TechValidate Customer Research Library / Perforce Software

TechValidate Research on Klocwork

4 Case Studies


Klocwork Case Study

Schneider Electric

Introduction

This case study of Schneider Electric is based on an April 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service.

Share

Embed

Download

“Good tool to enable continuous integration and quality.”

“Working with certified tools increases trust in the tool execution results.”

Competition Prior to Choosing Klocwork

Tools evaluated or used prior to selecting Perforce SAST Tools:

  • Coverity (Synopsis)
  • Parasoft
  • SonarSource/SonarQube
  • Fortify

Industry Feedback

For static code analysis tools, key features include:

  • The ease of setting up and running static code analysis: strongly agree
  • Integration into CI/CD systems: agree
  • Differential analysis for speed and efficiency: disagree
  • The ability to support huge codebases: disagree
  • Support for all coding languages that we use: neither agree nor disagree
  • No need to pre-process code prior to scanning: strongly agree

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): critical
  • Have customizable quality reports and analysis: very Important
  • Get accurate and clean of noise reports: critical

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market significantly faster.

They are comfortable with sharing and uploading their source code to a SAST tool vendor cloud.

Security and safety coding standards coverage most important for them:

  • OWASP
  • CERT
  • CWE Top25
  • MISRA,
  • JSF AV C++

Enterprise console and reporting framework capabilities they value the most:

  • Defining global or project-specific QA and security objectives and rule configurations
  • View trending and metrics data for project quality and compliance
  • Compliance and security reports
  • Prioritize defects based on severity, location, and lifecycle
  • Distinguish new issues from legacy code issues

Results

Features of Klocwork compared to other tools that used or evaluated:

  • Continuous compliance: superior
  • Ease of automation: best-in-class
  • Differential analysis: superior
  • Flexible deployment options: superior

Company Profile

Company:
Schneider Electric

Company Size:
Global 500

Industry:
Electronics

About Klocwork

We believe in the power of teamwork. And that our development tools should empower the diverse teams that use them by enhancing collaboration, control, quality, speed, scale, and freedom.

Learn More:

Perforce Software

Source: Alain Salmetoz, Software Discipline Leader, Schneider Electric
Validated
  Published: May. 12, 2021   TVID: 938-919-350

Klocwork Case Study

Federal Government Agency

Introduction

This case study of a federal government is based on a March 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service. The profiled organization asked to have their name blinded to protect their confidentiality.

Share

Embed

Download

“We have been using the Klocwork tool for the last 10 years and have found it to be a very useful tool as a static code analysis tool.

“Working with certified tools increases trust in the tool execution results.”

Challenges

Tools evaluated or used prior to selecting Perforce SAST Tools:

  • Parasoft

Use Case

Agreed that for static code analysis tools, key features include:

  • The ease of setting up and running static code analysis
  • Integration into CI/CD systems
  • Differential analysis for speed and efficiency
  • The ability to support huge codebases
  • Support for all coding languages that we use
  • No need to pre-process code prior to scanning

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: very Important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): important
  • Have customizable quality reports and analysis: important
  • Get accurate and clean of noise reports: important

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market faster.

They are not comfortable with sharing and uploading their source code to an SAST tool vendor cloud.

Security and safety coding standards coverage most important for them:

  • CERT
  • JSF AV C++

Enterprise console and reporting framework capabilities they value the most:

  • Control access permissions and approval workflows
  • Prioritize defects based on severity, location, and lifecycle

Results

Features of Klocwork compared to other tools that used or evaluated:

  • Ability to scale to projects of any size: superior
  • Wide range of developer tools: better
  • Continuous compliance: superior
  • Ease of automation: superior
  • Differential analysis: superior
  • Flexible deployment options: superior

Organization Profile

The organization featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.

TechValidate stands behind the authenticity of this data.

Organization Size:
Federal

Industry:
Government

About Klocwork

We believe in the power of teamwork. And that our development tools should empower the diverse teams that use them by enhancing collaboration, control, quality, speed, scale, and freedom.

Learn More:

Perforce Software

Source: TechValidate survey of a Federal Government
Validated
  Published: May. 12, 2021   TVID: 498-333-D23

Klocwork Case Study

Siae Microelettronica Spa

Introduction

This case study of SIAE MICROELETTRONICA SPA is based on a March 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service.

Share

Embed

Download

Klocwork provides us with great ease of configuration and issue management across the team."

