Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.
Cyber Security Engineer at a tech services company with 11-50 employees
Real User
Top 10
2023-11-09T12:41:22Z
Nov 9, 2023
There are limited alternatives from other libraries or dependencies to enhance the application which posed a challenge for me as it necessitated modifications across different cases. It's problematic since you might need to alter or replace everything for potential improvements.
In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further. Another issue I've encountered is that Kiuwan only looks at the version of components and doesn't take into account any workaround fixes that have been implemented at the code level. This can result in false positives being reported. Additionally, these issues are in the "insights" tab and not in the code base security aspect. Lastly, when muting findings that are false positives, there should be an option to see the only available at the code level rather than at the organization level because it can lead to missing vulnerabilities if they are muted at the org level. An additional feature that would be helpful is the ability to easily download reports from Kiuwan. Specifically, in the "insights" tab, we have been encountering an error when trying to download the PDF report. We are able to download the code-based security report, but not the insights report. This has been an ongoing issue for the past couple of months and would be beneficial if it could be resolved. My main recommendation would be to address the issues with downloading reports that we have been experiencing. Additionally, it would be helpful if Kiuwan could support a wider range of programming languages, as there are currently some that are not compatible with the tool. If the code of a particular application falls under the category which is not compatible with Kiuwan, then it will not be able to scan it.
When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free We've had issues with technical support not being responsive enough. We also have had issues with the initial setup.
Information Security Specialist at a tech company with 51-200 employees
Real User
2021-05-06T07:57:06Z
May 6, 2021
The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.
Test Engineer at a tech company with 501-1,000 employees
Real User
2020-11-19T16:01:57Z
Nov 19, 2020
I'm still working on learning all the specifics of the tool; it's quite new to me. The solution seems to give us a lot of false positives. This could be improved quite a bit. The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.
Improvement could be made with the integration of the programming tools. The solution provides some integration tools but for now we're not using these tools very much because it's expensive and we don't get much return. In the future we might be more interested. They could also improve repositories in the solution. I also think the coding could be improved technically and include some features that could be valuable for enterprise companies.
Software Architect at Digital Solution Foundry (Pty) Ltd
Real User
2019-09-05T05:37:00Z
Sep 5, 2019
The rate of false positives, where it reports issues that are not really issues, can be improved. Scanning of vulnerabilities on open-source projects is not particularly useful as it is. I would like to see better integration with Azure DevOps in the next release of this solution.
Better integration with code repositories is something that we will need. I would like to see better integration with the Visual Studio and Eclipse IDEs. It would be helpful to have better testing for vulnerabilities in mobile development.
Information Security Manager and Business Continuity Manager at a legal firm with 51-200 employees
Real User
2019-07-07T06:35:00Z
Jul 7, 2019
I do not have a clear idea about what could be better. I feel like the general tool is pretty good. The next release should include more flexibility in the reporting.
Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.
We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.
Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.
There are limited alternatives from other libraries or dependencies to enhance the application which posed a challenge for me as it necessitated modifications across different cases. It's problematic since you might need to alter or replace everything for potential improvements.
In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further. Another issue I've encountered is that Kiuwan only looks at the version of components and doesn't take into account any workaround fixes that have been implemented at the code level. This can result in false positives being reported. Additionally, these issues are in the "insights" tab and not in the code base security aspect. Lastly, when muting findings that are false positives, there should be an option to see the only available at the code level rather than at the organization level because it can lead to missing vulnerabilities if they are muted at the org level. An additional feature that would be helpful is the ability to easily download reports from Kiuwan. Specifically, in the "insights" tab, we have been encountering an error when trying to download the PDF report. We are able to download the code-based security report, but not the insights report. This has been an ongoing issue for the past couple of months and would be beneficial if it could be resolved. My main recommendation would be to address the issues with downloading reports that we have been experiencing. Additionally, it would be helpful if Kiuwan could support a wider range of programming languages, as there are currently some that are not compatible with the tool. If the code of a particular application falls under the category which is not compatible with Kiuwan, then it will not be able to scan it.
Kiuwan should charge based on usage
When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free We've had issues with technical support not being responsive enough. We also have had issues with the initial setup.
The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.
I'm still working on learning all the specifics of the tool; it's quite new to me. The solution seems to give us a lot of false positives. This could be improved quite a bit. The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.
Improvement could be made with the integration of the programming tools. The solution provides some integration tools but for now we're not using these tools very much because it's expensive and we don't get much return. In the future we might be more interested. They could also improve repositories in the solution. I also think the coding could be improved technically and include some features that could be valuable for enterprise companies.
The rate of false positives, where it reports issues that are not really issues, can be improved. Scanning of vulnerabilities on open-source projects is not particularly useful as it is. I would like to see better integration with Azure DevOps in the next release of this solution.
Better integration with code repositories is something that we will need. I would like to see better integration with the Visual Studio and Eclipse IDEs. It would be helpful to have better testing for vulnerabilities in mobile development.
I do not have a clear idea about what could be better. I feel like the general tool is pretty good. The next release should include more flexibility in the reporting.