We performed a comparison between Kiuwan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"We use Kiuwan to locate the source of application vulnerabilities."
"I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"I like that it provides a detailed report that lets you know the risk index and the vulnerability."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"The integration of static testing with our Azure DevOps CI pipeline was easy."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"The most valuable feature of Veracode is the binary scan feature for auditing, which allows us to audit the software without the source code."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"Before Veracode, the application was deployed to the production server and there would be a lot of bugs and issues. Once we implemented the Veracode scan, the full deployment issues were drastically reduced."
"Perhaps more languages supported."
"The next release should include more flexibility in the reporting."
"The configuration hasn't been that good."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"Integration of the programming tools could be improved."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"The product's UI has certain shortcomings, where improvements are required."
"It could improve its scalability abilities."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"They need to have a plug-in, a better integration with the development environment."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"Some important languages are not supported."
Kiuwan is ranked 22nd in Application Security Tools with 23 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Kiuwan is rated 8.6, while Veracode is rated 8.2. The top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Kiuwan is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and SonarCloud, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Kiuwan vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.