Klocwork vs SonarQube Server (formerly SonarQube) comparison

Perforce and Sonar are both solutions in the Application Security Tools category. Perforce is ranked #23 with an average rating of 8.5, while Sonar is ranked #1 with an average rating of 8.2. Perforce holds a 1.4% mindshare in AS, compared to Sonar’s 26.7% mindshare. Additionally, 91% of Perforce users are willing to recommend the solution, compared to 81% of Sonar users who would recommend it.

Klocwork

Read 20 Klocwork reviews

3,108 Views
1,864 Comparison Views

91% willing to recommend

SonarQube Server (formerly ...

Read 113 SonarQube Server (formerly SonarQube) reviews

41,622 Views
34,051 Comparison Views

81% willing to recommend

Klocwork

SonarQube Server (formerly ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 30, 2024

SonarQube Server and Klocwork compete in the software analysis tools category, each offering distinct advantages. SonarQube generally appeals to users for its pricing and support, while Klocwork is noted for its strong static code analysis features, which some users find worth the higher cost.

Features: SonarQube Server supports over 20 programming languages, offers pre-commit checks, custom coding rules, unit tests, and more. It includes the Time Machine tool, customizable dashboards, and integrates with CI/CD systems. Klocwork focuses on strong static analysis, supports C, C++, Java, and C#, and provides on-the-fly and incremental analysis, aiding in early issue identification.

Room for Improvement: SonarQube Server could enhance security scanning and shorten analysis times for complex projects. Improved integration with existing tools like JIRA and more comprehensive API documentation are also desired. For Klocwork, users mention false positives, limited language support, and the need for simpler rule definitions. Enhancements in infrastructure compatibility and dynamic analysis features are suggested for both.

Ease of Deployment and Customer Service: SonarQube Server supports deployment across hybrid, on-premises, and public cloud environments, with flexibility that aids integration in diverse IT settings. Its large open-source community helps offset the lack of direct support for its free version. Klocwork offers limited deployment options primarily in on-premises and private cloud, which may be less flexible than SonarQube Server's offerings.

Pricing and ROI: SonarQube Server's community edition provides a cost-effective option with low licensing fees, offering good value especially for small teams. Klocwork, despite its higher costs, is deemed worthwhile by users due to its comprehensive analysis features. Both solutions are recognized for delivering a solid return on investment by improving code quality and reducing rework.

To learn more, read our detailed Klocwork vs. SonarQube Server (formerly SonarQube) Report (Updated: October 2024).

Buyer's Guide

Klocwork vs. SonarQube Server (formerly SonarQube)

October 2024

Download the complete report

Helped 816,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Customer Service

Sentiment score

5.0

Klocwork offers highly rated, proactive technical support with quick issue resolution, available in over thirty countries.

No sentiment score available

SonarQube users rely on community forums and documentation for support, with official options being costly but enterprise packages offer good support.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Room For Improvement

Sentiment score

4.9

Klocwork faces performance, language support, and usability issues, causing false warnings, slow updates, and limited Agile tool integration.

Sentiment score

5.9

SonarQube Server requires security, integration, multilingual support improvements and enhancements in user experience, performance, documentation, and dynamic testing.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Scalability Issues

Sentiment score

7.2

Klocwork demonstrates excellent scalability and adaptability for teams of all sizes, integrating well with various infrastructures and tools.

Sentiment score

7.5

SonarQube Server offers strong scalability, integrating well with tools, though larger operations may require resources and higher editions.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Setup Cost

Sentiment score

8.5

Klocwork provides flexible licensing and competitive pricing, justified by its capabilities, suitable for both small and large organizations.

No sentiment score available

SonarQube Server provides free and paid versions, with enterprises opting for licensed features and competitive pricing concerns.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Stability Issues

Sentiment score

8.6

Klocwork is praised for stability and reliability, despite performance updates and network-related connectivity issues some users experience.

Sentiment score

8.2

SonarQube Server is praised for its stable performance, reliable operation, and minimal issues, aside from rare plugin-related concerns.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Valuable Features

Sentiment score

8.2

Klocwork enhances software quality with static code analysis, integrating smoothly with CI and IDEs for efficient defect detection.

