Klocwork and OpenText Static Application Security Testing are two leading tools in the static code analysis category. Despite Klocwork's appealing pricing and support, OpenText seems to have an advantage due to its comprehensive features and extensive language support.
Features: Klocwork is known for its quick integration with development environments and CI/CD pipelines, allowing for efficient static code analysis and custom checker creation. OpenText Static Application Security Testing offers extensive language support and precise vulnerability detection, making it ideal for security-focused organizations.
Room for Improvement: Klocwork could benefit from supporting more programming languages and enhancing its dashboard for compliance reporting. It also generates numerous warnings needing expert analysis. OpenText Static Application Security Testing would improve by reducing false positives and expanding its language support.
Ease of Deployment and Customer Service: Klocwork provides various deployment options, including private and on-premises, and is praised for responsive customer service. OpenText offers hybrid deployment and reliable customer service. Both have excellent technical support, but Klocwork's global presence offers a slight advantage in availability.
Pricing and ROI: Klocwork stands out for its competitive pricing and flexible licensing options, offering good ROI through quality enhancement. OpenText, although more expensive, provides justified value through its robust features and capabilities, seen as economical compared to main competitors.
The main ROI factors include efficiency and how we meet compliance standards for various automotive requirements.
The issue is not about the knowledge of the support but about the prioritization of the tickets they handle.
The customer support team is very responsive, proactive, and engages in conversations to ensure our needs are met.
During the initial phase when I did interact with the vendor, the support was satisfactory.
The technical support has been good because we always received answers to our questions.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
Klocwork supports our scalability needs without issues, even as project volumes increase.
The program-to-program enablement is scalable.
Fortify Static Code Analyzer integrates well and is scalable.
Installation is easy, and the solution is stable.
The stability of Fortify Static Code Analyzer is generally good.
I would rate the product stability as an eight.
We would like Klocwork to connect to Git and notify developers of issues tied to specific commits.
Klocwork sometimes provides too many additional warnings which require expertise to manage.
There are too many warnings, and it requires expertise to determine the correct category for them.
We are not ready to transfer our code without control to AI instruments.
It would be really helpful to include trending vulnerabilities and how to manage them.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
It is less expensive than Coverity.
Klocwork was competitively priced, making it a cost-effective solution for us.
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
The most valuable feature of Klocwork is the static analysis tools, which help identify potential security threats and errors.
Its integration with the CI/CD pipeline has helped streamline the software development process.
It takes just half a day to set up.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
| Product | Mindshare (%) |
|---|---|
| Klocwork | 5.7% |
| OpenText Static Application Security Testing | 5.5% |
| Other | 88.8% |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 3 |
| Large Enterprise | 11 |
Klocwork offers advanced static code analysis with integration capabilities for enhanced development efficiency, supporting various development environments and providing clear defect reports. It streamlines software development by reducing defects and improving code quality.
Klocwork integrates seamlessly into CI/CD pipelines, providing real-time and incremental analysis to identify and rectify code defects quickly. It supports multiple integrated development environments (IDEs) and minimizes false positives in its analysis. While primarily supporting C/C++, Java, and C#, there is a need to expand language support and enhance its static analysis engine. The tool assists in adhering to industry standards with features like automated code parsing and MISRA compliance checks. Ease of setup and collaboration capabilities further promotes efficiency, although the dashboard could benefit from user-friendly updates and better integration with Agile tools.
What are the primary features of Klocwork?Klocwork is extensively implemented in industries that prioritize software quality and security standards, particularly in environments focused on C/C++ development on Linux systems. Its capabilities in automated code parsing, traffic analysis, and support for DevOps integration make it invaluable for industries requiring strict MISRA compliance and internal standards adherence. By aiding refactoring and detecting memory-related vulnerabilities, Klocwork contributes to the maintainability and security standards in these sectors.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
