Try our new research platform with insights from 80,000+ expert users
Deputy Manager Quality Assurance at eInfochips
Reseller
Easy installation for regular code scanning of C, C++ and MISRA rules, but updates are lengthy and involved
Pros and Cons
  • "Technical support is quite good."
  • "Every update that we receive requires of us a lengthy and involved process."

What is our primary use case?

We are using the latest version.

We use the solution for regular code scanning for C and C++, as well as for MISRA rules

What needs improvement?

When an upgrade is carried out it must be done on both the server and client side, which can make it a bit hectic for all projects to be configured on the private server. Every update that we receive requires of us a lengthy and involved process.

The project reporting status dashboard should also be addressed. As I am on the compliance team, I must open every project to resolve all issues.  The solution does not provide consolidated views. Meanwhile, Kuiwan has a very good feature on its dashboard.

Moreover, Klocwork makes a limited number of languages available to the user, only four. In addition, a good consolidated dashboard, in respect of compliance, would be nice to see.

For how long have I used the solution?

I have been working with Klocwork for seven or eight years.

How are customer service and support?

Technical support is quite good. We have a vendor partner in India and they do a good job of supporting us. 

Buyer's Guide
Klocwork
April 2025
Learn what your peers think about Klocwork. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

How was the initial setup?

Klocwork was easy to install. But, as we are using an on-premises server, our client's configuration needs are different. Since this is on the user's machine the installation part is easy. Yet, the receipt of frequent updates means that time which could be spent on the project side is consumed by that of development.

What's my experience with pricing, setup cost, and licensing?

When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server. The former is more cost effective than the latter. 

What other advice do I have?

We are currently using SonarQube for other languages, those of Python and Android.

At present, we make use of both the Klocwork and SonarQube tools. However, as we wish to have a combined tool, we are planning to switch to Kuiwan.

I rate Klocwork as a seven out of 10. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
reviewer1184322 - PeerSpot reviewer
Software Chief Engineer at a transportation company with 10,001+ employees
Real User
It allows our team members to collaborate, but the codes between projects need to improve
Pros and Cons
  • "One can increase the number of vendors, so the solution is scalable."
  • "I would like to see better codes between projects and a more user-friendly desktop in the next release."

What is our primary use case?

Our primary use case of Klocwork is for static project analysis and for getting ratios.

What is most valuable?

I really like Klocwork's server client build because it allows collaboration between the team members. It takes the ratios and it has a portal where one can justify the issues.

What needs improvement?

There are many things that can be improved. The code used between projects is one of the very painful points in Klocwork. So if you are using a code and the product is shared between projects, you have to analyze the different projects just to comment if it is good or to justify it in the different projects. And the solutions they provide for the issues, are not fully correct. So this is the main issue is using the code between projects.

For how long have I used the solution?

I have been using Klocwork for around four months now.

What do I think about the stability of the solution?

I think the solution is fairly stable. We've had some issues in the GUI, and even in the server portal and in the server application. We've also had issues with an outside application that is  also a GUI client. So I will say it is stable but there are some issues.

What do I think about the scalability of the solution?

One can increase the number of vendors, so the solution is scalable. We currently have around 3,000 users.

How are customer service and technical support?

We don't deal with the technical team directly, because we have a service line. So if I have an issue, we report to our service line and they report to the technical support team.

How was the initial setup?

The initial setup wasn't complex - it was really straightforward.

What other advice do I have?

My advice to others would be that they should determine their use case before buying the program. If they have many codes, I would not recommend it. If they have a separate project where not many codes are shared between projects, I will recommend it. 

I would like to see better codes between projects and a more user-friendly desktop in the next release. 

On a scale from one to 10, I rate this product a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Klocwork
April 2025
Learn what your peers think about Klocwork. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
SivaneshWaran - PeerSpot reviewer
Head of Customer Succes at a tech services company with 51-200 employees
Real User
Top 20
Advanced static code analysis tool that assists developers in highlighting defects in real time
Pros and Cons
  • "There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
  • "This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."

What is our primary use case?

We are involved in implementing the applying and supporting Klocwork for various customers as we are a Klokwork partner. Klocwork is an advanced static code analysis tool also used to detect all possible vulnerabilities that are present in the source code.

What is most valuable?

There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself. This means that you don't have to wait for the development to finish and waste that time. This provides efficiency. 

Klocwork also has various plugins available for development tools and they work seamlessly. Our clients often opt for Klocwork due to its accuracy of results and the continuous addition of new features. 

What needs improvement?

This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages. 

In a future release, we would like to have architecture management added.

For how long have I used the solution?

We have been using this solution for ten years.

What do I think about the stability of the solution?

This is a stable solution and is a specific feature that this solution is well known for. 

What do I think about the scalability of the solution?

This is a scalable solution and can be deployed to suit any requirement of a customer. We have customers using 1,200 Klocwork licenses, which is served through only one license server.

How are customer service and support?

The customer support team are responsive and provide support via email and phone. 

I would rate them a five out of five. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward. We can complete the entire deployment in less than 30 minutes and it does not involve any manual configuration. It is fully automated. I have completed more than 100 deployments and have not faced any issues. 