“Working with certified tools increases trust in the tool execution results.”

Challenges

Tools evaluated or used prior to selecting Perforce SAST Tools:

  • SonarSource/SonarQube

Industry Feedback

For static code analysis tools, key features include:

  • The ease of setting up and running static code analysis: agree
  • Integration into CI/CD systems: strongly agree
  • Differential analysis for speed and efficiency: strongly agree
  • The ability to support huge codebases: strongly agree
  • Support for all coding languages that we use: agree
  • No need to pre-process code prior to scanning: agree

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): very Important
  • Have customizable quality reports and analysis: very Important
  • Get accurate and clean of noise reports: critical

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market somewhat faster.

They are not comfortable with sharing and uploading their source code to an SAST tool vendor cloud.

Security and safety coding standards coverage most important for them:

  • CERT

Enterprise console and reporting framework capabilities they value the most:

  • Compliance and security reports
  • Prioritize defects based on severity, location, and lifecycle
  • Distinguish new issues from legacy code issues

Results

Klocwork compared to other tools that used or evaluated:

  • Ability to scale to projects of any size: superior
  • Wide range of developer tools: superior
  • Continuous compliance: best-in-class
  • Ease of automation: superior
  • Differential analysis: better
  • Flexible deployment options: superior

Company Profile

Company:
SIAE MICROELETTRONICA SPA

Company Size:
Medium Enterprise

Industry:
Telecommunications Equipment

About Klocwork

We believe in the power of teamwork. And that our development tools should empower the diverse teams that use them by enhancing collaboration, control, quality, speed, scale, and freedom.

Learn More:

Perforce Software

Source: Vito Pinto, Network Operations, SIAE MICROELETTRONICA SPA
Validated
  Published: May. 10, 2021   TVID: E9B-68D-80A

Klocwork Case Study

Small Business Computer Software Company

Introduction

This case study of a small business computer software company is based on a March 2021 survey of Klocwork customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

Share

Embed

Download

“Klocwork is relatively easy to install and use and supports most major programming languages.”

“Working with certified tools increases trust in the tool execution results.”

“I prefer to work with solution vendors that participate with compliance boards.”

Tools evaluated/used prior to Perforce:

SonarSource/SonarQube

Fortify

Use Case

They are not comfortable with sharing and uploading their source code to an SAST tool vendor cloud.

  • Security and safety coding standards coverage most important for them:
    • DISA STIG

Importance of the following:

  • Have a consistent pricing model from your Static Application Security Testing (SAST) tool vendor: very Important
  • Have a SAST tool that can be executed via flexible deployment options (Desktop/IDE/CI/Cloud/Containers): important
  • Have customizable quality reports and analysis: very Important
  • Get accurate and clean of noise reports: very Important

Said that audit and/or stakeholder-ready scan results help to speed up release cycles and time to market faster.

Enterprise console and reporting framework capabilities they value the most:

  • Defining global or project-specific QA and security objectives and rule configurations
  • Compliance and security reports
  • Prioritize defects based on severity, location, and lifecycle

Level of agreement on key features for static code analysis tools:

  • The ease of setting up and running static code analysis: strongly agree
  • Integration into CI/CD systems: strongly agree
  • Differential analysis for speed and efficiency: agree
  • The ability to support huge codebases: agree
  • Support for all coding languages that we use: strongly agree
  • No need to pre-process code prior to scanning: strongly agree

Results

Features of Klocwork compared to other tools that used or evaluated:

  • Ability to scale to projects of any size: best-in-class
  • Wide range of developer tools: superior
  • Continuous compliance: superior
  • Ease of automation: best-in-class
  • Differential analysis: superior
  • Flexible deployment options: superior

Company Profile

The company featured in this case study asked to have its name publicly blinded because publicly endorsing vendors is against their policies.

TechValidate stands behind the authenticity of this data.

Company Size:
Small Business

Industry:
Computer Software

About Klocwork

We believe in the power of teamwork. And that our development tools should empower the diverse teams that use them by enhancing collaboration, control, quality, speed, scale, and freedom.

Learn More:

Perforce Software

Source: TechValidate survey of a Small Business Computer Software Company
Validated
  Published: May. 26, 2021   TVID: DF9-33A-333



More Research on Klocwork



© Copyright 2024 SurveyMonkey. All marks used on this site are the property of their respective owners. Privacy Policy Terms of Use