Kiuwan Code Security Reviews

Summary: I can't think about not using Kiuwan for code vulnerabilities detection, it would be literally impossible to not use it. It's a great tool to analyse and improve the security of software.

Positive: We find very valuable to allow Kiuwan integrate with our development lifecycle (CI/CD) and we don't have to google or find fixes since it recommends fixes and tells you exactly where to find the issue within the code.

Negative: False positives take time to turn off since its a manual process and the tools somehow lacks intelligence to detect whether the issue is real or not (e.g. hardcoded passwords are the most likely under this).

Summary: You must try Kiuwan to make your products secure and shorten development cycles since you can integrate to your CI/CD process through automation frameworks easily.

Positive: Very accurate analysis provided by Kiuwan on code risks. The best is that Kiuwan even provides the recommended fix which makes the remediation process easier and faster.

Negative: If they had to improve I'd suggest working on support. Sometimes support takes time to get back. Also, we've gone through platform upgrades and we weren't notified and broke our development cycles. Would be good to improve customer notifications somehow.

Summary: If you really want to take the next step on security and INVEST some money to of course do this you MUST use Kiuwan.

Positive: I've tried some products (even free like Snyk) and Kiuwan provides a full picture of static code risks and vulnerabilities. It allows team to improve code security and development practices.

Negative: It's not a CON being honest but would be nice if they could offer something to scan infrastructure like Tenable.sc does.

Summary: Very good.

Positive: Options are very open and clear, friendly to use.

Negative: Initial installation steps & getting false positives.

Summary: This is a excellent SAST tool that can help you to identify any potential issue with your source code.

Positive: - Ease of use.
- Local Analysis.
- Centralized view of QA defects and Security Vulnerabilities.
- SCA analysis available.
- Friendly technical support.
- Several security standards support.
- Provides API
- DevOps Integration
- CSV and PDF reports

Negative: - Partial support for SSO authentication (Only web).
- No customizable metrics.
- No API end points for management/governance metrics.
- No plugin for Xcode.
- Predefined values for rules can't be edited.

Summary: This product helps us to improve quality of our software. Nothing cons, everything is good. Great tool for developers to validate code compliance. Management for oversight progress and forecasting. This product helps us to improve quality of our software.

Positive: Great tool for developers to validate code compliance. Management for oversight progress and forecasting. This product helps us to improve quality of our software.

Negative: Nothing, everything is good. Nothing, everything is good.

Summary: I like the product. I think it's very intuitive and provide a great insight in terms of SCA and SAST.

Positive: The product is very easy to use. I was asked to try this out with not much information and was able to get the first scan in with not much struggle at all.

Negative: I think a bit more customization in how to select the source for scanning would be great (exclude/include pattern, different set of rules for different source types, etc).

Summary: All orgs MUST have a static code analysis tool like this but prices can skyrocket due lines of code.

Positive: Identifies code risks "invisible" to us and helps to secure our projects. We liked we were able to integrate to our devops automation cycle.

Negative: Expensive throughout time and while we increase our codebase
Support sometimes isn't quick/responsive.

Summary: Overall our experience is good, as the scanning process is straightforward and easy, has helped find some good bugs in our software.

Positive: Easy and fast installation process. Regular updates. Finds a lot of common issues, OWASP Top 10 etc, good language support. SaaS based solution with a web UI to view the results

Negative: Language support limited for the code insights section. Have come across some bugs already during the time we have had this deployed. Would not have expected such bugs.

Summary: On a whole we have been Kiuwan which is integrated to our pipelines and also we are also looking at other tools for few cons which i just stated above.
It's so far good overall.

Positive: Kiuwan code security helps analyze our code base and tells us potential vulnerabilities in it and it can be integrated well to your CI/CD pipeline seamlessly.

Negative: It could improve much more on code coverage, unused code and code suggestions.

Summary: Please work with customers and users to gather beneficial improvements to understand our businesses and challenges to ensure feedback and changes are incorporated.

Positive: The number of languages supported. The white-labeled branding capability. The relatively good ease of use. Customer interface, access to run analysis and review reports.

Negative: Confusing administration with challenging setup. No ability to export mute, notes, and comments. No way to export and remove an application and re-import the results, mutes, notes back into the portal. There should be a setup timing of allowing an application to be reviewed for 15 or 30 days before data is stale and should be removed. Need a comparison to the previous quarter, month, or year's results. This will show maturity and improvement over time.