Checkmarx One vs Kiuwan comparison

Read 23 Kiuwan reviews

1,550 Views
1,302 Comparison Views

93% willing to recommend

Checkmarx One

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Checkmarx One and Kiuwan are leading contenders in application security testing. Users indicate Checkmarx One holds an advantage in pricing and support satisfaction, while Kiuwan excels in feature offerings, making it appealing for feature-focused users.

Features: Checkmarx One excels in comprehensive security testing, seamless integration capabilities, and delivering detailed code analysis. Kiuwan is noted for providing intricate vulnerability reports, ease of configuration, and facilitating efficient remediation processes.

Room for Improvement: Checkmarx One could enhance performance speed, back-end robustness, and scanning optimization to deliver faster results. Kiuwan's documentation clarity, dashboard usability, and intuitive navigation could be improved for better user experience.

Ease of Deployment and Customer Service: Checkmarx One offers simple deployment options but should focus on quicker support response times. Kiuwan is praised for its smooth deployment and responsive customer service.

Pricing and ROI: Checkmarx One's slightly higher setup costs are justified by its functionality. Kiuwan offers attractive pricing and ROI, due to its efficiency and lower initial costs, appealing to budget-conscious organizations.

To learn more, read our detailed Checkmarx One vs. Kiuwan Report (Updated: September 2025).

Checkmarx One vs. Kiuwan

Download the complete report

Helped 867,370 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Ranking in Static Application Security Testing (SAST)

3rd

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Vulnerability Management (23rd), Container Security (22nd), Static Code Analysis (3rd), API Security (3rd), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)

Kiuwan

Ranking in Application Security Tools

23rd

Ranking in Static Application Security Testing (SAST)

25th

Average Rating

8.6

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of September 2025, in the Application Security Tools category, the mindshare of Checkmarx One is 10.2%, down from 13.7% compared to the previous year. The mindshare of Kiuwan is 1.1%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools Market Share Distribution
Product	Market Share (%)
Checkmarx One	10.2%
Kiuwan	1.1%
Other	88.7%

Application Security Tools

Featured Reviews

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Mustufa Bhavnagarwala

CyberRisk Solution Advisor at Deloitte

Though a stable tool, the UI needs improvement

Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature for me is the Jenkins Plugin."

"Apart from software scanning, software composition scanning is valuable."

"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."

"Our static operation security has been able to identify more security issues since implementing this solution."

"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."

"From my point of view, it is the best product on the market."

"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."

"Scan reviews can occur during the development lifecycle."

More Checkmarx One pros

"We use Kiuwan to locate the source of application vulnerabilities."

"The solution offers very good technical support."

"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."

"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."

"I have found the security and QA in the source code to be most valuable."

"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."

"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."

"I personally like the way it breaks down security vulnerabilities with LoC at first glance."

More Kiuwan pros

Cons

"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."

"This product requires you to create your own rulesets. You have to do a lot of customization."

"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."

"Updating and debugging of queries is not very convenient."

"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."

"The Dynamic Application Security Testing (DAST) feature should be better."

"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."

"Its user interface could be improved and made more friendly."

More Checkmarx One cons

"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."

"I would like to see better integration with the Visual Studio and Eclipse IDEs."

"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."

"Perhaps more languages supported."

"I would like to see better integration with Azure DevOps in the next release of this solution."

"The configuration hasn't been that good."

"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."

"The QA developer and security could be improved."

More Kiuwan cons

Pricing and Cost Advice

"The solution's price is high and you pay based on the number of users."

"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."

"The tool's pricing is fine."

"The number of users and coverage for languages will have an impact on the cost of the license."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"This solution is expensive. The customized package allows you to buy additional users at any time."

More Checkmarx One pricing and cost advice

"The price of Kiuwan is lower than that of other tools on the market."

"I recommend contacting a sales person who will create the best plan payment plan for you, as we did."

"This solution is cheaper than other tools."

"Nothing special. It's a very fair model."

"Check with your account manager."

"It follows a subscription model. I think the price is somewhere in the middle."

"Kiuwan is an open-source solution and free to use."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

867,370 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Computer Software Company

13%

Manufacturing Company

10%

Government

Computer Software Company

15%

University

Financial Services Firm

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	30
Midsize Enterprise	9
Large Enterprise	38

By reviewers
Company Size	Count
Small Business	15
Midsize Enterprise	4
Large Enterprise	6

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

What do you like most about Kiuwan?

The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report.

What is your experience regarding pricing and costs for Kiuwan?

I'm not entirely sure about the price and business aspects, but I assume Checkmarx might be less expensive. I think Checkmarx might offer more affordable options, especially in its smaller business...

What needs improvement with Kiuwan?

SonarQube Server (formerly SonarQube) vs Checkmarx One

Comparisons

Compared 42% of the time

Veracode vs Checkmarx One

Compared 8% of the time

Checkmarx SAST vs Checkmarx One

Compared 7% of the time

OpenText Core Application Security vs Checkmarx One

Compared 5% of the time

OWASP Zap vs Checkmarx One

Compared 4% of the time

More Checkmarx One Competitors

SonarQube Server (formerly SonarQube) vs Kiuwan

Compared 50% of the time

Veracode vs Kiuwan

Compared 10% of the time

Snyk vs Kiuwan

Compared 8% of the time

SonarQube Cloud (formerly SonarCloud) vs Kiuwan

Compared 7% of the time

Invicti vs Kiuwan

Compared 5% of the time

More Kiuwan Competitors

Product Reports

Checkmarx One

Download Checkmarx One product report

Download Kiuwan product report

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.

We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial

Checkmarx One vs. Kiuwan