Once Klocwork is installed and configured as part of your automation pattern, there is no maintenance required. 

What's my experience with pricing, setup cost, and licensing?

This solution offers competitive pricing. 

Which other solutions did I evaluate?

Klocwork does data flow analysis and is proven to be more accurate. It also supports many industry standards like MISRA, OWASP, CERT and AUTOSAR which many other tools do not. It can also be used to deliver internal coding guidelines. 

What other advice do I have?

I would rate this solution a nine out of ten. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner / Integrator / Reseller
PeerSpot user
reviewer937347 - PeerSpot reviewer
Sr. Test Engineering Manager - Embedded Linux SW / RF at a comms service provider with 51-200 employees
Real User
Useful code analysis, straightforward implementation, but more features needed
Pros and Cons
  • "Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
  • "Klocwork has to improve its features to stay ahead of other free solutions."

What is our primary use case?

Klocwork is part of our automated system, continuously improving the pipeline. Whenever the software is merged into the project control system, it is going to reduce Klocwork scanning automatically.

What is most valuable?

Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem.

What needs improvement?

Klocwork has to improve its features to stay ahead of other free or low-cost solutions, like Visual Studio Code Analyzer.

For how long have I used the solution?

I have used Klocwork within the last 12 months.

What do I think about the stability of the solution?

Klocwork is a stable solution but the performance could improve when compared to other solutions.

How are customer service and support?

I have used the support from Klocwork. There was a transition time when we started using the solution which was not smooth. However, we didn't need to report any problems after that.

Which solution did I use previously and why did I switch?

I have previously used Apple Xcode and Microsoft Visual Studio static code analysis and then JetBrains ReSharper type of the code analysis from the third-party tool, which is much cheaper than the Klocwork. Additionally, they are faster. I do not think we will be using Klocwork for much longer.

How was the initial setup?

Klocwork was straightforward to implement and took us a half-day to implement and the upgrade took less time.

What's my experience with pricing, setup cost, and licensing?

There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value.

Klocwork is an expensive solution.

What other advice do I have?

When we first purchased Klocwork I would have rated it a nine or ten out of ten. However, because of the performance of the execution and cost, I would no longer rate it that high.

I rate Klocwork a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user496041 - PeerSpot reviewer
Senior Embedded Software Engineer at a engineering company with 10,001+ employees
Real User
It provides a good set of checks for static code analysis and cybersecurity. While coding, developers see code violations. Global variables sometimes generate false positives.

What is most valuable?

  • Good set of checkers for static code analysis, cyber security
  • Possibility of creating custom checkers- Good and easy integration into continuous integration (CI)
  • The whole package offers a lot of possibilities: add-ons for Eclipse, standalone clients, access via web site, support, documentation, command line.

How has it helped my organization?

More and more departments are targeting static code analysis now, as they see the benefits. Klocwork with its capabilities is helping with this, providing the integration. The advantage is that while coding, developers see code violations.

What needs improvement?

  • Global variables sometimes generate false positives. Variables with global scopes sometimes produce False Positives. It means, I get violations from KW which after personal analysis turn out to be not true. At the moment it seems Klocwork is not able to track the values of variables with global scope. Thus the tool makes assumptions for the value range. It occurs that I get violations due to values which simply cannot occur > as the global variables are not tracked. This is annoying and time consuming. One simpler thing on variables with global scope: unused variables with global scope cannot be detected by checkers. This is highly recommended to have it in order to clean the code.
  • The preprocessor needs better integration for custom checkers as the tool focuses more on static code analysis; after preprocessing the file.- Updating from one version to the other takes too much time. The process somehow needs too much CPU power.
  • Once there are bugs detected and accepted by KW, it takes some time to integrate the changes. This means that what does not fit on the Rogue Wave road map is not definitely considered.

For how long have I used the solution?

I have used it for four years.

What do I think about the stability of the solution?

I did not encounter any stability issues; only that the update process takes too long. Here, the process could be speeded up.

What do I think about the scalability of the solution?

Scalability is good, from small teams to multisite project teams.

How are customer service and technical support?

Technical support is good (7/10).

Which solution did I use previously and why did I switch?

I previously used PC-lint. I switched because KW is more mature.

How was the initial setup?

Initial setup is going well; very straightforward and following its documentation.

Which other solutions did I evaluate?

I evaluated QAC/QAC++, LDRA Testbed.

What other advice do I have?

A good thing is that you are rapidly ramped up and can use the tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer988890 - PeerSpot reviewer
VP Delivery & Customer Success at a computer software company with 11-50 employees
Real User
Mature, saves time in finding defects, and is simple to maintain
Pros and Cons
  • "The most valuable feature is the Incremental analysis."
  • "I believe it should support more languages, such as Python and JavaScript."

What is our primary use case?

Klocwork is part of the DevOps process. It is scaling the code on every request.

How has it helped my organization?

It saves a lot of time when it comes to finding defects, it's basically inputted in every access we do.

What is most valuable?

The most valuable feature is the Incremental analysis.

What needs improvement?

I believe it should support more languages, such as Python and JavaScript.

I would like to see dynamic analysis as well.

