We performed a comparison between CodeSonar and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"There is nice functionality for code surfing and browsing."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"The tool is very good for detecting memory leaks."
"CodeSonar’s most valuable feature is finding security threats."
"It has been able to scale."
"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"Technical support is quite good."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"One can increase the number of vendors, so the solution is scalable."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"The ability to create custom checkers is a plus."
"It was expensive."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"There could be a shared licensing model for the users."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"The scanning tool for core architecture could be improved."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"I believe it should support more languages, such as Python and JavaScript."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"Every update that we receive requires of us a lengthy and involved process."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
CodeSonar is ranked 21st in Application Security Tools with 7 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. CodeSonar is rated 8.2, while Klocwork is rated 8.2. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". CodeSonar is most compared with SonarQube, Coverity, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and Veracode. See our CodeSonar vs. Klocwork report.
See our list of best Application Security Tools vendors and best Static Code Analysis vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.