TechValidate Research on Klocwork

These pages present data that TechValidate has sourced via direct research with verified customers and users of Klocwork. TechValidate stands behind the authenticity of all published data. Learn more »



545 Data Points Collected

13 Published TechFacts

6 Published Charts

4 Published Case Studies



Selected Research Highlights


Klocwork Case Study

Siae Microelettronica Spa

Introduction

This case study of SIAE MICROELETTRONICA SPA is based on a March 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service.

Klocwork provides us with great ease of configuration and issue management across the team."

“Working with certified tools increases trust in the tool execution results.”

Challenges

Tools evaluated or used prior to selecting Perforce SAST Tools:

  • SonarSource/SonarQube

Industry Feedback

For static code analysis tools, key features include:

  • The ease of setting up and running static code analysis: agree
  • Integration into CI/CD systems: strongly agree
  • Differential analysis for speed and efficiency: strongly agree
  • The ability to support huge codebases: strongly agree
  • Support for all coding languages that we use: agree
  • No need to pre-process code prior to scanning: agree

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): very Important
  • Have customizable quality reports and analysis: very Important
  • Get accurate and clean of noise reports: critical

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market somewhat faster.

They are not comfortable with sharing and uploading their source code to an SAST tool vendor cloud.

Security and safety coding standards coverage most important for them:

  • CERT

Enterprise console and reporting framework capabilities they value the most:

  • Compliance and security reports
  • Prioritize defects based on severity, location, and lifecycle
  • Distinguish new issues from legacy code issues

Results

Klocwork compared to other tools that used or evaluated:

  • Ability to scale to projects of any size: superior
  • Wide range of developer tools: superior
  • Continuous compliance: best-in-class
  • Ease of automation: superior
  • Differential analysis: better
  • Flexible deployment options: superior

Klocwork Customer Research

Which vendors did you evaluate or replace prior to selecting Perforce SAST Tools?

Which vendors did you evaluate or replace prior to selecting Perforce SAST Tools?

SonarSource/SonarQube
63%
Coverity (Synopsis)
48%
Parasoft
33%
Fortify
30%

Klocwork Customer Statistic

Better differential analysis

67% of surveyed organizations rated Klocwork’s differential analysis as better than other related tools.

67%

Klocwork Customer Research

SAST Key Features Importance

How important would you say it is to…

Critical Very Important Important Somewhat Important Not Important
Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor

16%

47%

28%

7%

2%

Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers)

26%

42%

25%

2%

5%

Have customizable quality reports and analysis

17%

40%

32%

9%

2%

Get accurate and clean of noise reports

45%

44%

9%

2%

0%

Klocwork Customer Satisfaction Rating

A Network Engineering at a medium enterprise engineering company would be likely to recommend Klocwork for this reason:

Klocwork provides some solid static code analysis results that helps us to avoid potential bugs. It is pretty easy to set up and use both directly in the development tools and with our continuous integration server.

Klocwork Case Study

Federal Government Agency

Introduction

This case study of a federal government is based on a March 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service. The profiled organization asked to have their name blinded to protect their confidentiality.

“We have been using the Klocwork tool for the last 10 years and have found it to be a very useful tool as a static code analysis tool.

“Working with certified tools increases trust in the tool execution results.”

Challenges

Tools evaluated or used prior to selecting Perforce SAST Tools:

  • Parasoft

Use Case

Agreed that for static code analysis tools, key features include:

  • The ease of setting up and running static code analysis
  • Integration into CI/CD systems
  • Differential analysis for speed and efficiency
  • The ability to support huge codebases
  • Support for all coding languages that we use
  • No need to pre-process code prior to scanning

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: very Important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): important
  • Have customizable quality reports and analysis: important
  • Get accurate and clean of noise reports: important

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market faster.

They are not comfortable with sharing and uploading their source code to an SAST tool vendor cloud.

Security and safety coding standards coverage most important for them:

  • CERT
  • JSF AV C++

Enterprise console and reporting framework capabilities they value the most:

  • Control access permissions and approval workflows
  • Prioritize defects based on severity, location, and lifecycle

Results

Features of Klocwork compared to other tools that used or evaluated:

  • Ability to scale to projects of any size: superior
  • Wide range of developer tools: better
  • Continuous compliance: superior
  • Ease of automation: superior
  • Differential analysis: superior
  • Flexible deployment options: superior


More to Explore



About Klocwork

Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality.

Klocwork Website   Perforce Software Website