Try our new research platform with insights from 80,000+ expert users
Head of Development and Consulting at Logalty
Real User
Helps us find security vulnerabilities in our code before our customers do
Pros and Cons
  • "We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
  • "I would like to see better integration with the Visual Studio and Eclipse IDEs."

What is our primary use case?

We have just recently adopted this solution to use for our code security. We are still new to using these kinds of tools.

How has it helped my organization?

We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them. Customers look for problems in code, so it is better to perform tests and prove that our code is free from vulnerabilities beforehand.

This is standard here in Spain, where the customers use the same tools to check for vulnerabilities. If we are using the same tools then it is not possible for the customers to find different problems. If we are using different tools then maybe the results would be different. We want the customer's report to list the same issues.

So far, the tool has shown us four issues, and we are starting to clean the vulnerabilities.

What is most valuable?

This program is very easy to use. I can use this tool, and I am new to these kinds of tools.

What needs improvement?

Better integration with code repositories is something that we will need.

I would like to see better integration with the Visual Studio and Eclipse IDEs.

It would be helpful to have better testing for vulnerabilities in mobile development.

Buyer's Guide
Kiuwan
November 2024
Learn what your peers think about Kiuwan. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

We have been using this solution for about two months.

What do I think about the stability of the solution?

We have had no issues with stability since we started working with this solution.

Currently, we are using this tool about once a week. However, we want to extend this to using the tool on a daily basis. At the moment we are only using a single test, but we want it to be used by all of the developers on their normal day.

What do I think about the scalability of the solution?

Our solution is in the cloud, so I don't think that we'll have any problem with scalability.

We have approximately twenty developers using this solution

How are customer service and support?

We did have a support case with a customer, but I was on holiday and did not interact with technical support myself. I think that the support was quick and fine.

Which solution did I use previously and why did I switch?

This is our first solution for code security.

How was the initial setup?

The installation of this solution is easy.

What's my experience with pricing, setup cost, and licensing?

This solution is cheaper than other tools.

Which other solutions did I evaluate?

We ran a project to evaluate solutions and we finally chose Kiuwan. For the evaluation, we weighed both price and technical aspects of the tool, equally. We found that this is a cheaper tool for the level of quality.

We tried putting the same piece of code into different tools. For example, in Java, the tools have similar results. So for Java, there's a low cost, and the preference is for the content of the coders. For mobile development, we are not too experienced, and it is not the perfect tool because the integration with certain products is very manual. The price, however, justifies adopting this product.

What other advice do I have?

For the moment, this is a solution that I could recommend. It is a cheaper way for us to enter into working on code security.

The biggest lesson that I have learned to make sure that we do not have any big security issues during development. We are confident about the vulnerabilities that are being found in our Java code, but we are not sure about other languages such as Angular. This solution may not be able to detect all of the problems that are in the code.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Partner at a tech services company with 51-200 employees
Consultant
Provides the ability to create specific action plans that determine the effort required by our teams to correct defects and ensure better code.

What is most valuable?

By far, the best feature we have found is the possibility of creating specific action plans that automatically determine the effort required by our teams in order to correct defects and ensure better code.

How has it helped my organization?

Code reviews have significantly improved, and it allows our teams to work together in a collaborative cloud environment.

What needs improvement?

More languages and frameworks would enhance this tool.

For how long have I used the solution?

I have used it for three years.

What was my experience with deployment of the solution?

We have not encountered any deployment issues.

What do I think about the stability of the solution?

We have not encountered any stability issues.

What do I think about the scalability of the solution?

We have not encountered any scalability issues.

How are customer service and technical support?

Customer Service:

Customer service is excellent. They have a very solid documentation site, as well as in-app support.

Technical Support:

Technical support is 9/10.

Which solution did I use previously and why did I switch?

We previously used SonarQube. We have a portfolio of apps in different programming languages. With Sonar, our costs escalated too much, having to pay for plugins for each language.

How was the initial setup?

Initial setup is very straightforward; plug and play.

What about the implementation team?

We implemented it in-house with the aid of Kiuwan engineers.

What was our ROI?

We have had an improvement of 20% in our time to market and it significantly improved the quality of our code.

What's my experience with pricing, setup cost, and licensing?

I believe pricing varies according to the size of your apps.

Which other solutions did I evaluate?

We looked at Fortify and Checkmarx, but the costs were way too high

What other advice do I have?

