Kiuwan vs Snyk comparison

Kiuwan and Snyk are both solutions in the Application Security Tools category. Kiuwan is ranked #19 with an average rating of 7.8, while Snyk is ranked #4 with an average rating of 7.9. Kiuwan holds a 1.0% mindshare in AS, compared to Snyk’s 7.6% mindshare. Additionally, 93% of Kiuwan users are willing to recommend the solution, compared to 100% of Snyk users who would recommend it.

Kiuwan

Read 23 Kiuwan reviews

1,613 Views
1,288 Comparison Views

93% willing to recommend

Snyk

Read 44 Snyk reviews

13,724 Views
10,048 Comparison Views

100% willing to recommend

Kiuwan

Snyk

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Kiuwan and Snyk compete in the software security analysis category. Snyk tends to have the upper hand due to its efficient integration capabilities and focus on open-source vulnerabilities.

Features: Kiuwan offers broad security analysis and provides detailed insights. It is praised for its extensive coverage of potential security threats. On the other hand, Snyk focuses on open-source vulnerabilities, offers seamless DevOps integration, and provides modern and flexible solutions that integrate smoothly into existing development workflows.

Room for Improvement: Kiuwan faces challenges with integration options and performance speed issues. Users also express a need for better support documentation. Snyk users desire more detailed reporting capabilities and express a need for improvements in user interface navigation. Some users also request enhanced customization options for reports.

Ease of Deployment and Customer Service: Kiuwan offers diverse deployment options but requires a cumbersome initial setup. Its complexity in deployment is noted as a barrier for some users. In contrast, Snyk is favored for its straightforward deployment process. It provides responsive customer service, and its ease of deployment is a significant advantage noted by users compared to Kiuwan's more complicated setup.

Pricing and ROI: Kiuwan is initially more cost-effective, offering lower upfront costs. However, Snyk users perceive greater long-term value, with a higher return on investment due to its impactful features. While Kiuwan's initial pricing is attractive, Snyk users justify its price because of the strategic feature set and higher perceived ROI.

To learn more, read our detailed Kiuwan vs. Snyk Report (Updated: December 2024).

Buyer's Guide

Kiuwan vs. Snyk

December 2024

Download the complete report

Helped 824,053 peers since 2012

Categories and Ranking

Kiuwan

Ranking in Application Security Tools

19th

Average Rating

8.6

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (15th)

Snyk

Ranking in Application Security Tools

4th

Average Rating

8.2

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Container Security (7th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Kiuwan is 1.0%, down from 1.1% compared to the previous year. The mindshare of Snyk is 7.6%, down from 8.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Anshul Anshul

Sr. Manager at Wipro Limited

Efficient and accurate scanning, and detailed analysis

In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further. Another issue I've encountered is that Kiuwan only looks at the version of components and doesn't take into account any workaround fixes that have been implemented at the code level. This can result in false positives being reported. Additionally, these issues are in the "insights" tab and not in the code base security aspect. Lastly, when muting findings that are false positives, there should be an option to see the only available at the code level rather than at the organization level because it can lead to missing vulnerabilities if they are muted at the org level. An additional feature that would be helpful is the ability to easily download reports from Kiuwan. Specifically, in the "insights" tab, we have been encountering an error when trying to download the PDF report. We are able to download the code-based security report, but not the insights report. This has been an ongoing issue for the past couple of months and would be beneficial if it could be resolved. My main recommendation would be to address the issues with downloading reports that we have been experiencing. Additionally, it would be helpful if Kiuwan could support a wider range of programming languages, as there are currently some that are not compatible with the tool. If the code of a particular application falls under the category which is not compatible with Kiuwan, then it will not be able to scan it.

Read full review

Jayashree Acharyya

Director at PepsiCo

Used for image scanning and identifying vulnerabilities, but its integration with other services could be improved

The solution has improved or streamlined our process a lot for securing container images. We wanted to make sure we are deploying the secure Docker images. Snyk allowed us to check whether it is following our standard of docker images or not. We use Azure DevOps as our platform, and Snyk's integration with Azure DevOps was okay. However, Snyk's integration with JFrog Artifactory didn't go well. We use JFrog Artifactory to store the artifacts we download. We wanted to integrate Snyk with JFrog Artifactory to scan the binary artifacts we downloaded, but that broke our JFrog Artifactory for some reason. Instead of using it there, we are calling it directly from the pipeline. Snyk's automation features significantly reduced remediation times a couple of times. Sometimes, our developers scan the code from the environment and find some Java vulnerabilities. We fixed those vulnerabilities in the lower environment itself. The solution does not require any maintenance. The accuracy of Snyk's vulnerability detection is pretty good compared to other tools. I rate the solution's vulnerability detection feature an eight out of ten. I would recommend Snyk to other users because it is easy to implement and integrate with Azure DevOps and GitHub. Overall, I rate the solution a seven out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."

"Software analytics for a lot of different languages including ABAP."

"The solution has a continuous integration process."

"The solution offers very good technical support."

"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."

"I've found the reporting features the most helpful."

"I have found the security and QA in the source code to be most valuable."

"The feature that I have found the most valuable in Kiuwan is the speed of scanning. Compared to other SaaS tools I have used, Kiuwan is much quicker in performing scans. I have not yet used it on a large code base, but from what I have experienced, it is efficient and accurate. Additionally, I have used it both manually and in an automated pipeline, and both methods have been effective. The speed of scanning is what makes it valuable to me."

