We performed a comparison between Kiuwan Insights and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Code Analysis solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I have found the interface to be perfect."
"Can help in reducing the number of false positives."
"The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards."
"I can have quick results by just uploading compiled components."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion."
"I like Veracode's ease of integration with various cloud platforms and tools."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"This static analysis helps ensure a secure application rollout across all environments."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"The solution has issues detecting intrusive methods."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"On-premise implementation is not available."
"The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it."
"False positives are a problem. Sometimes the flow paths are not accurate and don't represent real attack vectors, but this happens with every application that performs static analysis of the code. But it's under control. The number of false positives is not so high that it is unmanageable on our side."
"Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects."
Earn 20 points
Kiuwan Insights is ranked 12th in Static Code Analysis while Veracode is ranked 1st in Static Code Analysis with 194 reviews. Kiuwan Insights is rated 4.0, while Veracode is rated 8.2. The top reviewer of Kiuwan Insights writes "Protects problematic libraries; sorely lacking in customer services". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Kiuwan Insights is most compared with , whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Kiuwan Insights vs. Veracode report.
See our list of best Static Code Analysis vendors.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.