We also use other features of the product. We scaled from security to the entire lifecycle and governance management of our stack, which has given us a full control over our application portfolio.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Kiuwan
November 2024
Learn what your peers think about Kiuwan. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
reviewer1452225 - PeerSpot reviewer
Test Engineer at a tech company with 501-1,000 employees
Real User
A scalable tool with quality analysis and good technical support
Pros and Cons
  • "The solution offers very good technical support."
  • "The solution seems to give us a lot of false positives. This could be improved quite a bit."

What is our primary use case?

We analyze all the portfolio of applications from the customer. The customer is within the government of Spain. We analyze all their applications. On the portfolio of publications, we run analyses from all the applications.

What is most valuable?

From the tool itself, the developer can run an analysis with the same quality. With this tool, every developer has the opportunity to do an unlimited analysis.

The solution can scale well.

The solution offers very good technical support.

It's quite a stable product.

What needs improvement?

I'm still working on learning all the specifics of the tool; it's quite new to me.

The solution seems to give us a lot of false positives. This could be improved quite a bit.

The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.

For how long have I used the solution?

I've been using the solution for about a year now.

What do I think about the stability of the solution?

The stability at this time is very good. It doesn't have bugs or glitches and it doesn't crash or freeze. It's very, very reliable.

What do I think about the scalability of the solution?

You can definitely scale the solution. However, if you want to analyze more, of course, you have to pay more. This might be limiting if you are an organization that has a specific budget.

In our organization, we have 1,000 users approximately on the solution.

How are customer service and technical support?

The technical support is very good. They are responsive and are very knowledgeable. We are satisfied with their level of service at this time.

How was the initial setup?

In terms of setting up the solution, you only have to download a client to make the analysis. In the local environment, you also only need Java 1.8 and an internet connection to make an analysis. You have to worry about working in the configuration and administration of the users of the quality models. It's pretty easy.

What's my experience with pricing, setup cost, and licensing?

I don't handle the payments or licensing aspects of the solution, therefore, I can't speak to the exact cost of the product. I only administer the tool.

That said, it's my understanding that, if you need to analyze more, you do need to pay more for the solution.

Which other solutions did I evaluate?

It was too difficult for us to evaluate different solutions. That said, I recall the other options being, for example, Veracode and SonarQube. There may have been more options that we considered evaluating as well, however, I don't recall the names of them.

What other advice do I have?

We're just a customer.

We are using the latest version of the solution.

Overall, I would rate the solution eight out of ten. It's worked quite well for us so far.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Real User
Supports continuous integration tools.

Our client requests our expertise to audit their business-critical applications. Before using Kiuwan, we were using other solutions. We switched to Kiuwan for 8 reasons:

  1. Ease of use and deployment: No hidden expenses, no complex deployment or complex administration. At last, we were able to help our clients to focus on improving quality without getting delayed by infrastructure issues. Upgrades are done automatically, no migration...
  2. Clear licensing model: Kiuwan has different licensing models, all easy to understand. We were able to select the model suitable to our client needs without paying extra money for unwanted features.
  3. Technology coverage: Kiuwan covers most of the known technologies including mobile applications.
  4. The quality model: We have the complete freedom to customise the quality model, per application, per technology or per client. On the ground, every application has its own context and should be monitored differently with a different quality model. Having the possibility to customise the quality model, to modify existing rules configuration or to remove some is a must and with Kiuwan, we can do it easily. Developing new rules was never that easy; Kiuwan have the best tools to develop new rules. 
  5. Integration: Kiuwan supports continuous integration tools. Beside that, most of the features, like launching an analysis, or creating reports, can be automated.  Once the analysis is industrialised, all we to have to do is focus on providing recommendations to improve quality, nothing else.
  6. Speed of analysis: Do you know any other tools that can analyse 2.5 millions line of code in 3 hours? The tools we used before took 15 hours for a single analysis on the same code. Real time saving.
  7. Support team: We can chat with the support team directly from the interface. This saves us lot of time, when we have a question or facing a critical issue. The support team is always here, reliable and fast. We had most of our questions answered in a couple of hours.
  8. Great features: Follow-up quality evolution, compare analysis versions to detect new or removed defects, define and prioritise action plans, security analysis, governance dashboard. We have all we need to help our clients set up SLAs, detect risks, repair critical issues...

With Kiwuan, we were able to help our clients get a better visibility of their development activities and to mitigate risks. We are using Kiuwan for 4 years now and we are getting good feedback from our clients.