For how long have I used the solution?

I have been working with Klocwork for seven years.

We are using version 2021.2.

What do I think about the stability of the solution?

Klocwork is very stable and very mature.

What do I think about the scalability of the solution?

It is very scalable.

In our organization, we have 50 users.

It is used on a daily basis. It's one of the most important tools that every developer has.

How are customer service and support?

The support is good. We have no problems with the support.

Which solution did I use previously and why did I switch?

We used Coverity in the past, but they shifted their focus, and we switched to Klocwork.

How was the initial setup?

The initial setup is straightforward.

It is simple to set up and can be done by any developer.

The initial deployment took a couple of days.

We have one person, working half-time to maintain this solution. That is all that is needed.

What about the implementation team?

I didn't require any assistance because I installed it myself.

What was our ROI?

We have seen a return on investment. Each developer invests at least half an hour a day less on defects. 

What's my experience with pricing, setup cost, and licensing?

Licensing fees are paid annually, but they also have a perpetual license.

There are no additional costs.

What other advice do I have?

I would recommend, first creating a baseline of their source code with all of the issues, and then handling the new issues on a daily basis while gradually resolving the old ones.

I would rate Klocwork a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user701436 - PeerSpot reviewer
Senior Software Engineer at a manufacturing company
Real User
One of the best tools available for static analysis. There are some false warnings issued.

What is most valuable?

It is one of the best tools available for static analysis.

How has it helped my organization?

This tool was already rolled out in our projects at Delphi Technical Center in Bangalore, India. Though we had a QAC tool for MISRA checks, Klocwork was preferred for complete code base static analysis before projects go to production.

For all GM projects, this tool is used to perform static analysis. It provides a nice report, so all manual efforts in analyzing the code base are completely removed.

What needs improvement?

There are some false warnings found which eventually are not considered for a fix after the team reviewed the source code.

For how long have I used the solution?

We have been using the system for around three years.

What do I think about the stability of the solution?

It is quite stable, reliable and has not shown any difference in the results for multiple runs.

What do I think about the scalability of the solution?

We have not tried to scale yet, but it was sufficient for our current projects.

How are customer service and technical support?

We have not encountered any problems at my level. I have no idea how the technical support is.

Which solution did I use previously and why did I switch?

We were using QAC and Klocwork at my previous company. At my current organization, we use Polyspace.

How was the initial setup?

The setup was in place when I arrived.

What's my experience with pricing, setup cost, and licensing?

I have no idea about pricing.

Which other solutions did I evaluate?

I was not involved in the tool evaluation process.

What other advice do I have?

I recommend this tool as one of the best to be used for static analysis and should at least be tried.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Sr. Software Solution Engineer at Meteonic Innovation Pvt Ltd at Meteonic Innovation Pvt. Ltd.
Real User
We were able to produce the non-defective code at the developer's desktop

What is our primary use case?

our primary use case was to find and fix all possible static vulnerabilities like Buffer over flow, null pointer check, array out of bounds, concurrency violations, etc.., We work on Linux platform with gcc compiler. 

How has it helped my organization?

It has helped our organization to produce the non-defective code right at the developer's desktop. So we were able to deliver releases on time.

What is most valuable?

The pre-checkin code review, industry standard checks, continuous integration (CI) and customized checkers are the most valuable features.

What needs improvement?

It would be nice to consider having more language support ability. Currently Klocwork supports C/C++, Java and C#, (Android*)

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Klocwork is very stable. i have seen Klocwork running on 40 million lines of code without any problem. 

What do I think about the scalability of the solution?

Klocwork has almost all the features what an advanced Static code analyser should have. 

How are customer service and technical support?

Customer Service:

Customer service is great. We are getting responses from support within a day. The local support (I am from India) is also good.

Technical Support:

Technical support from Klocwork is great. The Klocwork documentations are available online so we hardly contact the Klocwork support.

Which solution did I use previously and why did I switch?

We were using three Open Source static analyzers and faced lots of false-positives and false-negatives. Klocwork has given us better results with real issues.

How was the initial setup?

Setup was straightforward with the installation shields (a single .exe for Windows and .sh file for Linux).

What about the implementation team?

For the very first time, the vendor team had helped us in the deployment. Their support was great. From the second time onwards, our internal team was able to upgrade and install with the help of online documentations.

What was our ROI?

We got what we have expected. Klocwork worth the price. 

What's my experience with pricing, setup cost, and licensing?

The Klocwork tool is worth the price that they have quoted.

Which other solutions did I evaluate?

we have evaluated multiple open source tools and few commercial tools.

What other advice do I have?

Unlike other static code analysis tools, Klocwork integrates seamlessly into desktop IDEs, build systems, continuous integration tools, and any team's natural workflow. Mirroring how code is developed at any stage, Klocwork prevents defects and finds vulnerabilities on-the-fly, as code is being written.

Klocwork also helps prioritize work with SmartRank, the revolutionary new recommendation engine that prioritizes issues and helps select which ones to work on first.

Take prioritized, corrective action immediately to deliver more secure and reliable code.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Klocwork Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Klocwork Report and get advice and tips from experienced pros sharing their opinions.