We just raised a $30M Series A: Read our story

Kiuwan OverviewUNIXBusinessApplication

Kiuwan is #14 ranked solution in AST tools and #15 ranked solution in application security tools. IT Central Station users give Kiuwan an average rating of 8 out of 10. Kiuwan is most commonly compared to SonarQube:Kiuwan vs SonarQube. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is Kiuwan?

Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.

We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: November 2021

Kiuwan Customers

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial

Kiuwan Video

Pricing Advice

What users are saying about Kiuwan pricing:
  • "It follows a subscription model. I think the price is somewhere in the middle."

Kiuwan Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Layth Mansour
Information Security Officer at Umniah
Real User
Top 5
Scalable with good remediation capabilities and good stabilty

Pros and Cons

  • "I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
  • "The configuration hasn't been that good."

What is our primary use case?

We use the solution for in-house development. In one of the cases, we use it for some applications that we need to create something from scratch. 

What we are considering more than anything else is maybe its quality of performance. We are looking for security vulnerabilities. I'm an Information Security Officer and that's why we are looking for vulnerabilities more than the quality of the code or the performance, however, it's great that it gives more detailed information about performance and the quality of the code. I'm actually looking to try another technology, to see if there's something we can do around static tests.

What is most valuable?

The solution is stable.

The solution is scalable.

I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison.

What needs improvement?

When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. 

The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. 

There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free

We've had issues with technical support not being responsive enough. 

We also have had issues with the initial setup.

For how long have I used the solution?

We've used the solution for around two years or so. It's been a while now. 

What do I think about the stability of the solution?

We have found the solution to be stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The solution can scale if you need it to. 

We're dealing with three customers that have this solution right now. 

How are customer service and technical support?

We're working on some issues with some delays from the support team.

Which solution did I use previously and why did I switch?

We are also using Tenable. 

How was the initial setup?

We faced a lot of problems with the initial setup and support gave us difficulties around the installation. That made us a little bit confused. When you lose your servers for the week, it's not a good thing.

With support, we had to troubleshoot the issues and that took about eight working days. It took us around 11 days to overcome the issues and to upgrade. 

As an information security team, we were providing some services and were trying to make a vulnerability assessment. The security testing let us note a lot of vulnerabilities. We contacted support and it took us three months to overcome those particular issues.  

In terms of maintenance, we have system admins that just look to see if the servers are running or not, however, for managing the servers, the servers implementation security team will handle that.

What's my experience with pricing, setup cost, and licensing?

We can likely find free open-source solutions that give us close to the quality we get with this solution. We'd rather not pay if we don't have to.

Customers must pay a yearly licensing fee. 

What other advice do I have?

We got it from a partner. The partner is already connected to Kiuwan from Spain.

We are providing the Kiuwan solution for a small group of customers.

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
FP
Test Engineer at a tech company with 501-1,000 employees
Real User
Top 20
A scalable tool with quality analysis and good technical support

Pros and Cons

  • "The solution offers very good technical support."
  • "The solution seems to give us a lot of false positives. This could be improved quite a bit."

What is our primary use case?

We analyze all the portfolio of applications from the customer. The customer is within the government of Spain. We analyze all their applications. On the portfolio of publications, we run analyses from all the applications.

What is most valuable?

From the tool itself, the developer can run an analysis with the same quality. With this tool, every developer has the opportunity to do an unlimited analysis.

The solution can scale well.

The solution offers very good technical support.

It's quite a stable product.

What needs improvement?

I'm still working on learning all the specifics of the tool; it's quite new to me.

The solution seems to give us a lot of false positives. This could be improved quite a bit.

The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.

For how long have I used the solution?

I've been using the solution for about a year now.

What do I think about the stability of the solution?

The stability at this time is very good. It doesn't have bugs or glitches and it doesn't crash or freeze. It's very, very reliable.

What do I think about the scalability of the solution?

You can definitely scale the solution. However, if you want to analyze more, of course, you have to pay more. This might be limiting if you are an organization that has a specific budget.

In our organization, we have 1,000 users approximately on the solution.

How are customer service and technical support?

The technical support is very good. They are responsive and are very knowledgeable. We are satisfied with their level of service at this time.

