Kiuwan Reviews

We have just recently adopted this solution to use for our code security. We are still new to using these kinds of tools.

We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them. Customers look for problems in code, so it is better to perform tests and prove that our code is free from vulnerabilities beforehand.

This is standard here in Spain, where the customers use the same tools to check for vulnerabilities. If we are using the same tools then it is not possible for the customers to find different problems. If we are using different tools then maybe the results would be different. We want the customer's report to list the same issues.

So far, the tool has shown us four issues, and we are starting to clean the vulnerabilities.

This program is very easy to use. I can use this tool, and I am new to these kinds of tools.

Better integration with code repositories is something that we will need.

I would like to see better integration with the Visual Studio and Eclipse IDEs.

It would be helpful to have better testing for vulnerabilities in mobile development.

We have had no issues with stability since we started working with this solution.

Currently, we are using this tool about once a week. However, we want to extend this to using the tool on a daily basis. At the moment we are only using a single test, but we want it to be used by all of the developers on their normal day.

Our solution is in the cloud, so I don't think that we'll have any problem with scalability.

We have approximately twenty developers using this solution

We did have a support case with a customer, but I was on holiday and did not interact with technical support myself. I think that the support was quick and fine.

This is our first solution for code security.

The installation of this solution is easy.

This solution is cheaper than other tools.

We ran a project to evaluate solutions and we finally chose Kiuwan. For the evaluation, we weighed both price and technical aspects of the tool, equally. We found that this is a cheaper tool for the level of quality.

We tried putting the same piece of code into different tools. For example, in Java, the tools have similar results. So for Java, there's a low cost, and the preference is for the content of the coders. For mobile development, we are not too experienced, and it is not the perfect tool because the integration with certain products is very manual. The price, however, justifies adopting this product.

For the moment, this is a solution that I could recommend. It is a cheaper way for us to enter into working on code security.

The biggest lesson that I have learned to make sure that we do not have any big security issues during development. We are confident about the vulnerabilities that are being found in our Java code, but we are not sure about other languages such as Angular. This solution may not be able to detect all of the problems that are in the code.

I would rate this solution an eight out of ten.

By far, the best feature we have found is the possibility of creating specific action plans that automatically determine the effort required by our teams in order to correct defects and ensure better code.

Code reviews have significantly improved, and it allows our teams to work together in a collaborative cloud environment.

More languages and frameworks would enhance this tool.

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent. They have a very solid documentation site, as well as in-app support.

Technical support is 9/10.

We previously used SonarQube. We have a portfolio of apps in different programming languages. With Sonar, our costs escalated too much, having to pay for plugins for each language.

Initial setup is very straightforward; plug and play.

We implemented it in-house with the aid of Kiuwan engineers.

We have had an improvement of 20% in our time to market and it significantly improved the quality of our code.

I believe pricing varies according to the size of your apps.

We looked at Fortify and Checkmarx, but the costs were way too high

We also use other features of the product. We scaled from security to the entire lifecycle and governance management of our stack, which has given us a full control over our application portfolio.

We analyze all the portfolio of applications from the customer. The customer is within the government of Spain. We analyze all their applications. On the portfolio of publications, we run analyses from all the applications.

From the tool itself, the developer can run an analysis with the same quality. With this tool, every developer has the opportunity to do an unlimited analysis.

The solution can scale well.

The solution offers very good technical support.

It's quite a stable product.

I'm still working on learning all the specifics of the tool; it's quite new to me.

The solution seems to give us a lot of false positives. This could be improved quite a bit.

The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.

I've been using the solution for about a year now.

The stability at this time is very good. It doesn't have bugs or glitches and it doesn't crash or freeze. It's very, very reliable.

You can definitely scale the solution. However, if you want to analyze more, of course, you have to pay more. This might be limiting if you are an organization that has a specific budget.

In our organization, we have 1,000 users approximately on the solution.

The technical support is very good. They are responsive and are very knowledgeable. We are satisfied with their level of service at this time.

In terms of setting up the solution, you only have to download a client to make the analysis. In the local environment, you also only need Java 1.8 and an internet connection to make an analysis. You have to worry about working in the configuration and administration of the users of the quality models. It's pretty easy.