What could be improved:

Kiuwan has two levels of KPIs, compared to ISO 9126-3 that defines 3 levels of KPIs. Adopting the ISO 9126-3 model definitively simplifies quality investigations. But the ISO 9126-3 makes the action plan management (or improvement plan) more tricky. Maybe a way of improving the quality model in Kiuwan would be adding the ISO 9126-3 model on top of the existing model to simplify investigations without complicating the action plan management.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partnership
PeerSpot user
Information Security Manager and Business Continuity Manager at a legal firm with 51-200 employees
Real User
Helpful reporting features and is easy to understand
Pros and Cons
  • "I've found the reporting features the most helpful."
  • "The next release should include more flexibility in the reporting."

What is our primary use case?

I use the solution for daily software development in our company.

What is most valuable?

I've found the reporting features the most helpful.

What needs improvement?

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

For how long have I used the solution?

I've been using the solution for three months.

What do I think about the stability of the solution?

The stability of the solution is all right.

What do I think about the scalability of the solution?

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

How are customer service and technical support?

We haven't used technical support. It's a very new tool for our company.

How was the initial setup?

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

What about the implementation team?

I am an information security manager and I collaborate with the software development team for implementation.

What was our ROI?

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

Which other solutions did I evaluate?

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

What other advice do I have?

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
CEO at a tech services company
Real User
Adds value to our customers to validate what they receive.

What is most valuable?

We only used these products to do some demos. The feedback was very positive.

How has it helped my organization?

Our organization is a product distributor. We don’t use the product internally. But for the customers/leads we presented it to, they see that it can add a lot of value to validate what they receive from their providers.

What needs improvement?

From a maketing perspective, I would suggest demonstrating that using these tools will make money for the customer. The customer should have a clear vision of what they purchsed and what they received. They should push more technical articles on LinkedIn. There is always space to make things better, but for now, it is making a difference.

These products have some dreams, as I heard from some Dev Managers, but I’m sure that with a closer relationship, we can upscale that.

For how long have I used the solution?

We are only showing the product to leads as demos.

How are customer service and technical support?

The technical support is very good. We have received valid answers to our questions.

Which solution did I use previously and why did I switch?

We had some experienced with Rational and Compuware, in addition to the APM tools that we distribute.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing models are poor. If it has a SaaS, the hybrid solution will be enough.

Which other solutions did I evaluate?

We did very careful research of solutions on the market and chose this one for our demos.

What other advice do I have?

“A fool with a tool is still a fool”. Chose somebody who can add the right processes, methods, and techniques to actually implement the customers' objectives. We try to build a eco-system to cross-sell our solutions.

There is a mix between maturity and money. That is the barrier to break before showing the customer that he is purchasing something without risks before he goes into production. They should focus on a product that adds value to the corporation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Technical Team Lead at a tech services company with 10,001+ employees
Real User
Integration with Jenkins and JIRA, and the security support, are valuable.

What is most valuable?

  • Very easy to use
  • Integration with Jenkins and JIRA
  • Security support

How has it helped my organization?

Code reviews are quicker and more reliable.

What needs improvement?

  • Indicators regarding metrics

For how long have I used the solution?

I have used it for three years.

What was my experience with deployment of the solution?

We have not encountered any deployment issues.

What do I think about the stability of the solution?

We have not encountered any stability issues.

What do I think about the scalability of the solution?

We have not encountered any scalability issues.

How are customer service and technical support?

Customer Service:

Customer service is excellent.

Technical Support:

Technical support is very good.

Which solution did I use previously and why did I switch?

We previously used a different solution. I switched because of the quotes and security rules.

How was the initial setup?

Initial setup is straightforward, no doubt.

What about the implementation team?

An in-house team implemented it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Software Architect at Digital Solution Foundry (Pty) Ltd
Real User
A usable and friendly interface, and is helping to improve the quality of our development process
Pros and Cons
  • "The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
  • "I would like to see better integration with Azure DevOps in the next release of this solution."

What is our primary use case?

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

How has it helped my organization?

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

What is most valuable?

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

What needs improvement?

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

For how long have I used the solution?

We have been using this solution for eight months.

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

How are customer service and technical support?

We haven't had any issues or need to engage with technical support.

Which solution did I use previously and why did I switch?

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

How was the initial setup?

The initial setup of this solution is very simple.

What about the implementation team?

We performed the implementation ourselves.

What other advice do I have?

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Kiuwan Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Kiuwan Report and get advice and tips from experienced pros sharing their opinions.