How was the initial setup?

In terms of setting up the solution, you only have to download a client to make the analysis. In the local environment, you also only need Java 1.8 and an internet connection to make an analysis. You have to worry about working in the configuration and administration of the users of the quality models. It's pretty easy.

What's my experience with pricing, setup cost, and licensing?

I don't handle the payments or licensing aspects of the solution, therefore, I can't speak to the exact cost of the product. I only administer the tool.

That said, it's my understanding that, if you need to analyze more, you do need to pay more for the solution.

Which other solutions did I evaluate?

It was too difficult for us to evaluate different solutions. That said, I recall the other options being, for example, Veracode and SonarQube. There may have been more options that we considered evaluating as well, however, I don't recall the names of them.

What other advice do I have?

We're just a customer.

We are using the latest version of the solution.

Overall, I would rate the solution eight out of ten. It's worked quite well for us so far.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Kiuwan, SonarSource, Veracode and others in Application Security. Updated: November 2021.
554,586 professionals have used our research since 2012.
Felix Esteban
Head of Development and Consulting at Logalty
Real User
Top 20
Continuous integration process enables us to make the best in terms of security

Pros and Cons

  • "The solution has a continuous integration process."
  • "Integration of the programming tools could be improved."

What is our primary use case?

Our primary use case is to focus on and discover the vulnerabilities in our code, to clean the code and to make it safer and more secure for our customers. We are a customer of Kiuwan and sell it to our customers. We employ an analyzer for our coding.

What is most valuable?

The most valuable feature of the solution is the continuous integration process. This enables us to make the best in terms of security of our solution and not introduce new mistakes. Problems are solved step by step. 

What needs improvement?

Improvement could be made with the integration of the programming tools. The solution provides some integration tools but for now we're not using these tools very much because it's expensive and we don't get much return. In the future we might be more interested. They could also improve repositories in the solution. I also think the coding could be improved technically and include some features that could be valuable for enterprise companies.

For how long have I used the solution?

I've been using this solution for about one year. 

What do I think about the stability of the solution?

It's a stable solution 

What do I think about the scalability of the solution?

I don't think there would be problems with scalability. 

How are customer service and technical support?

I've used the technical support sometimes but we haven't had a lot of issues. There is also a call centre and they respond quickly. For the moment, support is good. 

Which solution did I use previously and why did I switch?

The key for success of this solution in relation to other similar solutions is that it's a flexible solution.

How was the initial setup?

The initial setup was very straightforward. It's a cloud solution so after you sign the contract you have the solution. You just need to create the users, do the tutorials, it's simple. There's no deployment because it's a cloud service, you might just need to download a local analyzer.  We have an external consultant who performed the dynamic analysis of our code. 

What's my experience with pricing, setup cost, and licensing?

With this solution you only pay for the total amount of lines of code and it's a reasonable cost. 

What other advice do I have?

The solution is easy to work with. It takes a day or two to get used to it but after that it's easy to use and there's enough documentation in the tool. We haven't had problems using it. 

I would rate this product an eight out of 10. It's not perfect but it's good for us. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RK
Information Security Specialist at a tech company with 51-200 employees
Real User
Top 20
An application security platform that provides detailed reports about the risk index

Pros and Cons

  • "I like that it provides a detailed report that lets you know the risk index and the vulnerability."
  • "The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."

What is our primary use case?

I'm currently working at a FinTech company, and we normally use Kiuwan for code analysis. This helps us ensure that our product complies with proper codes.

What is most valuable?

I like that it provides a detailed report that lets you know the risk index and the vulnerability.

What needs improvement?

The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.

For how long have I used the solution?

I have been using Kiuwan since 2019.

What do I think about the stability of the solution?

I'm not sure if it's stable, but it's working fine.

What do I think about the scalability of the solution?

I don't know if it's scalable, but we have about 30 to 60 users. It all depends on the scope of the project. If they have made the last point of implementation, then we can perform the code analysis.

What's my experience with pricing, setup cost, and licensing?

It follows a subscription model. I think the price is somewhere in the middle. 

What other advice do I have?

I would recommend this solution to new users.

On a scale from one to ten, I would give Kiuwan an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate