Kiuwan Reviews

I develop use cases to enhance code quality, and in the event of code vulnerabilities, I guide the team on how to address and rectify them.

It provides value by offering options to enhance both code quality and the security of the company.

There are limited alternatives from other libraries or dependencies to enhance the application which posed a challenge for me as it necessitated modifications across different cases. It's problematic since you might need to alter or replace everything for potential improvements.

I have been working with it for approximately two years and six months.

It offers good stability capabilities.

It could improve its scalability abilities.

We've worked with Checkmarx, Veracode and Fortify. I find Kiuwan to be more user-friendly, you can easily locate and download data. However, in certain processes, it might not be the most cost-effective option.

The initial setup was easy.

Overall, I would rate it eight out of ten.

We use the solution for in-house development. In one of the cases, we use it for some applications that we need to create something from scratch. 

What we are considering more than anything else is maybe its quality of performance. We are looking for security vulnerabilities. I'm an Information Security Officer and that's why we are looking for vulnerabilities more than the quality of the code or the performance, however, it's great that it gives more detailed information about performance and the quality of the code. I'm actually looking to try another technology, to see if there's something we can do around static tests.

The solution is stable.

The solution is scalable.

I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison.

When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. 

The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. 

There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free

We've had issues with technical support not being responsive enough. 

We also have had issues with the initial setup.

We've used the solution for around two years or so. It's been a while now. 

We have found the solution to be stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The solution can scale if you need it to. 

We're dealing with three customers that have this solution right now. 

We're working on some issues with some delays from the support team.

We are also using Tenable. 

We faced a lot of problems with the initial setup and support gave us difficulties around the installation. That made us a little bit confused. When you lose your servers for the week, it's not a good thing.

With support, we had to troubleshoot the issues and that took about eight working days. It took us around 11 days to overcome the issues and to upgrade. 

As an information security team, we were providing some services and were trying to make a vulnerability assessment. The security testing let us note a lot of vulnerabilities. We contacted support and it took us three months to overcome those particular issues.  

In terms of maintenance, we have system admins that just look to see if the servers are running or not, however, for managing the servers, the servers implementation security team will handle that.

We can likely find free open-source solutions that give us close to the quality we get with this solution. We'd rather not pay if we don't have to.

Customers must pay a yearly licensing fee. 

We got it from a partner. The partner is already connected to Kiuwan from Spain.

We are providing the Kiuwan solution for a small group of customers.

I'd rate the solution at an eight out of ten.

By far, the best feature we have found is the possibility of creating specific action plans that automatically determine the effort required by our teams in order to correct defects and ensure better code.

Code reviews have significantly improved, and it allows our teams to work together in a collaborative cloud environment.

More languages and frameworks would enhance this tool.

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent. They have a very solid documentation site, as well as in-app support.

Technical support is 9/10.

We previously used SonarQube. We have a portfolio of apps in different programming languages. With Sonar, our costs escalated too much, having to pay for plugins for each language.

Initial setup is very straightforward; plug and play.

We implemented it in-house with the aid of Kiuwan engineers.

We have had an improvement of 20% in our time to market and it significantly improved the quality of our code.

I believe pricing varies according to the size of your apps.

We looked at Fortify and Checkmarx, but the costs were way too high

We also use other features of the product. We scaled from security to the entire lifecycle and governance management of our stack, which has given us a full control over our application portfolio.

I use the solution for daily software development in our company.

I've found the reporting features the most helpful.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

The stability of the solution is all right.

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

We haven't used technical support. It's a very new tool for our company.

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

I am an information security manager and I collaborate with the software development team for implementation.

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

• Very easy to use
• Integration with Jenkins and JIRA
• Security support

Code reviews are quicker and more reliable.

• Indicators regarding metrics

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent.

Technical support is very good.

We previously used a different solution. I switched because of the quotes and security rules.

Initial setup is straightforward, no doubt.

An in-house team implemented it.

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

This solution is stable.

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

We haven't had any issues or need to engage with technical support.

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

The initial setup of this solution is very simple.

We performed the implementation ourselves.

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.

Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices.

It is the most effective tool for IT procurement managers and directors. Technical debt metrics and action plans oriented to rejected deliveries.

Kiuwan was used internally at Optimyth. We had no surprises derivated from security, performance, or maintainability issues.

DIfferent languages, such Spanish, Portuguese, and so on.

I've used this solution for three years.

No.

No.

An eight out of 10.

In other companies I have worked for, we moved to Kiuwan/Optimyth because of the accuracy and easiness of use and setup.

Also, most of my partners and customers have moved to Kiuwan due to the metrics and programming languages supported.

Not complex. I am a salesperson without tech training and I was able to use it

Nothing special. It's a very fair model.

CAST, Sonar, and Clarify.

If they need a tool to be used across your organization (technicians, managers, and directors), this is the tool.

Have highly qualified staff or consultancy provider (code quality and governance) to define the risk model to be used and measured with Kiuwan, this increases the ROI.