Kiuwan Reviews

We use the solution for in-house development. In one of the cases, we use it for some applications that we need to create something from scratch. 

What we are considering more than anything else is maybe its quality of performance. We are looking for security vulnerabilities. I'm an Information Security Officer and that's why we are looking for vulnerabilities more than the quality of the code or the performance, however, it's great that it gives more detailed information about performance and the quality of the code. I'm actually looking to try another technology, to see if there's something we can do around static tests.

The solution is stable.

The solution is scalable.

I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison.

When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. 

The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. 

There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free

We've had issues with technical support not being responsive enough. 

We also have had issues with the initial setup.

We've used the solution for around two years or so. It's been a while now. 

We have found the solution to be stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The solution can scale if you need it to. 

We're dealing with three customers that have this solution right now. 

We're working on some issues with some delays from the support team.

We are also using Tenable. 

We faced a lot of problems with the initial setup and support gave us difficulties around the installation. That made us a little bit confused. When you lose your servers for the week, it's not a good thing.

With support, we had to troubleshoot the issues and that took about eight working days. It took us around 11 days to overcome the issues and to upgrade. 

As an information security team, we were providing some services and were trying to make a vulnerability assessment. The security testing let us note a lot of vulnerabilities. We contacted support and it took us three months to overcome those particular issues.  

In terms of maintenance, we have system admins that just look to see if the servers are running or not, however, for managing the servers, the servers implementation security team will handle that.

We can likely find free open-source solutions that give us close to the quality we get with this solution. We'd rather not pay if we don't have to.

Customers must pay a yearly licensing fee. 

We got it from a partner. The partner is already connected to Kiuwan from Spain.

We are providing the Kiuwan solution for a small group of customers.

I'd rate the solution at an eight out of ten.

By far, the best feature we have found is the possibility of creating specific action plans that automatically determine the effort required by our teams in order to correct defects and ensure better code.

Code reviews have significantly improved, and it allows our teams to work together in a collaborative cloud environment.

More languages and frameworks would enhance this tool.

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent. They have a very solid documentation site, as well as in-app support.

Technical support is 9/10.

We previously used SonarQube. We have a portfolio of apps in different programming languages. With Sonar, our costs escalated too much, having to pay for plugins for each language.

Initial setup is very straightforward; plug and play.

We implemented it in-house with the aid of Kiuwan engineers.

We have had an improvement of 20% in our time to market and it significantly improved the quality of our code.

I believe pricing varies according to the size of your apps.

We looked at Fortify and Checkmarx, but the costs were way too high

We also use other features of the product. We scaled from security to the entire lifecycle and governance management of our stack, which has given us a full control over our application portfolio.

I use the solution for daily software development in our company.

I've found the reporting features the most helpful.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

The stability of the solution is all right.

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

We haven't used technical support. It's a very new tool for our company.

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

I am an information security manager and I collaborate with the software development team for implementation.

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

Our company produces a financial application, and we use Kiuwan for vulnerability testing. Kiuwan scans our code to detect some security issues. 

Kiuwan has enabled us to give our customers peace of mind through early identification of code vulnerabilities and remediation before delivery to the customer.

I like that I can scan the code locally on my device. When the local analyzer finishes, the results display on the dashboard in the Cloud. Actually Kiuwan allows to scan code both locally and in the cloud, but It's essential for security purposes to be able to scan my code locally.

Kiuwan should charge based on usage

I've been using Kiuwan for two years.

Kiuwan is stable, but we have some issues when they perform system maintenance. We cannot access the platform for a couple of hours max. It's happened twice in one year, but it's not that bad because this tool isn't critical for our operation. 

It's easy to scale up Kiuwan.

Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat.

Neutral

Kiuwan was pretty easy to set up. We simply installed the local analyzer and configured the dashboard with some rules to apply to our code. It wasn't that hard. 

Kiuwan is not as expensive as the other solutions. We pay according to the number of lines of code that have been hired to scan, whether it scans or not. That's the downside.

I rate Kiuwan nine out of 10. I think it's an excellent platform, and I'd recommend Kiuwan.

• Very easy to use
• Integration with Jenkins and JIRA
• Security support

Code reviews are quicker and more reliable.

• Indicators regarding metrics

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent.

Technical support is very good.

We previously used a different solution. I switched because of the quotes and security rules.

Initial setup is straightforward, no doubt.

An in-house team implemented it.

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

This solution is stable.

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

We haven't had any issues or need to engage with technical support.

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

The initial setup of this solution is very simple.

We performed the implementation ourselves.

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.

Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices.

It is the most effective tool for IT procurement managers and directors. Technical debt metrics and action plans oriented to rejected deliveries.

Kiuwan was used internally at Optimyth. We had no surprises derivated from security, performance, or maintainability issues.

DIfferent languages, such Spanish, Portuguese, and so on.

I've used this solution for three years.

No.

No.

An eight out of 10.

In other companies I have worked for, we moved to Kiuwan/Optimyth because of the accuracy and easiness of use and setup.

Also, most of my partners and customers have moved to Kiuwan due to the metrics and programming languages supported.

Not complex. I am a salesperson without tech training and I was able to use it

Nothing special. It's a very fair model.

CAST, Sonar, and Clarify.

If they need a tool to be used across your organization (technicians, managers, and directors), this is the tool.

Have highly qualified staff or consultancy provider (code quality and governance) to define the risk model to be used and measured with Kiuwan, this increases the ROI.