We performed a comparison between Kiuwan and SonarQube based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution offers very good technical support."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I've found the reporting features the most helpful."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The solution has a continuous integration process."
"The solution has a wide variety of features and an open-source community that you are able to learn Java, JavaScript, or any other programing language."
"The static code analysis is very good."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"Can tweak rules and feed them into our build pipelines."
"The static code analysis of the solution is the most important aspect for us. When it comes to security breaches within the code, we can leverage some rules to allow us to identify the repetition in our code and the possible targets that we may have. It makes it very easy to review our code for security purposes."
"The SonarQube dashboard looks great."
"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."
"It could improve its scalability abilities."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"DIfferent languages, such Spanish, Portuguese, and so on."
"The next release should include more flexibility in the reporting."
"The product's UI has certain shortcomings, where improvements are required."
"The configuration hasn't been that good."
"The product needs to integrate other security tools for security scanning."
"If you don't have any experience with the configuration or how to configure the files, it can be complicated."
"SonarQube's detail in the security could be improved. It may be helpful to have additional details, with regards to Oracle PL/SQL. For example, it's neither as built nor as thorough as Java. For now, this is the only additional feature I would like to see."
"I am not very pleased with the technical debt computation."
"The implementation of the solution is straightforward. However, we did have some initial initialization issues at the of the projects. I don't think it was SonarQube's fault. It was the way it was implemented in our organization because it's mainly integrated with many software, such as Jira, Confluence, and Butler."
"The product provides false reports sometimes."
"Having performance regression would be a helpful add on or ability to be able to do during the scan."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
Kiuwan is ranked 22nd in Application Security Tools with 23 reviews while SonarQube is ranked 1st in Application Security Tools with 112 reviews. Kiuwan is rated 8.6, while SonarQube is rated 8.0. The top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Kiuwan is most compared with Checkmarx One, Snyk, Veracode, Fortify on Demand and SonarCloud, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security. See our Kiuwan vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
