Try our new research platform with insights from 80,000+ expert users

Kiuwan Insights vs Veracode comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Kiuwan Insights
Ranking in Static Code Analysis
13th
Average Rating
4.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Code Analysis
1st
Average Rating
8.2
Number of Reviews
197
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (4th), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (3rd), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of November 2024, in the Static Code Analysis category, the mindshare of Kiuwan Insights is 1.2%, down from 1.3% compared to the previous year. The mindshare of Veracode is 21.0%, up from 17.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Code Analysis
 

Featured Reviews

FE
Nov 22, 2021
Protects problematic libraries; sorely lacking in customer services
Our primary use case of this solution is to reduce our risks. I'm head of development and consulting.  Insights is valuable at protecting a problematic library and enabling you to reduce the number of false positives. As opposed to other solutions on the market, Insights doesn't know whether or…
Sajal Sharma - PeerSpot reviewer
Aug 6, 2024
Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards
It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have found the interface to be perfect."
"Can help in reducing the number of false positives."
"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."
"The integration of static testing with our Azure DevOps CI pipeline was easy."
"We use Veracode static analysis during development to eliminate vulnerability issues"
"Developer Sandboxes help move scanning earlier within the SDLC."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"The product provides guidance to develop secure software."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"It gives me an idea about the most important vulnerabilities and fast remediation tips."
 

Cons

"The solution has issues detecting intrusive methods."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"They should improve on the static scanning time."
"The zip file scanning has room for improvement."
"All areas of the solution could use some improvement."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
 

Pricing and Cost Advice

"Pricing can be improved as well."
"Veracode's price is high. I would like them to better optimize their pricing."
"The pricing is pretty high."
"Veracode is affordable for large organizations, but its pricing may be out of reach for small and medium companies."
"When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project."
"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
"The pricing is fair."
"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
"It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it only for 10 of them. But the other solutions are also expensive, so it wasn't a differentiator."
report
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
18%
Computer Software Company
16%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Comparisons

No data available
 

Also Known As

Insights SCA
Crashtest Security , Veracode Detect
 

Learn More

 

Overview

 

Sample Customers

Information Not Available
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about Kiuwan Insights vs. Veracode and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.