Kiuwan Insights vs Veracode comparison

Kiuwan and Veracode are both solutions in the Static Code Analysis category. Kiuwan is ranked #13, while Veracode is ranked #1 with an average rating of 8.1. Kiuwan holds a 1.2% mindshare in SCAS, compared to Veracode’s 21.0% mindshare. Additionally, 90% of Veracode users are willing to recommend the solution.

Kiuwan Insights

Read 2 Kiuwan Insights reviews

103 Views
66 Comparison Views

0% willing to recommend

Veracode

Read 197 Veracode reviews

5,842 Views
4,057 Comparison Views

90% willing to recommend

Kiuwan Insights

Veracode

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Kiuwan Insights and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Code Analysis solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Kiuwan Insights vs. Veracode Report (Updated: October 2024).

Buyer's Guide

Kiuwan Insights vs. Veracode

October 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Kiuwan Insights

Ranking in Static Code Analysis

13th

Average Rating

4.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Veracode

Ranking in Static Code Analysis

1st

Average Rating

8.2

Number of Reviews

197

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (4th), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (3rd), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of November 2024, in the Static Code Analysis category, the mindshare of Kiuwan Insights is 1.2%, down from 1.3% compared to the previous year. The mindshare of Veracode is 21.0%, up from 17.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Code Analysis

Featured Reviews

Felix Esteban

Head of Development and Consulting at Logalty

Nov 22, 2021

Protects problematic libraries; sorely lacking in customer services

Our primary use case of this solution is to reduce our risks. I'm head of development and consulting. Insights is valuable at protecting a problematic library and enabling you to reduce the number of false positives. As opposed to other solutions on the market, Insights doesn't know whether or…

Read full review

Sajal Sharma

Test Analyst - Security at Net solutions India Pvt.

Aug 6, 2024

Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards

It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I have found the interface to be perfect."

"Can help in reducing the number of false positives."

"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."

"The integration of static testing with our Azure DevOps CI pipeline was easy."

"We use Veracode static analysis during development to eliminate vulnerability issues"

"Developer Sandboxes help move scanning earlier within the SDLC."

"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."

"The product provides guidance to develop secure software."

"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."

"It gives me an idea about the most important vulnerabilities and fast remediation tips."

More Veracode pros

Cons

"The solution has issues detecting intrusive methods."

"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."

"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."

"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."

"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."

"They should improve on the static scanning time."

"The zip file scanning has room for improvement."

"All areas of the solution could use some improvement."

"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."

"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."

More Veracode cons

Pricing and Cost Advice

"Pricing can be improved as well."

"Veracode's price is high. I would like them to better optimize their pricing."

"The pricing is pretty high."

"Veracode is affordable for large organizations, but its pricing may be out of reach for small and medium companies."

"When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project."

"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."

"The pricing is fair."

"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."

"It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it only for 10 of them. But the other solutions are also expensive, so it wasn't a differentiator."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

No data available

Financial Services Firm

18%

Computer Software Company

16%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

What do you like most about Veracode?

The SAST and DAST modules are great.

See all answers

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

See all answers

Comparisons

No data available

SonarQube Server (formerly SonarQube) vs Veracode

Compared 24% of the time

Checkmarx One vs Veracode

Compared 13% of the time

Fortify on Demand vs Veracode

Compared 7% of the time

Snyk vs Veracode

Compared 6% of the time

GitHub Advanced Security vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Buyer's Guide

Static Code Analysis

November 2024

Download Kiuwan Insights product report

Buyer's Guide

Veracode

October 2024

Download Veracode product report

Also Known As

Insights SCA

Crashtest Security , Veracode Detect

Learn More

Kiuwan

Veracode

Overview

Kiuwan Insights supports the continuity and integrity of open source management with a complete multi-technology solution that seamlessly integrates with key SDLC tools.

With Kiuwan Insights, you can identify and manage:

vulnerabilities,

compliance, and

operational risk

that may arise from using open source components.

Open source components are a significant and important part of commercial software today. Yet the use of these components introduces the risk of security vulnerabilities, as well as a need to ensure proper licensing and adherence to policies.

Automation is an essential strategy for detection of open source components and security vulnerabilities, compliance analysis, and policy enforcement.

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Buyer's Guide

Kiuwan Insights vs. Veracode

October 2024

Free Report: Kiuwan Insights vs. Veracode

Find out what your peers are saying about Kiuwan Insights vs. Veracode and other solutions. Updated: October 2024.

DOWNLOAD NOW

814,649 professionals have used our research since 2012.

See our Kiuwan Insights vs. Veracode report.

See our list of best Static Code Analysis vendors.

We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.