We performed a comparison between Checkmarx One and Kiuwan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has good performance, it is able to compute in 10 to 15 minutes."
"Vulnerability details is valuable."
"We use the solution for dynamic application testing."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"I like that it provides a detailed report that lets you know the risk index and the vulnerability."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"I have found the security and QA in the source code to be most valuable."
"The solution has a continuous integration process."
"I've found the reporting features the most helpful."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"I would like to see the rate of false positives reduced."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Implementing a blackout time for any user or teams: Needs improvement."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx is not good because it has too many false positive issues."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
"The product's UI has certain shortcomings, where improvements are required."
"Integration of the programming tools could be improved."
"The development-to-delivery phase."
"The next release should include more flexibility in the reporting."
"The configuration hasn't been that good."
"The QA developer and security could be improved."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Kiuwan is ranked 21st in Application Security Tools with 23 reviews. Checkmarx One is rated 7.6, while Kiuwan is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand and Snyk, whereas Kiuwan is most compared with SonarQube, Veracode, Snyk, Fortify on Demand and SonarCloud. See our Checkmarx One vs. Kiuwan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.