We performed a comparison between Kiuwan Insights and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Code Analysis solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Can help in reducing the number of false positives."
"I have found the interface to be perfect."
"The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end."
"It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well."
"Veracode does not require any maintenance."
"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"The security team can track the remediation and risk acceptance statistics."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"The solution has issues detecting intrusive methods."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"The technical support service has room for improvement."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"It can be a bit complex because it takes a lot of time to have it complete the task."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"I would like Veracode to also have the ability to fix these flaws in a future release."
"The UI is not user-friendly and can be improved."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
Earn 20 points
Kiuwan Insights is ranked 12th in Static Code Analysis while Veracode is ranked 1st in Static Code Analysis with 194 reviews. Kiuwan Insights is rated 4.0, while Veracode is rated 8.2. The top reviewer of Kiuwan Insights writes "Protects problematic libraries; sorely lacking in customer services". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Kiuwan Insights is most compared with , whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Kiuwan Insights vs. Veracode report.
See our list of best Static Code Analysis vendors.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.