I don't handle the payments or licensing aspects of the solution, therefore, I can't speak to the exact cost of the product. I only administer the tool.

That said, it's my understanding that, if you need to analyze more, you do need to pay more for the solution.

It was too difficult for us to evaluate different solutions. That said, I recall the other options being, for example, Veracode and SonarQube. There may have been more options that we considered evaluating as well, however, I don't recall the names of them.

We're just a customer.

We are using the latest version of the solution.

Overall, I would rate the solution eight out of ten. It's worked quite well for us so far.

I use the solution for daily software development in our company.

I've found the reporting features the most helpful.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

The stability of the solution is all right.

The solution offers complete scalability. I'm not looking to increase usage at the moment, however.

We haven't used technical support. It's a very new tool for our company.

I would rate the complexity of setup as a medium. It's not the easiest, but it's not the most complex. Deployment takes about six months. We have four staff members for deployment and maintenance.

I am an information security manager and I collaborate with the software development team for implementation.

At this point, we do not see any ROI because at this moment we do not have any business that is completely dependant on this particular tool. I think in the next month we will have that.

We compared Kiuwan with other local solutions in Spain. We found Kiuwan had the best rates and price capabilities.

I advise using Kiuwan because it's very straightforward and totally easy to understand. It's also easy to deploy.

I would rate this solution as 8 out of 10.

We only used these products to do some demos. The feedback was very positive.

Our organization is a product distributor. We don’t use the product internally. But for the customers/leads we presented it to, they see that it can add a lot of value to validate what they receive from their providers.

From a maketing perspective, I would suggest demonstrating that using these tools will make money for the customer. The customer should have a clear vision of what they purchsed and what they received. They should push more technical articles on LinkedIn. There is always space to make things better, but for now, it is making a difference.

These products have some dreams, as I heard from some Dev Managers, but I’m sure that with a closer relationship, we can upscale that.

We are only showing the product to leads as demos.

The technical support is very good. We have received valid answers to our questions.

We had some experienced with Rational and Compuware, in addition to the APM tools that we distribute.

The pricing and licensing models are poor. If it has a SaaS, the hybrid solution will be enough.

We did very careful research of solutions on the market and chose this one for our demos.

“A fool with a tool is still a fool”. Chose somebody who can add the right processes, methods, and techniques to actually implement the customers' objectives. We try to build a eco-system to cross-sell our solutions.

There is a mix between maturity and money. That is the barrier to break before showing the customer that he is purchasing something without risks before he goes into production. They should focus on a product that adds value to the corporation.

• Very easy to use
• Integration with Jenkins and JIRA
• Security support

Code reviews are quicker and more reliable.

• Indicators regarding metrics

I have used it for three years.

We have not encountered any deployment issues.

We have not encountered any stability issues.

We have not encountered any scalability issues.

Customer service is excellent.

Technical support is very good.

We previously used a different solution. I switched because of the quotes and security rules.

Initial setup is straightforward, no doubt.

An in-house team implemented it.

We are a solution provider, and we are using this solution with one of our clients.

The primary use case for this solution is security and vulnerability testing. We are currently integrating this solution into our software development process.

We have a public cloud deployment.

This solution has improved the quality of the process, in general. This solution helps us to catch issues early on, and find problems that we never knew we had. This results in things being more secure.

The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating.

The interface is usable and friendly.

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

This solution is stable.

We haven't encountered any issues with the scalability of this solution. It is fine.

There are five or six users who are using this solution actively. There are software developers, a solution architect, and a lead developer. The solution is just being incorporated into our process.

We haven't had any issues or need to engage with technical support.

We are also using SonarQube in parallel with this solution. SonarQube is a good product, but I prefer Kiuwan from a functional perspective.

The initial setup of this solution is very simple.

We performed the implementation ourselves.

This is a solution that I recommend.

The biggest lesson that I have learned from using this software is that we weren't as secure as we had thought. You think that you have pretty decent security until you get the tool and see where you are short. 

I would rate this solution a nine out of ten.