Klocwork Reviews

We are using the latest version.

We use the solution for regular code scanning for C and C++, as well as for MISRA rules

When an upgrade is carried out it must be done on both the server and client side, which can make it a bit hectic for all projects to be configured on the private server. Every update that we receive requires of us a lengthy and involved process.

The project reporting status dashboard should also be addressed. As I am on the compliance team, I must open every project to resolve all issues.  The solution does not provide consolidated views. Meanwhile, Kuiwan has a very good feature on its dashboard.

Moreover, Klocwork makes a limited number of languages available to the user, only four. In addition, a good consolidated dashboard, in respect of compliance, would be nice to see.

I have been working with Klocwork for seven or eight years.

Technical support is quite good. We have a vendor partner in India and they do a good job of supporting us. 

Klocwork was easy to install. But, as we are using an on-premises server, our client's configuration needs are different. Since this is on the user's machine the installation part is easy. Yet, the receipt of frequent updates means that time which could be spent on the project side is consumed by that of development.

When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server. The former is more cost effective than the latter. 

We are currently using SonarQube for other languages, those of Python and Android.

At present, we make use of both the Klocwork and SonarQube tools. However, as we wish to have a combined tool, we are planning to switch to Kuiwan.

I rate Klocwork as a seven out of 10. 

Our primary use case of Klocwork is for static project analysis and for getting ratios.

I really like Klocwork's server client build because it allows collaboration between the team members. It takes the ratios and it has a portal where one can justify the issues.

There are many things that can be improved. The code used between projects is one of the very painful points in Klocwork. So if you are using a code and the product is shared between projects, you have to analyze the different projects just to comment if it is good or to justify it in the different projects. And the solutions they provide for the issues, are not fully correct. So this is the main issue is using the code between projects.

I have been using Klocwork for around four months now.

I think the solution is fairly stable. We've had some issues in the GUI, and even in the server portal and in the server application. We've also had issues with an outside application that is  also a GUI client. So I will say it is stable but there are some issues.

One can increase the number of vendors, so the solution is scalable. We currently have around 3,000 users.

We don't deal with the technical team directly, because we have a service line. So if I have an issue, we report to our service line and they report to the technical support team.

The initial setup wasn't complex - it was really straightforward.

My advice to others would be that they should determine their use case before buying the program. If they have many codes, I would not recommend it. If they have a separate project where not many codes are shared between projects, I will recommend it. 

I would like to see better codes between projects and a more user-friendly desktop in the next release. 

On a scale from one to 10, I rate this product a seven.

It is one of the best tools available for static analysis.

This tool was already rolled out in our projects at Delphi Technical Center in Bangalore, India. Though we had a QAC tool for MISRA checks, Klocwork was preferred for complete code base static analysis before projects go to production.

For all GM projects, this tool is used to perform static analysis. It provides a nice report, so all manual efforts in analyzing the code base are completely removed.

There are some false warnings found which eventually are not considered for a fix after the team reviewed the source code.

We have been using the system for around three years.

It is quite stable, reliable and has not shown any difference in the results for multiple runs.

We have not tried to scale yet, but it was sufficient for our current projects.

We have not encountered any problems at my level. I have no idea how the technical support is.

We were using QAC and Klocwork at my previous company. At my current organization, we use Polyspace.

The setup was in place when I arrived.

I have no idea about pricing.

I was not involved in the tool evaluation process.

I recommend this tool as one of the best to be used for static analysis and should at least be tried.

We are involved in implementing the applying and supporting Klocwork for various customers as we are a Klokwork partner. Klocwork is an advanced static code analysis tool also used to detect all possible vulnerabilities that are present in the source code.

There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself. This means that you don't have to wait for the development to finish and waste that time. This provides efficiency. 

Klocwork also has various plugins available for development tools and they work seamlessly. Our clients often opt for Klocwork due to its accuracy of results and the continuous addition of new features. 

This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages. 

In a future release, we would like to have architecture management added.

We have been using this solution for ten years.

This is a stable solution and is a specific feature that this solution is well known for. 

This is a scalable solution and can be deployed to suit any requirement of a customer. We have customers using 1,200 Klocwork licenses, which is served through only one license server.

The customer support team are responsive and provide support via email and phone. 

I would rate them a five out of five. 

Positive

The initial setup is straightforward. We can complete the entire deployment in less than 30 minutes and it does not involve any manual configuration. It is fully automated. I have completed more than 100 deployments and have not faced any issues. 

Once Klocwork is installed and configured as part of your automation pattern, there is no maintenance required. 

This solution offers competitive pricing. 

Klocwork does data flow analysis and is proven to be more accurate. It also supports many industry standards like MISRA, OWASP, CERT and AUTOSAR which many other tools do not. It can also be used to deliver internal coding guidelines. 

I would rate this solution a nine out of ten. 

our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler. 

It has helped our organization to produce the non-defective code right at the developer's desktop. So we were able to deliver releases on time.

The pre-checkin code review, industry standard checks, continuous integration (CI) and customized checkers are the most valuable features.

It would be nice to consider having more language support ability. Currently Klocwork supports C/C++, Java and C#, (Android*)

Klocwork is very stable. i have seen Klocwork running on 40 million lines of code without any problem. 

Klocwork has almost all the features what an advanced Static code analyser should have. 

Customer Service:

Customer service is great. We are getting responses from support within a day. The local support (I am from India) is also good.

Technical Support:

Technical support from Klocwork is great. The Klocwork documentations are available online so we hardly contact the Klocwork support.

We were using three Open Source static analyzers and faced lots of false-positives and false-negatives. Klocwork has given us better results with real issues.

Setup was straightforward with the installation shields (a single .exe for Windows and .sh file for Linux).

For the very first time, the vendor team had helped us in the deployment. Their support was great. From the second time onwards, our internal team was able to upgrade and install with the help of online documentations.

We got what we have expected. Klocwork worth the price. 

The Klocwork tool is worth the price that they have quoted.

we have evaluated multiple open source tools and few commercial tools.

Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written.

Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first.

Take prioritized, corrective action immediately to deliver more secure and reliable code.

We are using it for C and C++ to find security vulnerabilities in our source code. It is a static application security testing (SAST) tool.

On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.

Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages. 

I would like to see some more new guidelines added. As you know, this Klocwork tool is fully compliant with MISRA, CERT, and CWE, but a few coding guidelines are still not supported by Klocwork.

I have been using it for around eight years.

We have been using Klocwork for many years. That itself speaks of its stability in our organization.

We have been trying to scale up this particular tool. We are not only using Klocwork. We are also using other SAST solutions because security cannot be handled by only using one particular tool. Klocwork is the oldest one, but we are using SonarQube and Coverity to filter out more and more defects from our source code. So, it's not really scalable itself, but with the help of other tools, we managed to scale to organization needs.

Currently, we have nine users who are using it in our organization. It is used once a week to give the reports to our security team, and they act on those reports to filter out all the vulnerabilities.

They're hyperresponsive. They have regular calls to see what exactly we are doing with Klocwork and how we are doing. They are super responsive. They are knowledgeable. I would rate them a five out of five.

Positive

I used Kiuwan earlier, but I used it for open source. It was primarily to find open sources in our entire source code. It supports modern languages. It has more languages than Klocwork.

It is an on-premise solution. It is not very difficult to set up on our premises. It is easy to install and easy to use. I would rate it a five out of five in terms of the setup.

If your source code is in C or C++, you should be using Klocwork. We have compared the results of different tools like SonarQube and Coverity with Klocwork. Klocwork was able to find a better number of defects in the source code than SonarQube and Coverity. At times, both Coverity and SonarQube missed some of the defects such as null pointer dereference, memory leak issues, etc. The detection rate of Klocwork is very high for C and C++.

I would rate Klocwork an eight out of ten.

Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead. 

One more is on the fly analysis which is the most important feature which Klocwork provides I believe. 

• It has reduced the manual analysis for a lot of scenarios like checking for internal standards.
• It has saved a lot of time in developing a code through on the fly analysis mode.
• Klocwork team is regularly updating their checkers which is the good one where we can get more accurate and new kind of issues or bugs in our code can be identified.

First will be the on the fly analysis as it is reducing the time for developing a code. One more best thing is the reports section which is very nice to understand. Also the support which is available for Industry Standards as well as we can also write our own internal standards and we can check during the analysis.

Not much as of now. But I am feeling Klocwork should support more number of languages like other static code analyzers do. Right now Klocwork has supportability available only to C, C++, Java, and C#. 

Very good.

I evaluated some other tools, but I don't want to reveal the names of these tools. I didn't find them as good tools when compared with Klocwork. 

It has a straightforward setup from my scenario. Just installing a few .exe files. Not much complexity is involved in this.

Vendor team. Very good, and they are friendly.

I don't know much about cost and licensing as my management is looking at these things.

I evaluated some other tools, but I don't want to reveal the names of these tools. I didn't find them as good tools when compared with Klocwork.

Not much as of now.

Our primary use case is to check our Internal Standards which is always a burden because it involves lot of manual checking. We are using Klocwork for this by writing some algorithms and implementing it in Klocwork. Klocwork is very strong in this section.

As said earlier checking our industry standards is main burden which involves lot of manual work. Now Klocwork has completely removed this and we are very easily checking our internal standards.

The ability to create custom checkers, which is an important part of most of the projects. Its on the fly capability is very good. 

Nothing as of now. I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc. In the near future I will discuss additional features that need to be added.

Technical Support is very good. They took only hours to resolve most of my issues.

I didn't use any tools other than Klocwork.

Initial setup is straightforward. There is no complexity in the initial setup.

I have implemented it with the help of a vendor team. They are really very good with Klocwork.

It is worth it for the price that the vendor quoted.

I evaluated two other tools, which were not matched with Klocwork at any point. I don't want to reveal the names of the tools.

Support for more languages would be helpful since this is my trustworthy tool. One more advice from my side would be to do some webinars on Klocwork will be helpful for some new users.