical support. In contrast, SonarQube Cloud's cloud-based nature provides quicker deployment and streamlined assistance, making it more accessible for instant implementation and support.

Pricing and ROI: Klocwork has a higher initial costing, justified by its specialization in security features, thus promising a solid ROI for enterprises focused on security. SonarQube Cloud's flexible subscription model offers easy entry with extensive ROI by enabling scalability and adaptability to existing cloud infrastructures. The choice largely depends on the specific emphasis on either security or integration needs.

To learn more, read our detailed Klocwork vs. SonarQube Cloud (formerly SonarCloud) Report (Updated: January 2025).

Buyer's Guide

Klocwork vs. SonarQube Cloud (formerly SonarCloud)

January 2025

Download the complete report

Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Klocwork

Ranking in Static Application Security Testing (SAST)

15th

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Application Security Tools (22nd), Static Code Analysis (5th)

SonarQube Cloud (formerly S...

Ranking in Static Application Security Testing (SAST)

10th

Average Rating

8.2

Reviews Sentiment

6.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of February 2025, in the Static Application Security Testing (SAST) category, the mindshare of Klocwork is 1.8%, down from 1.9% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.7%, down from 6.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

AnirbanSarkar

Head - Solution Management Group at Meteonic Innovation Pvt. Ltd.

Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws

What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.

Read full review

Diego Moreo

Software Quality Coordinator at a retailer with 10,001+ employees

Enhanced code quality with data consolidation needs and good pipeline integration

We have SonarCloud integrated into our pipeline. It is used as a tool for checking code quality, clean code, bugs, and security issues. It acts as a quality gate for production, helping decide if our code can be applied SonarCloud aids us in checking major issues in legacy systems and helps…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the Incremental analysis."

"Technical support is quite good."

"The best advantage of Klocwork is the reduced setup time."

"One can increase the number of vendors, so the solution is scalable."

"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."

"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."

"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."

"The most valuable feature of Klocwork is its reduced setup time."

More Klocwork pros

"I find SonarQube Cloud very easy to use and simple to integrate initially."

"The reports from SonarCloud are very good."

"The SaaS solution for checking code without execution and dealing with security issues is valuable."

"I find SonarQube Cloud very easy to use and simple to integrate initially."

"The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules."

"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."

"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."

"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."

More SonarQube Cloud (formerly SonarCloud) pros

Cons

"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."

"Klocwork does have a problem with true positives. It only found 30% of true positives in the Juliet test case."

"Klocwork sometimes provides too many additional warnings which require expertise to manage."

"I believe it should support more languages, such as Python and JavaScript."

"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."

"There are too many warnings, and it requires expertise to determine the correct category for them."

"I would like to see better codes between projects and a more user-friendly desktop in the next release."

"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."

More Klocwork cons

"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."

"Reporting features are missing in SonarCloud."

"The solution needs to improve its customization and flexibility."

"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."

"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."

"SonarQube Cloud could improve its vulnerability detection compared to Veracode."

"There's room for improvement in the configuration process, particularly during the initial setup phase."

"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."

More SonarQube Cloud (formerly SonarCloud) cons

Pricing and Cost Advice

"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."

"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

"This solution offers competitive pricing."

"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."

"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."

"Licensing fees are paid annually, but they also have a perpetual license."

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."

"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."

"I am using the free version of the solution."

"I rate the pricing a five out of ten."

"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."

"While not extremely cheap, it aligns well with market standards and offers good value."

"The current pricing is quite cheap."

"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

838,713 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

41%

Manufacturing Company

19%

Computer Software Company

Financial Services Firm

Computer Software Company

18%

Financial Services Firm

10%

Manufacturing Company

10%

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Klocwork?

It's integrated into our CI, continuous integration.

See all answers

What is your experience regarding pricing and costs for Klocwork?

Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into licen...

See all answers

What needs improvement with Klocwork?

The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all poss...

