2018-08-12T08:55:00Z

Which would you recommend to a colleague, Kiuwan or SonarQube?

One of the most popular comparisons on IT Central Station is Kiuwan vs SonarQube.

One user says about Kiuwan, "It is the most effective tool for IT procurement managers and directors. It includes technical debt metrics and is action plan oriented to rejected deliveries."

Another user says about SonarQube, "A usual addition to this tool is the IntelliJ plugin called SonarLint, which integrates into your IDE. Then, it allows you to run the convention rules file by file and receive immediate feedback when making changes. This removes the need to push to the server before finding out what issues you need to resolve."


In your opinion, which is better and why?


Guest
44 Answers
author avatar
Vendor

It's generally better to test for security early in the SDLC so my choice would be Sonarqube over Kiuwan because it includes static application security testing.

Reply Like (1)
2018-08-15T02:57:38Z
author avatar
Vendor

It depends on your role and what you're trying to accomplish. If you're trying to harden your own code then a tool that does SAST or static code analysis like SonarQube is a great idea. For example, Parasoft C/C++test is the only tool that has full support for every rule in the CERT-C standard. If you're trying to secure applications that aren't yours, systems, etc., then SAST tools aren't for you. You have to have the code for them to be useful.

Reply Like (1)
2018-08-14T23:39:02Z
author avatar
User

I’m sorry, I don’t know Kiuwan – so it’s hard for me to tell.

What I can say is that SonarQube is fairly common here in Brazil, many organizations are using it. So I suspect it must be a good AST tool.

Reply Like (0)
2018-08-15T00:58:50Z
author avatar
User

Depending on the application that you are developing and the complexity, you need to be able to ensure that the application is secure along with APIs , its libraries and operating system and kernel interactions. Therefore it is eminently sensible to ensure you have taken all steps to remove any security risk or known threat in the deployed application. Any toolsets that address this and to enable metrics, rules, and customisation to meet QA and Corporate Governance should be deployed within the SDLC.

Reply Like (0)
2018-08-14T12:25:18Z
Free Report: Kiuwan vs. SonarQube
Find out what your peers are saying about Kiuwan vs. SonarQube and other solutions. Updated: March 2021.
Download now
466,017 professionals have used our research since 2012.

Related Questions

Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Mar 02 2021
Is SonarQube the best tool for static analysis?

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Purushothaman KStatic tool we can use Fortify or IBM Appscan. SonarQube widely used for… more »
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Steven KlusenerPlease have a look at the TICS framework, offered by www.tiobe.com, it is… more »
See 6 Answers
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Feb 03 2021
When evaluating Application Security, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

reviewer1434390I would check the authentication steps required. How does the data storage work… more »
See 13 Answers
Asked By
Content Operations Manager at IT Central Station
Community Mgr
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about Kiuwan, SonarSource, Veracode, and more!
Download Now