We performed a comparison between Checkmarx One and Kiuwan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"Both automatic and manual code review (CxQL) are valuable."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It shows in-depth code of where actual vulnerabilities are."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I like that it provides a detailed report that lets you know the risk index and the vulnerability."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The solution has a continuous integration process."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"The solution offers very good technical support."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"I would like to see the DAST solution in the future."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"The pricing can get a bit expensive, depending on the company's size."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"The configuration hasn't been that good."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"The QA developer and security could be improved."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"The development-to-delivery phase."
"Perhaps more languages supported."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Kiuwan is ranked 21st in Application Security Tools with 23 reviews. Checkmarx One is rated 7.6, while Kiuwan is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand and Snyk, whereas Kiuwan is most compared with SonarQube, Veracode, Snyk, Fortify on Demand and SonarCloud. See our Checkmarx One vs. Kiuwan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
