Kiuwan Reviews

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

This solution is stable.

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

We haven't had any issues or need to engage with technical support.

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

The initial setup of this solution is very simple.

We performed the implementation ourselves.

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.

We have just recently adopted this solution to use for our code security. We are still new to using these kinds of tools.

We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them. Customers look for problems in code, so it is better to perform tests and prove that our code is free from vulnerabilities beforehand.

This is standard here in Spain, where the customers use the same tools to check for vulnerabilities. If we are using the same tools then it is not possible for the customers to find different problems. If we are using different tools then maybe the results would be different. We want the customer's report to list the same issues.

So far, the tool has shown us four issues, and we are starting to clean the vulnerabilities.

This program is very easy to use. I can use this tool, and I am new to these kinds of tools.

Better integration with code repositories is something that we will need.

I would like to see better integration with the Visual Studio and Eclipse IDEs.

It would be helpful to have better testing for vulnerabilities in mobile development.

We have had no issues with stability since we started working with this solution.

Currently, we are using this tool about once a week. However, we want to extend this to using the tool on a daily basis. At the moment we are only using a single test, but we want it to be used by all of the developers on their normal day.

Our solution is in the cloud, so I don't think that we'll have any problem with scalability.

We have approximately twenty developers using this solution

We did have a support case with a customer, but I was on holiday and did not interact with technical support myself. I think that the support was quick and fine.

This is our first solution for code security.

The installation of this solution is easy.

This solution is cheaper than other tools.

We ran a project to evaluate solutions and we finally chose Kiuwan. For the evaluation, we weighed both price and technical aspects of the tool, equally. We found that this is a cheaper tool for the level of quality.

We tried putting the same piece of code into different tools. For example, in Java, the tools have similar results. So for Java, there's a low cost, and the preference is for the content of the coders. For mobile development, we are not too experienced, and it is not the perfect tool because the integration with certain products is very manual. The price, however, justifies adopting this product.

For the moment, this is a solution that I could recommend. It is a cheaper way for us to enter into working on code security.

The biggest lesson that I have learned to make sure that we do not have any big security issues during development. We are confident about the vulnerabilities that are being found in our Java code, but we are not sure about other languages such as Angular. This solution may not be able to detect all of the problems that are in the code.

I would rate this solution an eight out of ten.

I use the solution for daily software development in our company.

I've found the reporting features the most helpful.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

The stability of the solution is all right.

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

We haven't used technical support. It's a very new tool for our company.

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

I am an information security manager and I collaborate with the software development team for implementation.

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

I personally like the way it breaks down security vulnerabilities with LoC at first glance.

In our digital marketing efforts, our app is in continuous integration and having introduced this tool ensures we are always delivering safe code.

Perhaps more languages supported.

Six months.

None.

None.

None.

Haven't had any trouble.

So far, we've opened a couple of tickets and we got a prompt reply from their tech support team.

No.

It is very easy to deploy.

We did it ourselves.

Faster development of our app.

Nothing to add.

We looked at Sonar.

• We use Kiuwan to locate the source of application vulnerabilities.
• Saving time and money by automatically identifying problems is unbelievable.

We analyze the application code before the testing phase. We correct the most serious problems encountered and the applications are then more stable and safe when passed onto the testing phase.

The development-to-delivery phase.

We have been using Kiuwan for six months.

As a cloud solution, it was working from the first day, without any configuration necessary.

No, I did not.

No, I did not.

The customer service is always ready, using the live chat integration.

10 out of 10.

No, I did not.

No, it was automatic.

No, it wasn't necessary

I recommend contacting a sales person who will create the best plan payment plan for you, as we did.

Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices.

It is the most effective tool for IT procurement managers and directors. Technical debt metrics and action plans oriented to rejected deliveries.

Kiuwan was used internally at Optimyth. We had no surprises derivated from security, performance, or maintainability issues.

DIfferent languages, such Spanish, Portuguese, and so on.

I've used this solution for three years.

No.

No.

An eight out of 10.

In other companies I have worked for, we moved to Kiuwan/Optimyth because of the accuracy and easiness of use and setup.

Also, most of my partners and customers have moved to Kiuwan due to the metrics and programming languages supported.

Not complex. I am a salesperson without tech training and I was able to use it

Nothing special. It's a very fair model.

CAST, Sonar, and Clarify.

If they need a tool to be used across your organization (technicians, managers, and directors), this is the tool.

Have highly qualified staff or consultancy provider (code quality and governance) to define the risk model to be used and measured with Kiuwan, this increases the ROI.

We only used these products to do some demos. The feedback was very positive.

Our organization is a product distributor. We don’t use the product internally. But for the customers/leads we presented it to, they see that it can add a lot of value to validate what they receive from their providers.

From a maketing perspective, I would suggest demonstrating that using these tools will make money for the customer. The customer should have a clear vision of what they purchsed and what they received. They should push more technical articles on LinkedIn. There is always space to make things better, but for now, it is making a difference.

These products have some dreams, as I heard from some Dev Managers, but I’m sure that with a closer relationship, we can upscale that.

We are only showing the product to leads as demos.

The technical support is very good. We have received valid answers to our questions.

We had some experienced with Rational and Compuware, in addition to the APM tools that we distribute.

The pricing and licensing models are poor. If it has a SaaS, the hybrid solution will be enough.

We did very careful research of solutions on the market and chose this one for our demos.

“A fool with a tool is still a fool”. Chose somebody who can add the right processes, methods, and techniques to actually implement the customers' objectives. We try to build a eco-system to cross-sell our solutions.

There is a mix between maturity and money. That is the barrier to break before showing the customer that he is purchasing something without risks before he goes into production. They should focus on a product that adds value to the corporation.

• Constant evolution
• Software analytics for a lot of different languages including ABAP
• Excellent feedback
• Integration with SDLC tools
• API

SAP and no-SAP static source code analysis, including security integrated in the continuous delivery process of our SDLC.

I would like to see additional languages supported.

We have been using this solution for one and a half years.

There were no stability issues.

There were no scalability issues.

I would give technical support a rating of 9/10.

We used Sonar and we switches due to costs with ABAP and the iOS modules.

The initial setup could not be simpler. It is a SaaS solution. Integration with Jenkins and the local analyzer is a great solution.

Check with your account manager.

Integrate it with your SDLC.

The solution gave us a KPI regarding risk and quality in the development process.

I have found the security and QA in the source code to be most valuable. I test code to pass PCI DSS requirements. I have improved my QA acceptance process with risk evaluation.

The QA developer and security could be improved.

I have not encountered any issues with stability.

I have not encountered any issues with scalability.

I would give technical support a rating of 10 out of 10.

I did not use a different solution in the past.

The initial setup was easy.

I did not evaluate other options before choosing this one.

Try the solution and you will likely want to implement it into your organization. The solution will measure your development team, give a KPI for the CISO, reduce the time it takes to find and correct coding errors, and more.