2018-08-12 08:55:00 UTC

Which would you recommend to a colleague, Kiuwan or SonarQube?

One of the most popular comparisons on IT Central Station is Kiuwan vs SonarQube.

One user says about Kiuwan, "It is the most effective tool for IT procurement managers and directors. It includes technical debt metrics and is action plan oriented to rejected deliveries."

Another user says about SonarQube, "A usual addition to this tool is the IntelliJ plugin called SonarLint, which integrates into your IDE. Then, it allows you to run the convention rules file by file and receive immediate feedback when making changes. This removes the need to push to the server before finding out what issues you need to resolve."


In your opinion, which is better and why?


ASKED BY
Community Mgr
Content Specialist
IT Central Station
Guest
44 Answers
author avatar
Vendor

It's generally better to test for security early in the SDLC so my choice would be Sonarqube over Kiuwan because it includes static application security testing.

Reply
2018-08-15 02:57:38 UTC
author avatar
Vendor

It depends on your role and what you're trying to accomplish. If you're trying to harden your own code then a tool that does SAST or static code analysis like SonarQube is a great idea. For example, Parasoft C/C++test is the only tool that has full support for every rule in the CERT-C standard. If you're trying to secure applications that aren't yours, systems, etc., then SAST tools aren't for you. You have to have the code for them to be useful.

Reply
2018-08-14 23:39:02 UTC
author avatar
User

I’m sorry, I don’t know Kiuwan – so it’s hard for me to tell.

What I can say is that SonarQube is fairly common here in Brazil, many organizations are using it. So I suspect it must be a good AST tool.

Reply
2018-08-15 00:58:50 UTC
author avatar
User

Depending on the application that you are developing and the complexity, you need to be able to ensure that the application is secure along with APIs , its libraries and operating system and kernel interactions. Therefore it is eminently sensible to ensure you have taken all steps to remove any security risk or known threat in the deployed application. Any toolsets that address this and to enable metrics, rules, and customisation to meet QA and Corporate Governance should be deployed within the SDLC.

Reply
2018-08-14 12:25:18 UTC
Free Report: Kiuwan vs. SonarQube
Find out what your peers are saying about Kiuwan vs. SonarQube and other solutions. Updated: November 2019.
Download now
379,343 professionals have used our research since 2012.

Related Question

Miriam Tover
Content Specialist
IT Central Station
Jul 15 2019
What is the biggest difference between Coverity and SonarQube?
One of the most popular comparisons on IT Central Station is Coverity vs SonarQube. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between Coverity and SonarQube? Which of these two solutions would you recommend to a… more»
HungVuBoth of them are static analytic source tools but SonarQube focus on the quality… more»
See 1 Answer
Sign in to see all reviews and comparisons. It's free!
By clicking Sign in with LinkedIn™ you agree to let IT Central Station use your LinkedIn profile and email address in accordance with our Privacy Policy and agree to the Terms of Service.
Sign Up with Email
  • Unlimited access to 31000+ reviews from real users
  • Your own page to promote your professional skills
  • Join a community of experts to call upon for support
As seen in:

By registering, you agree to our Terms of Service and Privacy Policy.
  • Unlimited access to 31000+ reviews from real users
  • Your own page to promote your professional skills
  • Join a community of experts to call upon for support
As seen in