See all answers

What do you like most about SonarCloud?

Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.

See all answers

What is your experience regarding pricing and costs for SonarCloud?

Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost.

See all answers

What needs improvement with SonarCloud?

Reporting features are missing in SonarCloud. We do not have a way to consolidate data within the tool, requiring us to extract data and use Power BI for reports.

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Klocwork

Compared 39% of the time

Coverity vs Klocwork

Compared 30% of the time

Polyspace Code Prover vs Klocwork

Compared 13% of the time

Checkmarx One vs Klocwork

Compared 3% of the time

Parasoft SOAtest vs Klocwork

Compared 3% of the time

More Klocwork Competitors

SonarQube Server (formerly SonarQube) vs SonarQube Cloud (formerly SonarCloud)

Compared 70% of the time

Veracode vs SonarQube Cloud (formerly SonarCloud)

Compared 7% of the time

GitLab vs SonarQube Cloud (formerly SonarCloud)

Compared 4% of the time

Checkmarx One vs SonarQube Cloud (formerly SonarCloud)

Compared 3% of the time

Coverity vs SonarQube Cloud (formerly SonarCloud)

Compared 3% of the time

More SonarQube Cloud (formerly SonarCloud) Competitors

Product Reports

Buyer's Guide

Klocwork

February 2025

Download Klocwork product report

Buyer's Guide

SonarQube Cloud (formerly SonarCloud)

January 2025

SonarQube Cloud (formerly SonarCloud) report

Download SonarQube Cloud (formerly SonarCloud) product report

Interactive Demo

Demo not available

Perforce

Sonar

Overview

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

Perforce

SonarQube Cloud offers static code analysis and application security testing, seamlessly integrating into CI/CD pipelines. It's a vital tool for identifying vulnerabilities and ensuring code quality before deployment.

SonarQube Cloud is widely used for its ability to integrate with tools like GitHub, Jenkins, and Bitbucket, providing critical feedback at the pull request level. It's designed to help organizations maintain clean code by acting as a quality gate. This service supports development methodologies including sprints and Kanban for ongoing vulnerability management. While appreciated for its dashboard and integration capabilities, some users find initial setup challenging and note the need for enhanced documentation. The recent addition of mono reports and microservices support offers deeper insights into security and code quality, though container testing limitations and false positives are noted drawbacks. Manual intervention is sometimes required to address detailed reporting, with external tools being necessary for comprehensive analysis. Notifications for larger teams during serious issues and streamlined integration of new features are also areas of improvement.

What are the key features of SonarQube Cloud?

Vulnerability Detection: Identifies potential security threats within code.
Security Hotspots: Highlights sections of the code that require closer inspection.
Feedback on Feature Branches: Enables early detection and resolution of quality issues.
No Maintenance: Ensures focus remains on development rather than tool upkeep.
Mono and Multi-Reports: Offers diverse insights into code quality.

What benefits should users look for?

Integration Ease: Seamlessly connects with popular development platforms.
Continuous Code Analysis: Provides consistent feedback to improve code standards.
Unified Quality View: Dashboard offers a comprehensive look at code metrics.
Security Insights: Detailed information on vulnerabilities and their impact.

In specific industries, SonarQube Cloud finds application in finance and healthcare where code integrity and security are paramount. It allows teams to identify critical vulnerabilities early and ensures that software development aligns with industry regulations and standards. By continuously analyzing code, it aids organizations in deploying secure and reliable applications, fostering trust and compliance.

Sonar

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Information Not Available

Buyer's Guide

Klocwork vs. SonarQube Cloud (formerly SonarCloud)

January 2025

Free Report: Klocwork vs. SonarQube Cloud (formerly SonarCloud)

Find out what your peers are saying about Klocwork vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: January 2025.

DOWNLOAD NOW

838,713 professionals have used our research since 2012.

See our Klocwork vs. SonarQube Cloud (formerly SonarCloud) report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.