We performed a comparison between Snyk and Kiuwan based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Snyk comes out ahead of Kiuwan. Kiuwan has difficulties with the initial setup and installation, which may deter some potential users. Also, there is no phone or chat support available.
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"I've found the reporting features the most helpful."
"We use Kiuwan to locate the source of application vulnerabilities."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Static code analysis is one of the best features of the solution."
"The most valuable feature of Snyk is the software composition analysis."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The configuration hasn't been that good."
"The next release should include more flexibility in the reporting."
"I would like to see additional languages supported."
"The QA developer and security could be improved."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"It could improve its scalability abilities."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"I think Snyk should add more of a vulnerability protection feature in the tool since it is an area where it lacks."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
Kiuwan is ranked 22nd in Application Security Tools with 23 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Kiuwan is rated 8.6, while Snyk is rated 8.2. The top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Kiuwan is most compared with SonarQube, Checkmarx One, Veracode, Fortify on Demand and OWASP Zap, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our Kiuwan vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.