2018-08-12 08:55:00 UTC

Which would you recommend to a colleague, Kiuwan or SonarQube?


One of the most popular comparisons on IT Central Station is Kiuwan vs SonarQube.

One user says about Kiuwan, "It is the most effective tool for IT procurement managers and directors. It includes technical debt metrics and is action plan oriented to rejected deliveries."

Another user says about SonarQube, "A usual addition to this tool is the IntelliJ plugin called SonarLint, which integrates into your IDE. Then, it allows you to run the convention rules file by file and receive immediate feedback when making changes. This removes the need to push to the server before finding out what issues you need to resolve."


In your opinion, which is better and why?


Guest
44 Answers
author avatar
Vendor

It's generally better to test for security early in the SDLC so my choice would be Sonarqube over Kiuwan because it includes static application security testing.

2018-08-15 02:57:38 UTC
author avatar
Vendor

It depends on your role and what you're trying to accomplish. If you're trying to harden your own code then a tool that does SAST or static code analysis like SonarQube is a great idea. For example, Parasoft C/C++test is the only tool that has full support for every rule in the CERT-C standard. If you're trying to secure applications that aren't yours, systems, etc., then SAST tools aren't for you. You have to have the code for them to be useful.

2018-08-14 23:39:02 UTC
author avatar
User

I’m sorry, I don’t know Kiuwan – so it’s hard for me to tell.

What I can say is that SonarQube is fairly common here in Brazil, many organizations are using it. So I suspect it must be a good AST tool.

2018-08-15 00:58:50 UTC
author avatar
User

Depending on the application that you are developing and the complexity, you need to be able to ensure that the application is secure along with APIs , its libraries and operating system and kernel interactions. Therefore it is eminently sensible to ensure you have taken all steps to remove any security risk or known threat in the deployed application. Any toolsets that address this and to enable metrics, rules, and customisation to meet QA and Corporate Governance should be deployed within the SDLC.

2018-08-14 12:25:18 UTC
Find out what your peers are saying about Kiuwan vs. SonarQube and other solutions. Updated: November 2019.
379,343 professionals have used our research since 2012.
Sign Up with Email