Kiuwan Reviews

By far, the best feature we have found is the possibility of creating specific action plans that automatically determine the effort required by our teams in order to correct defects and ensure better code.

Code reviews have significantly improved, and it allows our teams to work together in a collaborative cloud environment.

More languages and frameworks would enhance this tool.

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent. They have a very solid documentation site, as well as in-app support.

Technical support is 9/10.

We previously used SonarQube. We have a portfolio of apps in different programming languages. With Sonar, our costs escalated too much, having to pay for plugins for each language.

Initial setup is very straightforward; plug and play.

We implemented it in-house with the aid of Kiuwan engineers.

We have had an improvement of 20% in our time to market and it significantly improved the quality of our code.

I believe pricing varies according to the size of your apps.

We looked at Fortify and Checkmarx, but the costs were way too high

We also use other features of the product. We scaled from security to the entire lifecycle and governance management of our stack, which has given us a full control over our application portfolio.

We use the solution for in-house development. In one of the cases, we use it for some applications that we need to create something from scratch. 

What we are considering more than anything else is maybe its quality of performance. We are looking for security vulnerabilities. I'm an Information Security Officer and that's why we are looking for vulnerabilities more than the quality of the code or the performance, however, it's great that it gives more detailed information about performance and the quality of the code. I'm actually looking to try another technology, to see if there's something we can do around static tests.

The solution is stable.

The solution is scalable.

I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison.

When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. 

The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. 

There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free

We've had issues with technical support not being responsive enough. 

We also have had issues with the initial setup.

We've used the solution for around two years or so. It's been a while now. 

We have found the solution to be stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The solution can scale if you need it to. 

We're dealing with three customers that have this solution right now. 

We're working on some issues with some delays from the support team.

We are also using Tenable. 

We faced a lot of problems with the initial setup and support gave us difficulties around the installation. That made us a little bit confused. When you lose your servers for the week, it's not a good thing.

With support, we had to troubleshoot the issues and that took about eight working days. It took us around 11 days to overcome the issues and to upgrade. 

As an information security team, we were providing some services and were trying to make a vulnerability assessment. The security testing let us note a lot of vulnerabilities. We contacted support and it took us three months to overcome those particular issues.  

In terms of maintenance, we have system admins that just look to see if the servers are running or not, however, for managing the servers, the servers implementation security team will handle that.

We can likely find free open-source solutions that give us close to the quality we get with this solution. We'd rather not pay if we don't have to.

Customers must pay a yearly licensing fee. 

We got it from a partner. The partner is already connected to Kiuwan from Spain.

We are providing the Kiuwan solution for a small group of customers.

I'd rate the solution at an eight out of ten.

We analyze all the portfolio of applications from the customer. The customer is within the government of Spain. We analyze all their applications. On the portfolio of publications, we run analyses from all the applications.

From the tool itself, the developer can run an analysis with the same quality. With this tool, every developer has the opportunity to do an unlimited analysis.

The solution can scale well.

The solution offers very good technical support.

It's quite a stable product.

I'm still working on learning all the specifics of the tool; it's quite new to me.

The solution seems to give us a lot of false positives. This could be improved quite a bit.

The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.

I've been using the solution for about a year now.

The stability at this time is very good. It doesn't have bugs or glitches and it doesn't crash or freeze. It's very, very reliable.

You can definitely scale the solution. However, if you want to analyze more, of course, you have to pay more. This might be limiting if you are an organization that has a specific budget.

In our organization, we have 1,000 users approximately on the solution.

The technical support is very good. They are responsive and are very knowledgeable. We are satisfied with their level of service at this time.

In terms of setting up the solution, you only have to download a client to make the analysis. In the local environment, you also only need Java 1.8 and an internet connection to make an analysis. You have to worry about working in the configuration and administration of the users of the quality models. It's pretty easy.

I don't handle the payments or licensing aspects of the solution, therefore, I can't speak to the exact cost of the product. I only administer the tool.

That said, it's my understanding that, if you need to analyze more, you do need to pay more for the solution.

It was too difficult for us to evaluate different solutions. That said, I recall the other options being, for example, Veracode and SonarQube. There may have been more options that we considered evaluating as well, however, I don't recall the names of them.

We're just a customer.

We are using the latest version of the solution.

Overall, I would rate the solution eight out of ten. It's worked quite well for us so far.

I use the solution for daily software development in our company.

I've found the reporting features the most helpful.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

The stability of the solution is all right.

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

We haven't used technical support. It's a very new tool for our company.

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

I am an information security manager and I collaborate with the software development team for implementation.

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

We only used these products to do some demos. The feedback was very positive.

Our organization is a product distributor. We don’t use the product internally. But for the customers/leads we presented it to, they see that it can add a lot of value to validate what they receive from their providers.

From a maketing perspective, I would suggest demonstrating that using these tools will make money for the customer. The customer should have a clear vision of what they purchsed and what they received. They should push more technical articles on LinkedIn. There is always space to make things better, but for now, it is making a difference.

These products have some dreams, as I heard from some Dev Managers, but I’m sure that with a closer relationship, we can upscale that.

We are only showing the product to leads as demos.

The technical support is very good. We have received valid answers to our questions.

We had some experienced with Rational and Compuware, in addition to the APM tools that we distribute.

The pricing and licensing models are poor. If it has a SaaS, the hybrid solution will be enough.

We did very careful research of solutions on the market and chose this one for our demos.

“A fool with a tool is still a fool”. Chose somebody who can add the right processes, methods, and techniques to actually implement the customers' objectives. We try to build a eco-system to cross-sell our solutions.

There is a mix between maturity and money. That is the barrier to break before showing the customer that he is purchasing something without risks before he goes into production. They should focus on a product that adds value to the corporation.

• Very easy to use
• Integration with Jenkins and JIRA
• Security support

Code reviews are quicker and more reliable.

• Indicators regarding metrics

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent.

Technical support is very good.

We previously used a different solution. I switched because of the quotes and security rules.

Initial setup is straightforward, no doubt.

An in-house team implemented it.

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

This solution is stable.

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

We haven't had any issues or need to engage with technical support.

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

The initial setup of this solution is very simple.

We performed the implementation ourselves.

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.