2018-08-12 08:55:00 UTC

Which would you recommend to a colleague, Kiuwan or SonarQube?

One of the most popular comparisons on IT Central Station is Kiuwan vs SonarQube.

One user says about Kiuwan, "It is the most effective tool for IT procurement managers and directors. It includes technical debt metrics and is action plan oriented to rejected deliveries."

Another user says about SonarQube, "A usual addition to this tool is the IntelliJ plugin called SonarLint, which integrates into your IDE. Then, it allows you to run the convention rules file by file and receive immediate feedback when making changes. This removes the need to push to the server before finding out what issues you need to resolve."


In your opinion, which is better and why?


Asked By
Content Operations Manager at IT Central Station
Community Mgr
Guest
44 Answers
author avatar
Vendor

It's generally better to test for security early in the SDLC so my choice would be Sonarqube over Kiuwan because it includes static application security testing.

Reply Like (1)
2018-08-15 02:57:38 UTC
author avatar
Vendor

It depends on your role and what you're trying to accomplish. If you're trying to harden your own code then a tool that does SAST or static code analysis like SonarQube is a great idea. For example, Parasoft C/C++test is the only tool that has full support for every rule in the CERT-C standard. If you're trying to secure applications that aren't yours, systems, etc., then SAST tools aren't for you. You have to have the code for them to be useful.

Reply Like (1)
2018-08-14 23:39:02 UTC
author avatar
User

I’m sorry, I don’t know Kiuwan – so it’s hard for me to tell.

What I can say is that SonarQube is fairly common here in Brazil, many organizations are using it. So I suspect it must be a good AST tool.

Reply Like (0)
2018-08-15 00:58:50 UTC
author avatar
User

Depending on the application that you are developing and the complexity, you need to be able to ensure that the application is secure along with APIs , its libraries and operating system and kernel interactions. Therefore it is eminently sensible to ensure you have taken all steps to remove any security risk or known threat in the deployed application. Any toolsets that address this and to enable metrics, rules, and customisation to meet QA and Corporate Governance should be deployed within the SDLC.

Reply Like (0)
2018-08-14 12:25:18 UTC
Free Report: Kiuwan vs. SonarQube
Find out what your peers are saying about Kiuwan vs. SonarQube and other solutions. Updated: February 2020.
Download now
407,538 professionals have used our research since 2012.

Related Question

Malla Reddy Bakka
User at a tech services company with 10,001+ employees
Feb 04 2020
What is the biggest difference between Checkmarx and SonarQube?
I currently work for a global product engineering and lifecycle services partner.  We are currently evaluating Checkmarx and SonarQube for our PoC. What are the biggest differences between the two? Which would you recommend? Thanks! I appreciate the help.
Elina PetrovnaSonarQube historically was focused on Code Quality and Best Practices. Recently… more»
ManojKumar9The major difference I have seen between Checkmarx and SonarQube is… more»
See 2 Answers