Checkmarx One vs Kiuwan comparison

Read 23 Kiuwan reviews

1,895 Views
1,531 Comparison Views

93% willing to recommend

Checkmarx One

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Kiuwan based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Kiuwan Report (Updated: May 2024).

Download the complete report

Checkmarx One vs. Kiuwan

May 2024

Helped 787,061 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Ranking in Static Application Security Testing (SAST)

3rd

Average Rating

7.6

Number of Reviews

Ranking in other categories

Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

Kiuwan

Ranking in Application Security Tools

22nd

Ranking in Static Application Security Testing (SAST)

16th

Average Rating

8.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Market share comparison

As of June 2024, in the Application Security Tools category, the market share of Checkmarx One is 13.2% and it decreased by 13.7% compared to the previous year. The market share of Kiuwan is 0.9% and it decreased by 32.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Unique Categories:

Static Application Security Testing (SAST)

10.2%

Vulnerability Management

1.3%

Featured Reviews

reviewer1171554

Senior Engineer at Dell EMC

Jul 11, 2022

Useful automation , detailed reports, but scalability could improve

We use Checkmarx as a code analysis tool We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool. The most valuable feature of Checkmarx are the automation and information that it provides in the reports. I am using Checkmarx for…

Read full review

Francisco Parada López

Security consultant at Entelgy Innotec Security

Nov 8, 2023

Detects security vulnerabilities in source code, enforces coding guidelines, and manages open-source components

Integration with development frameworks like IntelliJ, NetBeans, and Visual Studio Code can be improved as a part of Kiuwan's capabilities. There are plugins available for these systems, facilitating smoother integration and usage within these popular development environments. In our scenario, with approximately fifty applications and ten users, conducting around five hundred analyses per day, we've noticed that updating Kiuwan rules is time-consuming. Analyzing new rules also takes a significant amount of time. It might be partly due to how we develop the rules; it seems that our approach to creating rules might contribute to this issue. This impacts the time it takes to conduct analyses using Kiuwan.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."

"The solution communicates where to fix the issue for the purpose of less iterations."

"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."

"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."

"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."

"From my point of view, it is the best product on the market."

"It shows in-depth code of where actual vulnerabilities are."

"Most valuable features include: ease of use, dashboard. interface and the ability to report."

More Checkmarx One pros

"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."

"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."

"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."

"We use Kiuwan to locate the source of application vulnerabilities."

"It provides value by offering options to enhance both code quality and the security of the company."

"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."

"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."

"Software analytics for a lot of different languages including ABAP."

More Kiuwan pros

Cons

"The cost per user is high and should be reduced."

"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."

"We have received some feedback from our customers who are receiving a large number of false positives."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

"It is an expensive solution."

"Checkmarx is not good because it has too many false positive issues."

"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."

"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."

More Checkmarx One cons

"The product's UI has certain shortcomings, where improvements are required."

"The development-to-delivery phase."

"I would like to see additional languages supported."

"I would like to see better integration with Azure DevOps in the next release of this solution."

"I would like to see better integration with the Visual Studio and Eclipse IDEs."

"Perhaps more languages supported."

"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."

"The next release should include more flexibility in the reporting."

More Kiuwan cons

Pricing and Cost Advice

"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."

"It's relatively expensive."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

"It is the right price for quality delivery."

"Be cautious of the one-year subscription date. Once it expires, your price will go up."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

More Checkmarx One pricing and cost advice

"This solution is cheaper than other tools."

"It follows a subscription model. I think the price is somewhere in the middle."

"I recommend contacting a sales person who will create the best plan payment plan for you, as we did."

"The price of Kiuwan is lower than that of other tools on the market."

"Check with your account manager."

"Kiuwan is an open-source solution and free to use."

"Nothing special. It's a very fair model."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

787,061 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Financial Services Firm

16%

Computer Software Company

13%

Comms Service Provider

12%

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

What is your experience regarding pricing and costs for Checkmarx?

The solution's price is high and you pay based on the number of users.

What do you like most about Kiuwan?

The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report.

What is your experience regarding pricing and costs for Kiuwan?

I'm not entirely sure about the price and business aspects, but I assume Checkmarx might be less expensive. I think Checkmarx might offer more affordable options, especially in its smaller business...

What needs improvement with Kiuwan?

Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran...

SonarQube vs Checkmarx One

Comparisons

Compared 52% of the time

Veracode vs Checkmarx One

Compared 13% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Snyk vs Checkmarx One

Compared 4% of the time

More Checkmarx One Competitors

SonarQube vs Kiuwan

Compared 51% of the time

Snyk vs Kiuwan

Compared 10% of the time

Veracode vs Kiuwan

Compared 9% of the time

Fortify on Demand vs Kiuwan

Compared 8% of the time

SonarCloud vs Kiuwan

Compared 3% of the time

More Kiuwan Competitors

Product Reports

Download Checkmarx One product report

Checkmarx One

June 2024

Download Kiuwan product report

June 2024

Learn More

Checkmarx

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.

We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial