Kiuwan Insights vs Veracode Comparison 2024

Kiuwan Insights

Veracode

Kiuwan Insights

Read 2 Kiuwan Insights reviews

114 views|60 comparisons

Veracode

Read 194 Veracode reviews

5,895 views|3,861 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Kiuwan Insights vs. Veracode

May 2024

Executive Summary

We performed a comparison between Kiuwan Insights and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Code Analysis solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Kiuwan Insights vs. Veracode Report (Updated: May 2024).

Download the complete report

772,649 professionals have used our research since 2012.

Featured Review

Alejandro Hidalgo

Director Nacional de Infraestructura Tecnológica y Operaciones at SEPS

Researched Veracode but chose Kiuwan Insights: Pricing and code capacity need improvement

Evan Gertis

Penetration Tester at a tech vendor

Enables us to provide a certificate showing stakeholders and potential customers the proof that we take security...

My case is different from other individuals. I worked for a startup, so we had to find a way to capitalize on all the resources in Veracode. Larger... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"Can help in reducing the number of false positives.""I have found the interface to be perfect."

More Kiuwan Insights Pros →

"The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.""It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in.""The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline.""It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well.""Veracode does not require any maintenance.""The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws.""What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities.""The security team can track the remediation and risk acceptance statistics."

More Veracode Pros →

Cons

"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well.""The solution has issues detecting intrusive methods."

More Kiuwan Insights Cons →

"Scanning large amounts of code can be a time-consuming process and there is scope for improvement.""The technical support service has room for improvement.""The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs.""It can be a bit complex because it takes a lot of time to have it complete the task.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""I would like Veracode to also have the ability to fix these flaws in a future release.""The UI is not user-friendly and can be improved.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."

More Veracode Cons →

Pricing and Cost Advice

"Pricing can be improved as well."

More Kiuwan Insights Pricing and Cost Advice →

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"The pricing is pretty high."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

"It's worth the value"

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

More Veracode Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.

See Recommendations

772,649 professionals have used our research since 2012.

Questions from the Community

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The SAST and DAST modules are great.

Read all 96 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Read all 66 answers →

Ranking

12th

out of 20 in Static Code Analysis

Views

114

Comparisons

Reviews

Average Words per Review

Rating

N/A

1st

out of 20 in Static Code Analysis

Views

5,895

Comparisons

3,861

Reviews

101

Average Words per Review

976

Rating

8.1

Comparisons

More Kiuwan Insights Competitors →

SonarQube vs. Veracode

Compared 26% of the time.

Checkmarx One vs. Veracode

Compared 14% of the time.

Fortify on Demand vs. Veracode

Compared 7% of the time.

Snyk vs. Veracode

Compared 6% of the time.

Fortify Static Code Analyzer vs. Veracode

Compared 3% of the time.

More Veracode Competitors →

Also Known As

Insights SCA

Crashtest Security , Veracode Detect

Learn More

Kiuwan

Veracode

Overview

Kiuwan Insights supports the continuity and integrity of open source management with a complete multi-technology solution that seamlessly integrates with key SDLC tools.

With Kiuwan Insights, you can identify and manage:

vulnerabilities,

compliance, and

operational risk

that may arise from using open source components.

Open source components are a significant and important part of commercial software today. Yet the use of these components introduces the risk of security vulnerabilities, as well as a need to ensure proper licensing and adherence to policies.

Automation is an essential strategy for detection of open source components and security vulnerabilities, compliance analysis, and policy enforcement.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Top Industries

No Data Available

REVIEWERS

Computer Software Company26%

Financial Services Firm23%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Financial Services Firm18%

Computer Software Company15%

Manufacturing Company8%

Government6%

Company Size

No Data Available

REVIEWERS

Small Business31%

Midsize Enterprise20%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise14%

Large Enterprise69%

Kiuwan Insights vs Veracode comparison