We performed a comparison between Kiuwan and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"The solution has a continuous integration process."
"It provides value by offering options to enhance both code quality and the security of the company."
"The solution offers very good technical support."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"We use Kiuwan to locate the source of application vulnerabilities."
"Software analytics for a lot of different languages including ABAP."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"The most valuable features are the segregation containment and the suspension of product services."
"We consider it a handy tool that helps to resolve our issues immediately."
"The initial setup is simple. It requires some security, but it's simple."
"The good thing with SonarQube is it covers a lot of issues, it's a very robust framework."
"We have the software metrics that SonarQube gives us, which is something we did not have before. This helps us work towards aiming coding standards to empower us to move in the direction of better code quality. SonarQube provides targets and metrics for that."
"The configuration hasn't been that good."
"I would like to see better integration with Azure DevOps in the next release of this solution."
"It could improve its scalability abilities."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"DIfferent languages, such Spanish, Portuguese, and so on."
"The next release should include more flexibility in the reporting."
"The development-to-delivery phase."
"Perhaps more languages supported."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"There are limitations to the free version that limit development options as far as languages."
"If I configure a project in SonarQube, it generates a token. When we're compiling our code with SonarQube, we have to provide the token for security reasons. If IP-based connectivity is established with the solution, the project should automatically be populated without providing any additional token. It will be easy to provide just the IP address. It currently supports this functionality, but it makes a different branch in the project dashboard. From the configuration and dashboard point of view, it should have some transformations. There can be dashboard integration so that we can configure the dashboard for different purposes."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"It would be better if SonarQube provided a good UI for external configuration."
Kiuwan is ranked 22nd in Application Security Tools with 23 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Kiuwan is rated 8.6, while SonarQube is rated 8.0. The top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Kiuwan is most compared with Checkmarx One, Snyk, Veracode, Fortify on Demand and SonarCloud, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk. See our Kiuwan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.