We performed a comparison between GitLab and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's a great toolbox where the CI/CD pipeline is the fundamental component, but there are so many other features that you can pull from, which makes it a very powerful tool. My current client is using AWS, and they can, of course, use AWS CodePipeline, but GitLab is much more mature than that, and it also gives you the freedom to decide to go to another platform or have a multi-cloud strategy and things like that. That freedom for me is also very valuable."
"GitLab's best feature is Actions."
"The tool helps to integrate CI/CD pipeline deployments. It is very easy to learn. Its security model is good."
"The solution is stable."
"The most valuable features of GitLab are the CI/CD pipeline and code management."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"We like that we can create branches and then the branches can be reviewed and you can mesh those branches back. You can independently work with your own branch, you don't need to really control the core of other people."
"The merging feature makes it easy later on for the deployment."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"Technical support is quite good."
"One can increase the number of vendors, so the solution is scalable."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"It's integrated into our CI, continuous integration."
"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"Klocwork's most valuable feature is the static code analysis feature. It detects the potential problem earlier to allow the developer to receive feedback quickly and then address it before it becomes a problem."
"GitLab's UI could be improved."
"GitLab could improve the patch repository. It does not have support for Conan patch version regions. Additionally, better support for Kubernetes deployment is needed as part of the package."
"The user interface could be more user-friendly. We do most of our operations through the website interface but it could be better."
"It is a little complex to set up the pipelines within the solution."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"GitLab's Windows version is yet not available and having this would be an improvement."
"It would be really good if they integrated more features in application security."
"Even if I say I want some improvement, they will say it is already planned in the first quarter, second quarter, or third quarter. That said, most everything is quite improved already, and they're improving even further still."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"Every update that we receive requires of us a lengthy and involved process."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
GitLab is ranked 6th in Application Security Tools with 70 reviews while Klocwork is ranked 15th in Application Security Tools with 20 reviews. GitLab is rated 8.6, while Klocwork is rated 8.2. The top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, Checkmarx One and CodeSonar. See our GitLab vs. Klocwork report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
