Klocwork has improved our code quality. Checkers have kept our code quality at very high note.
What do you like best?
Wide range of checkers. valuable issue segregation and easy report visibility for all type is issues/warnings. User friendly commands for building and analysis. Awesome commands to automate klocwork scan activities. It integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy. Security Standards: CWE, OWASP, CERT, PCI DSS, DISA STIG, and ISO/IEC TS 17961.
It analyzes source code in real time, simplifies peer code reviews, and extends the life of complex software.
What do you dislike?
Only few programming languages are supported. Few more security checks required. strong filtering and report analysis features required. would like to see better codes between projects and a more user-friendly desktop in the next release. Issue we have is that whenever we need to get the code we have to build it first. Then we can get the report. I would like to see a dashboard added to provide a clear look and feel. The dashboard would then supplement the users to enable them to get a quick view of the content, as long is it is clear. A presentational dashboard would be good.
Recommendations to others considering the product:
Klocwork is industry leading and proven static code analysis tool. Use it to improve Application security and code quality. It works like spell check for developers.
What problems are you solving with the product? What benefits have you realized?
Resolving all static code issues, syntax issues, security issues and null issues. solution is scalable. It improves Application security and code quality.
