Klocwork

About Klocwork
Klocwork is a web-based static code analysis software designed to help businesses identify and manage software security and quality in compliance with regulatory guidelines. It lets DevOps teams detect various security vulnerabilities including tainted data, SQL injection, vulnerable coding practices, buffer overflow, and more.
Key features of Klocwork include differential analysis, containerized builds, approval workflows, prioritization, and custom rules. The Portal dashboard enables managers to display analysis data, metrics, trends, and configurations for codebases. It offers common command-line interfaces, which allow teams to access defect data via a REST API. Organizations can also receive detailed information about the causes of defects and coding violations.
Klocwork offers plugins for multiple IDEs including IntelliJ, Microsoft Visual Studio, Eclipse, and more. The custom checker creation tool helps businesses facilitate the implementation of specific rules according to projects or organizational requirements.
Images


Not sure about Klocwork?
Compare with a popular alternative
Starting Price
Pricing Options
Features
Integrations
Ease of Use
Value for Money
Customer Service
Alternatives
Jira

Asana

BuildPiper

Caspio

Reviews
Already have Klocwork?
Software buyers need your help! Product reviews help the rest of us make great decisions.

- Company size: 51–200 Employees
- Used Monthly for 6-12 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
It's a source code analysis tool. You can feed it either a piece of code up to a full build...
Reviewed on 2018/02/02
Pros
Klocwork is great at finding software defects such as array and buffer out of bounds violations, Null pointer dereferences, unreachable code, memory leaks, unused variables, etc. If the build is setup correctly, the tool often produces accurate results. Customers have complimented us with our findings as we were able to point out significant issues in their software. Klocwork can be used on incremental builds and it will determine which warnings are new, unchanged, or fixed since the last run. The tool has very descriptive warnings and great documentation with examples to use. Their website also contains mappings from their checker warnings to industry coding standards such as MISRA and others.
Cons
It doesn't have a user friendly interface for running the tool. Although it won't prevent you from running it on any piece of code or software build, the tool produces much less false positives when the input build is setup properly, which often requires some effort. Klocwork is run via command line, so the user must have knowledge of the necessary commands, command line arguments, and configuration setup. Although the results can be viewed through the Klocwork Insight Review web interface, there is no easy way for the user to export the data to a spreadsheet for offline viewing and analysis.
- Industry: Information Services
- Company size: 11–50 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 10.0 /10
Klocwork SAST REVIEW
Reviewed on 2023/01/20
very good
very good
Pros
less false positive and on the fly analysis
Cons
interface of the dashboard and few extra added features
- Industry: Computer & Network Security
- Company size: 10,000+ Employees
- Used Monthly for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 5.0 /10
Powerful tool, but...
Reviewed on 2020/05/02
Pros
Klocwork is a powerful static code checker. It helps to improve code global quality and to early detect errors.
Cons
But it is a litte bit tricky to customize. Learning curve is not so short.
- Company size: 11–50 Employees
- Used Monthly for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 9.0 /10
Great at finding true positive issues in source code without needing to compile
Reviewed on 2018/01/15
This tool provided my company an easy means to find code defects on partial and full source code...
This tool provided my company an easy means to find code defects on partial and full source code builds. The results of the tool have been very good. Although manual analysis is still required to determine which issues the customer are interested in, the time invested in setting up, running the tool, and manually analyzing the results, is well worth it.
Pros
Klocwork works great with source code whether a complete or partial build. Easy to run the tool with minimal setup work. Tool has a higher chance of producing true positives vs false positives if setup right. Checker warnings are easy to understand and there is decent documentation explaining what each checker does. Klocwork Insight's web interface is easy to work with and provides a little help for tracing issues. Klocwork's Checker Studio enables users to create their own custom checkers, which are easy to deploy. The tool is great at finding critical issues in code, especially for buffer overflows, array out of bounds, null pointer dereferences, and dead code. The tool also maintains history of builds run and does build comparisons on each run for it to flag what warnings are new or not.
Cons
Running the tool for us is usually done on a Unix server via command line, which users have expressed they would not prefer to a GUI. There is no easy way to extract the results from the tool to an Excel spreadsheet, but there are ways around it via scripting. There is no good documentation on Checker Studio, on how to create checkers, especially on how to program in KAST, even more so for Path checkers.
- Industry: Information Technology & Services
- Company size: 501–1,000 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 9.0 /10
Very good in checking run time problems !!
Reviewed on 2018/12/26
As our main case is to detect some run time issues and using Klocwork we are getting these issues.
As our main case is to detect some run time issues and using Klocwork we are getting these issues.
Pros
For our project we would like check run time issues like Divided by Zero, Array out of Bounds, Null pointer issues and so on. Klocwork is very good in this and has some good number of checkers for these problems. In addition to this Klocwork has direct plugin availability to lot of IDE's which will be helpful for all the developers.
Cons
I would say that Klocwork has almost all good features as per my experience.
Klocwork FAQs
Below are some frequently asked questions for Klocwork.Q. What type of pricing plans does Klocwork offer?
Klocwork offers the following pricing plans:
- Pricing model: Free Version
- Free Trial: Available
Contact Perforce Software for pricing details.
Q. Who are the typical users of Klocwork?
Klocwork has the following typical customers:
51–200, 201–500, 501–1,000, 1,001–5,000
Q. What languages does Klocwork support?
Klocwork supports the following languages:
English
Q. Does Klocwork support mobile devices?
Klocwork supports the following devices:
Q. What other apps does Klocwork integrate with?
Klocwork integrates with the following applications:
Helix ALM, Helix QAC, Incredibuild, Jenkins, Microsoft Visual Studio, Secure Code Warrior
Q. What level of support does Klocwork offer?
Klocwork offers the following support options:
Chat
Related categories
See all software categories found for Klocwork.