Klocwork and SonarQube: Which application security tool is better?

With organisations utilising ever increasing numbers of applications to meet their business objectives, it is getting harder for IT teams to effectively guard and secure their application environments. To meet the rising tide of cybercrime in enterprise, businesses need to invest in application security products and strategies that can reduce the burden that IT teams face. However, choosing the right solution isn’t easy – every business is different, and there is no ‘one size fits all’ solution.

Over 388,000 professionals have used IT Central Station research to inform their purchasing decisions. Its latest paper looks at Klocwork and SonarQube, two of the highest reviewed solutions in the application security market.

Below is a brief summary of the report, highlighting what real IT Central Station users think of each solution – from their most valuable features, to how they’ve improved individual businesses, as well as what each solution could do better.

Klocwork

Detects security, safety, and reliability issues in real-time

With an average rating of 3.5/5 from three reviews, Klocwork is a well-regarded solution in the application security market. Popular with computer software, manufacturing, and comms service provider organisations, Klocwork is used by businesses of all sizes. 67% of reviewers work at businesses with large workforces of over 1000, whilst small and mid-size businesses account for 22% and 11% respectively.

When evaluating the product, Klocwork users point to the strong technical support it offers as one of the key features that help it to stand out compared to other solutions on the market. Plaudits also like the scalability of the solution and how they can connect directly to the Klocwork server on-premises remotely. However, critics of the solution would like to see better codes between projects and a more user-friendly desktop, alongside more integration with agile DevOps and other agile methodologies.

SonarQube

The leading tool for continuously inspecting code quality and code security

Achieving an average rating of 3.9/5 from 30 reviews, SonarQube is one of the most frequently reviewed products in the application security market. Computer software companies, comms service providers, and financial services firms make up the bulk of industries interested in SonarQube reviews, and reviewers themselves come from companies of all sizes. 52% of reviewers are from larger organisations, whilst small and mid-size companies split the remaining share at 28% and 20% each.

As one of the more popular solutions currently available, SonarQube has many admirers. Some of the key features that impress reviewers include its quick reporting, and the fact that it can cover most programming languages for source code review. Its static code analysis feature is also frequently mentioned as a strong reason to consider the solution. Yet, SonarQube is not without its critics, some users would like to see improvements made to its technical support, whilst others believe that the product’s price is a little too steep compared to other options on the market.

IDG Connect