Sentiment score

8.4

SonarQube Server supports custom rules, CI/CD integration, code analysis, and continuous quality checks for enhanced development processes.

No quotes available

For more quotes and insights, download the Klocwork report

No quotes available

For more quotes and insights, download the SonarQube Server (formerly SonarQube) report

Categories and Ranking

Klocwork

Ranking in Application Security Tools

23rd

Ranking in Static Application Security Testing (SAST)

16th

Average Rating

8.2

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Static Code Analysis (7th)

SonarQube Server (formerly ...

Ranking in Application Security Tools

1st

Ranking in Static Application Security Testing (SAST)

1st

Average Rating

8.0

Reviews Sentiment

7.5

Number of Reviews

113

Ranking in other categories

Software Development Analytics (1st)

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of Klocwork is 1.4%, down from 1.5% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 27.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

AnirbanSarkar

Head - Solution Management Group at Meteonic Innovation Pvt. Ltd.

Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws

What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.

Read full review

Wang Dayong

Senior Software Engineering Manager at Hill

Easy to integrate and has a plug-in that supports both C and C++ languages

The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

816,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

40%

Manufacturing Company

19%

Computer Software Company

10%

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

13%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Klocwork?

It's integrated into our CI, continuous integration.

See all answers

What is your experience regarding pricing and costs for Klocwork?

Our purchasing department is responsible for tracking costs. It's one of the most widely used tools in our organization. It likely does not have a high price point. I don't have insights into licen...

See all answers

What needs improvement with Klocwork?

The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze. It will show all poss...

See all answers

Is SonarQube the best tool for static analysis?

I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...

See all answers

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

How would you decide between Coverity and Sonarqube?

We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...

See all answers

Comparisons

Coverity vs Klocwork

Compared 32% of the time

Polyspace Code Prover vs Klocwork

Compared 11% of the time

Checkmarx One vs Klocwork

Compared 4% of the time

CodeSonar vs Klocwork

Compared 3% of the time

Parasoft SOAtest vs Klocwork

Compared 3% of the time

More Klocwork Competitors

Checkmarx One vs SonarQube Server (formerly SonarQube)

Compared 16% of the time

Coverity vs SonarQube Server (formerly SonarQube)

Compared 12% of the time

SonarQube Cloud (formerly SonarCloud) vs SonarQube Server (formerly SonarQube)

Compared 12% of the time

GitHub Advanced Security vs SonarQube Server (formerly SonarQube)

Compared 9% of the time

CAST Highlight vs SonarQube Server (formerly SonarQube)

Compared 2% of the time

More SonarQube Server (formerly SonarQube) Competitors

Product Reports

Buyer's Guide

Klocwork

November 2024

Download Klocwork product report

Buyer's Guide

SonarQube Server (formerly SonarQube)

October 2024

SonarQube Server (formerly SonarQube) report

Download SonarQube Server (formerly SonarQube) product report

Also Known As

No data available

Sonar

Learn More

Perforce

Sonar

Interactive Demo

Demo not available

Perforce

Sonar

Overview

Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.

SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.

SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.

What are the key features of SonarQube Server?

Support for 20+ languages: Extensive programming language support suitable for diverse coding environments.
Custom coding rules: Allows for tailored rule sets to match specific coding standards.
Flexible quality gates: Define criteria for code acceptance at various intervals.
CI/CD integration: Seamless integration with Continuous Integration/Continuous Deployment tools.
Rich interface: User-friendly dashboard with detailed visual insights.

What benefits should users expect from SonarQube Server?

Improved code quality: Enhanced analysis contributes to fewer bugs and improved coding practices.
Security enhancements: Identifies and mitigates security vulnerabilities pre-emptively.
Maintainability: Reduces technical debt, yielding long-term development efficiency.
Customizable: Flexibility in configuration aligns with specific project needs.

Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL

Information Not Available

Buyer's Guide

Klocwork vs. SonarQube Server (formerly SonarQube)

October 2024

Free Report: Klocwork vs. SonarQube Server (formerly SonarQube)

Find out what your peers are saying about Klocwork vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: October 2024.

DOWNLOAD NOW

816,406 professionals have used our research since 2012.

See our Klocwork vs. SonarQube Server (formerly SonarQube) report.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.