Klocwork Reviews & Product Details

There are a lot of built-in checkers that were helpful. There are so many of them, and they are all very well documented, so using them was straightforward. Creating checkers was also easy because they have a guide on getting started and links that explain the different checkers. Customer support always got back to me quickly. There is an entire library of information on the portal. If you need help or information it's probably already documented and it's easy to find. Review collected by and hosted on G2.com.

At first, getting started was confusing. I wasted a lot of time trying to set up and install. It was much easier and faster when I had a link to a setup/install guide. Review collected by and hosted on G2.com.

Klocwork helps us to analyze source code against coding standards like MISRA C as well as standards like CVE which we look forward to use for cyber security analysis. Klocwork also integrates well with our CI/CD toolchain and provides nice integrations with popular IDE's. But most importatnly perhaps is the awesome support and quick feedback Perforce provides to the customers. Review collected by and hosted on G2.com.

Perforce could improve the REST API. More functions to allow creation of projects and other administrative tasks, which are done with the kwadmin tool for us to improve automation even further. A docker container on docker hub would also be nice to get. Review collected by and hosted on G2.com.

The provided tools, documentation, and support make static analysis report creation an easy task. Also, the MISRA C checkers add to get complete reports fulfills customer requirements. With the Klocwork reports, we have been able to prevent and fix critical issues, and improve our source code. Review collected by and hosted on G2.com.

I consider that the report creation can be improved. Being able to customize better which data and charts are added. The report can be obtained on PDF format, but this document does not include detailed information about the build. Review collected by and hosted on G2.com.

A complete solution, desktop, server, API, reports, compliance tailoring, CI/CD integration with JIRA, JENKINS and Github. The support team is the best! Review collected by and hosted on G2.com.

A narrow set of computer languages supported, out-of-the-box works but can result in false positives or false negatives if not configured correctly. Review collected by and hosted on G2.com.

Included links to how to fix found issues. Review collected by and hosted on G2.com.

Inexistent traceability of developer's issue suppression from their desktop. The way of working proposed by Klocwork is to have dedicated team that reviews suppressions but this becomes a bottleneck when this team needs to overwatch many small embedded projects. Therefore in such situation everyone gets allowed to suppress issues in order to maintain development agility. This in turn leads to people suppressing issues without discussing them with a peer programmer. With the possibility to trace that an issue was suppresed by a developer from the desktop it would help discover issues that were suppressed despite they should not been suppressed.

It is a good feature to be able to configure that the issues can be suppressed from the portal only but it is not possible today to configure the tool to hinder developers suppressing issues from the desktop tool. Review collected by and hosted on G2.com.

build a successful product

minimizing code issues at any stage of the development

Modren UI, Quality Gates

we can manage each projects configuration and rules also KW taxemonics has a lots of build in known ones Review collected by and hosted on G2.com.

the web UI look and feels old, scanner on build machine does not return none zero when project rules are not matched Review collected by and hosted on G2.com.

inline analisys of C++ code directly from Eclipse. Review collected by and hosted on G2.com.

unprofiled Visual Studio plugin, that let VS crash quite often. Review collected by and hosted on G2.com.

Wide range of checkers. valuable issue segregation and easy report visibility for all type is issues/warnings. User friendly commands for building and analysis. Awesome commands to automate klocwork scan activities. It integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy. Security Standards: CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961.

It analyzes source code in real time, simplifies peer code reviews, and extends the life of complex software. Review collected by and hosted on G2.com.

Only few programming languages are supported. Few more security checks required. strong filtering and report analysis features required. would like to see better codes between projects and a more user-friendly desktop in the next release. Issue we have is that whenever we need to get the code we have to build it first. Then we can get the report. I would like to see a dashboard added to provide a clear look and feel. The dashboard would then supplement the users to enable them to get a quick view of the content, as long is it is clear. A presentational dashboard would be good. Review collected by and hosted on G2.com.

It's easy to use and customize to flag just the items you will to catch. Also you can omit files you know have issues (lots of time commercial software you don't want to change) Review collected by and hosted on G2.com.

Nothing really its so easy to use. We use it to catch potential coding errors Review collected by and hosted on G2.com.

Allows customization of levels at which possible issues should be reported

Allows filtering out of false negatives Review collected by and hosted on G2.com.

The time to review the report, when the tool is run for the first time on an existing project, may be significant. Once issues have been analyzed and corrected / filtered out (as false negatives), incremental issues are easy to deal with. Review collected by and hosted on G2.com.