Try our new research platform with insights from 80,000+ expert users
reviewer1553658 - PeerSpot reviewer
Senior Product Specialist at a tech services company with 51-200 employees
Real User
Leaderboard
On-the-fly analysis and incremental analysis are the best parts, and its detection rate is very high for C and C++
Pros and Cons
  • "On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
  • "Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."

What is our primary use case?

We are using it for C and C++ to find security vulnerabilities in our source code. It is a static application security testing (SAST) tool.

What is most valuable?

On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively.

What needs improvement?

Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages. 

I would like to see some more new guidelines added. As you know, this Klocwork tool is fully compliant with MISRA, CERT, and CWE, but a few coding guidelines are still not supported by Klocwork.

For how long have I used the solution?

I have been using it for around eight years.

Buyer's Guide
Klocwork
March 2025
Learn what your peers think about Klocwork. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

What do I think about the stability of the solution?

We have been using Klocwork for many years. That itself speaks of its stability in our organization.

What do I think about the scalability of the solution?

We have been trying to scale up this particular tool. We are not only using Klocwork. We are also using other SAST solutions because security cannot be handled by only using one particular tool. Klocwork is the oldest one, but we are using SonarQube and Coverity to filter out more and more defects from our source code. So, it's not really scalable itself, but with the help of other tools, we managed to scale to organization needs.

Currently, we have nine users who are using it in our organization. It is used once a week to give the reports to our security team, and they act on those reports to filter out all the vulnerabilities.

How are customer service and support?

They're hyperresponsive. They have regular calls to see what exactly we are doing with Klocwork and how we are doing. They are super responsive. They are knowledgeable. I would rate them a five out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Kiuwan earlier, but I used it for open source. It was primarily to find open sources in our entire source code. It supports modern languages. It has more languages than Klocwork.

How was the initial setup?

It is an on-premise solution. It is not very difficult to set up on our premises. It is easy to install and easy to use. I would rate it a five out of five in terms of the setup.

What other advice do I have?

If your source code is in C or C++, you should be using Klocwork. We have compared the results of different tools like SonarQube and Coverity with Klocwork. Klocwork was able to find a better number of defects in the source code than SonarQube and Coverity. At times, both Coverity and SonarQube missed some of the defects such as null pointer dereference, memory leak issues, etc. The detection rate of Klocwork is very high for C and C++.

I would rate Klocwork an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Software Solutions Engineer at Meteonic Innovation Pvt. Ltd.
User
Its strong Capability in On the fly analysis
Pros and Cons
  • "The ability to create custom checkers is a plus."
  • "I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."

What is our primary use case?

Our primary use case is to check our Internal Standards which is always a burden because it involves lot of manual checking. We are using Klocwork for this by writing some algorithms and implementing it in Klocwork. Klocwork is very strong in this section.

How has it helped my organization?

As said earlier checking our industry standards is main burden which involves lot of manual work. Now Klocwork has completely removed this and we are very easily checking our internal standards.

What is most valuable?

The ability to create custom checkers, which is an important part of most of the projects. Its on the fly capability is very good. 

What needs improvement?

Nothing as of now. I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc. In the near future I will discuss additional features that need to be added.

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?


What do I think about the scalability of the solution?


How are customer service and technical support?

Technical Support is very good. They took only hours to resolve most of my issues.

Which solution did I use previously and why did I switch?

I didn't use any tools other than Klocwork.

How was the initial setup?

Initial setup is straightforward. There is no complexity in the initial setup.

What about the implementation team?

I have implemented it with the help of a vendor team. They are really very good with Klocwork.

What's my experience with pricing, setup cost, and licensing?

It is worth it for the price that the vendor quoted.

Which other solutions did I evaluate?

I evaluated two other tools, which were not matched with Klocwork at any point. I don't want to reveal the names of the tools.

What other advice do I have?

Support for more languages would be helpful since this is my trustworthy tool. One more advice from my side would be to do some webinars on Klocwork will be helpful for some new users.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Klocwork
March 2025
Learn what your peers think about Klocwork. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
Software Solutions Engineer at Meteonic Innovation Pvt. Ltd.
User
It has saved a lot of time in developing a code through on the fly analysis mode

What is our primary use case?

Our main test case is to check for some of our internal standards which we usually do manually. But when we got Klocwork, it completely changed the scenario. We are writing a simple logic for checking our internal standards without much overhead. 

One more is on the fly analysis which is the most important feature which Klocwork provides I believe. 

