Try our new research platform with insights from 80,000+ expert users

Kiuwan vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Kiuwan
Ranking in Application Security Tools
28th
Ranking in Static Application Security Testing (SAST)
24th
Average Rating
8.6
Reviews Sentiment
7.0
Number of Reviews
23
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Application Security Tools
1st
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Software Development Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of Kiuwan is 1.1%, up from 1.0% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 25.1%, down from 26.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Mustufa Bhavnagarwala - PeerSpot reviewer
Though a stable tool, the UI needs improvement
Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"It provides value by offering options to enhance both code quality and the security of the company."
"​We use Kiuwan to locate the source of application vulnerabilities."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I've found the reporting features the most helpful."
"The solution has a plug-in that supports both C and C++ languages."
"Before you even compile, it can catch known vulnerability issues or patterns."
"We advise all of our developers to have this solution in place."
"The software quality gate streamlines the product's quality."
"This solution is simple to use and can be quickly deployed."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"Some of the most valuable features have been the latest up-to-date of the OWASP, the monitoring, the reporting, and the ease of use with the IDE plugins, in terms of integration."
"The depth features I have found most valuable. You receive a quick comprehensive comparison overview regarding the current release and the last release and what type of depths dependency or duplication should be used. This is going to help you to make a more readable code and have more flexibility for the engineers to understand how things should work when they do not know."
 

Cons

"The next release should include more flexibility in the reporting."
"The configuration hasn't been that good."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"The development-to-delivery phase."
"The product's UI has certain shortcomings, where improvements are required."
"It could improve its scalability abilities."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"Perhaps more languages supported."
"The product's user documentation can be vastly improved."
"The handling of the contents of Docker container images could be better."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"SonarQube could be improved with more dynamic testing—basically, now, it's a static code analysis scan. For example, when the developer writes the code and does the corresponding unit test, he can cover functional and non-functional. So the SonarQube could be improved by helping to execute unit tests and test dynamically, using various parameters, and to help detect any vulnerabilities. Currently, it'll just give the test case and say whether it passes or fails—it won't give you any other input or dynamic testing. They could use artificial intelligence to build a feature that would help developers identify and fix issues in the early stages, which would help us deliver the product and reduce costs. Another area with room for improvement is in regard to automating things, since the process currently needs to be done manually."
"It does not provide deeper scanning of vulnerabilities in an application, on a live session. This is something we are not happy about. Maybe the reason for that is we are running the community edition currently, but other editions may improve on that aspect."
"For improvement, this solution could be offered on Docker and the cloud and the support for this solution could be improved. Customizing rules could also be made simpler."
 

Pricing and Cost Advice

"Check with your account manager."
"The price of Kiuwan is lower than that of other tools on the market."
"It follows a subscription model. I think the price is somewhere in the middle."
"Kiuwan is an open-source solution and free to use."
"Nothing special. It's a very fair model."
"I recommend contacting a sales person who will create the best plan payment plan for you, as we did."
"This solution is cheaper than other tools."
"The price of this solution is more expensive than competitors. However, it works better than competitors."
"My guess is that we have a yearly subscription. We use it quite extensively, so a monthly license wouldn't make sense. Yearly subscriptions are usually cheaper. In addition to the standard licensing fee, there is just the cost of running the hardware where it is hosted."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"The price of the solution could be reduced."
"I requested this license for one million lines of code and they accepted this."
"It's an open-source solution, with no additional costs."
"It's an open-source product."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Comms Service Provider
6%
Insurance Company
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Kiuwan?
The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report.
What is your experience regarding pricing and costs for Kiuwan?
I'm not entirely sure about the price and business aspects, but I assume Checkmarx might be less expensive. I think Checkmarx might offer more affordable options, especially in its smaller business...
What needs improvement with Kiuwan?
Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran...
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
 

Also Known As

No data available
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial
Information Not Available
Find out what your peers are saying about Kiuwan vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.