More Kiuwan pros

"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."

"The solution's vulnerability database, in terms of comprehensiveness and accuracy, is very high-level. As far as I know, it's the best among their competitors."

"Provides clear information and is easy to follow with good feedback regarding code practices."

"Snyk's focus on security is a valuable feature. Also Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite. I find the AI-powered scanning overall beneficial.Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities."

"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."

"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."

"Snyk performs software composition analysis (SCA) similar to other expensive tools."

"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."

More Snyk pros

Cons

"The next release should include more flexibility in the reporting."

"It could improve its scalability abilities."

"I would like to see additional languages supported."

"I would like to see better integration with Azure DevOps in the next release of this solution."

"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."

"The solution seems to give us a lot of false positives. This could be improved quite a bit."

"The product's UI has certain shortcomings, where improvements are required."

"The development-to-delivery phase."

More Kiuwan cons

"The feature for automatic fixing of security breaches could be improved."

"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."

"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."

"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."

"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."

"The tool's initial use is complex."

"Basically the licensing costs are a little bit expensive."

"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."

More Snyk cons

Pricing and Cost Advice

"It follows a subscription model. I think the price is somewhere in the middle."

"This solution is cheaper than other tools."

"The price of Kiuwan is lower than that of other tools on the market."

"Check with your account manager."

"Nothing special. It's a very fair model."

"I recommend contacting a sales person who will create the best plan payment plan for you, as we did."

"Kiuwan is an open-source solution and free to use."

"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."

"It's good value. That's the primary thing. It's not cheap-cheap, but it's good value."

"The product has good pricing."

"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."

"We are using the open-source version for the scans."

"Snyk is an expensive solution."

"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."

"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."

More Snyk pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Comms Service Provider

Insurance Company

Financial Services Firm

16%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Kiuwan?

The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report.

See all answers

What is your experience regarding pricing and costs for Kiuwan?

I'm not entirely sure about the price and business aspects, but I assume Checkmarx might be less expensive. I think Checkmarx might offer more affordable options, especially in its smaller business...

See all answers

What needs improvement with Kiuwan?

Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran...

See all answers

How does Snyk compare with SonarQube?

Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...

See all answers

What do you like most about Snyk?

The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.

See all answers

What needs improvement with Snyk?

Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Kiuwan

Compared 55% of the time

Checkmarx One vs Kiuwan

Compared 10% of the time

Veracode vs Kiuwan

Compared 9% of the time

Fortify on Demand vs Kiuwan

Compared 5% of the time

SonarQube Cloud (formerly SonarCloud) vs Kiuwan

Compared 4% of the time

More Kiuwan Competitors

GitHub Advanced Security vs Snyk

Compared 13% of the time

SonarQube Server (formerly SonarQube) vs Snyk

Compared 11% of the time

Black Duck vs Snyk

Compared 10% of the time

Wiz vs Snyk

Compared 7% of the time

Fortify Static Code Analyzer vs Snyk

Compared 6% of the time

More Snyk Competitors

Product Reports

Buyer's Guide

Kiuwan

December 2024

Download Kiuwan product report

Buyer's Guide

Snyk

November 2024

Download Snyk product report

Learn More

Kiuwan

Snyk

Overview

Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.

We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.

Benefits of Snyk

Some of the benefits of using Snyk include:

Conserves resources: Snyk easily integrates with other security solutions and uses their security features to ensure that the work that users are doing is completely secure. These integrations allow them to protect themselves without pulling resources from their continued integration or continued delivery workflows. Resources can be conserved for areas of the greatest need.

Highly flexible: Snyk enables users to customize the system’s security automation features to meet their needs. Users can guarantee that the automation performs the functions that are most essential for their current project. Additionally, users are able to maintain platform governance consistency across their system.

Keeps users ahead of emerging threats. Snyk employs a database of threats that help it detect and keep track of potential issues. This database is constantly being updated to reflect the changes that take place in the realm of cybersecurity. It also uses machine learning. Users are prepared to deal with new issues as they arise.

Automatically scans projects for threats. Snyk’s command-line interface enables users to schedule the solution to run automatic scans of their projects. Time and manpower can be conserved for the areas of greatest need without sacrificing security.

Reviews from Real Users

Snyk is a security platform for developers that stands out among its competitors for a number of reasons. Two major ones are its ability to integrate with other security solutions and important insights that it can enable users to discover. Snyk enables users to combine its already existing security features with those of other solutions to create far more robust and flexible layers of security than what it can supply on its own. It gives users the ability to dig into the security issues that they may experience. Users are given a clear view of the root causes of these problems. This equips them to address the problem and prevent similar issues in the future.

Cameron G., a security software engineer at a tech company, writes, “The most valuable features are their GitLab and JIRA integrations.The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using. Snyk is something of a bridge that we use; we get our projects into it and then get the information out of it. Those two integrations are crucial for us to be able to do that pretty simply.”

Sean M., the chief information security officer of a technology vendor, writes, "From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that."

Sample Customers

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial

StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief

Buyer's Guide

Kiuwan vs. Snyk

December 2024

Free Report: Kiuwan vs. Snyk

Find out what your peers are saying about Kiuwan vs. Snyk and other solutions. Updated: December 2024.

DOWNLOAD NOW

824,053 professionals have used our research since 2012.

See our Kiuwan vs. Snyk report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.