How has it helped my organization?

  • It has reduced the manual analysis for a lot of scenarios like checking for internal standards.
  • It has saved a lot of time in developing a code through on the fly analysis mode.
  • Klocwork team is regularly updating their checkers which is the good one where we can get more accurate and new kind of issues or bugs in our code can be identified.

What is most valuable?

First will be the on the fly analysis as it is reducing the time for developing a code. One more best thing is the reports section which is very nice to understand. Also the support which is available for Industry Standards as well as we can also write our own internal standards and we can check during the analysis.

What needs improvement?

Not much as of now. But I am feeling Klocwork should support more number of languages like other static code analyzers do. Right now Klocwork has supportability available only to C, C++, Java, and C#. 

For how long have I used the solution?

Still implementing.

How are customer service and technical support?

Very good.

Which solution did I use previously and why did I switch?

I evaluated some other tools, but I don't want to reveal the names of these tools. I didn't find them as good tools when compared with Klocwork. 

How was the initial setup?

It has a straightforward setup from my scenario. Just installing a few .exe files. Not much complexity is involved in this.

What about the implementation team?

Vendor team. Very good, and they are friendly.

What's my experience with pricing, setup cost, and licensing?

I don't know much about cost and licensing as my management is looking at these things.

Which other solutions did I evaluate?

I evaluated some other tools, but I don't want to reveal the names of these tools. I didn't find them as good tools when compared with Klocwork.

What other advice do I have?

Not much as of now.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Specialist at a non-tech company with 5,001-10,000 employees
Real User
Good stability and tech support and the setup is straightforward
Pros and Cons
    • "Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."

    What is our primary use case?

    We currently use Klocwork mainly for static code analysis.

    What needs improvement?

    Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report. Without building the source code we have to get the static code and the source code. That's what we are looking into. It would be better if they could provide a solution for this issue, regarding code building, when compiling the report.

    I would like to see a dashboard added to provide a clear look and feel. The dashboard would then supplement the users to enable them to get a quick view of the content, as long is it is clear. A presentational dashboard would be good.

    For how long have I used the solution?

    We've been using Klocwork for two years.

    What do I think about the stability of the solution?

    The stability is good. We can run it on multiple machines without an issue.

    What do I think about the scalability of the solution?

    We have a server license here for two servers and ten users.

    How are customer service and technical support?

    The technical support is good. They support us whenever we need it.

    How was the initial setup?

    The initial setup was straightforward, not too complicated.

    What other advice do I have?

    Klocwork is a good product, but keep in mind that before building the code you have to get a report. Then you use the code. If you don't need to get a report after building the source code then this is a good solution for you. I prefer this tool.

    I would rate Klocwork as eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Prasad D - PeerSpot reviewer
    Senior H.R - DevOps & Infrastructure Recruitment Consultant at Meteonic Innovation Pvt. Ltd.
    Real User
    Support to a vast number of IDEs and so on

    What is our primary use case?

    My primary case would be checking for memory related issues and some null pointer issues where Klocwork is too strong in this section. We used to check these issues most often, and Klocwork is the one which provides us this clear way.

    How has it helped my organization?

    We are very concerned about these issues for some of the critical projects which are very important for us. Using Klocwork, we have cleared all these issues without much difficulty.

    What is most valuable?

    • Its vast checkers supportability
    • Custom checker creation
    • Industry standards supportability
    • Support to a vast number of IDEs and so on.

    What needs improvement?

    Nothing much as of now. I feel Klocwork is going in a great way. The one thing I personally feel is that Klocwork must increase their support to some other languages.

    For how long have I used the solution?

    One to three years.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user854769 - PeerSpot reviewer
    Embedded Software Developer at a tech services company with 10,001+ employees
    Real User
    The tool has good support for static analysis
    Pros and Cons
    • "The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
    • "We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
    • "The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."

    What is our primary use case?

    We are using Klocwork to perform static code analysis of our solutions towards an embedded project. The project is built on an RTOS, and the relevant middleware and applications are developed in C++.

    How has it helped my organization?

    The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time. This, in turn, increases the efficiency of the project as well as the team.

    What is most valuable?

    We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability.

    What needs improvement?

    The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion. 

    It should be semi-flexible. However, this may be due to my limited experience.

    For how long have I used the solution?

    Less than one year.

    How is customer service and technical support?

    The tool has good support for static analysis.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Klocwork Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Klocwork Report and get advice and tips from experienced pros sharing their opinions.