Try our new research platform with insights from 80,000+ expert users

Kiuwan Insights vs Veracode comparison

Kiuwan and Veracode are both solutions in the Static Code Analysis category. Kiuwan is ranked #24, while Veracode is ranked #1 with an average rating of 8.1. Kiuwan holds a 1.2% mindshare in SCAS, compared to Veracode’s 14.5% mindshare. Additionally, 89% of Veracode users are willing to recommend the solution.
Kiuwan Insights
Read 2 Kiuwan Insights reviews
  • 191 Views
  • 191 Comparison Views
0% willing to recommend
Veracode
Read 208 Veracode reviews
  • 18,744 Views
  • 3,561 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 19, 2024

Veracode and Kiuwan Insights compete in application security testing. Kiuwan Insights appears to have the upper hand due to its comprehensive feature set offering significant value for the price, indicating higher user satisfaction despite higher setup costs.

Features: Veracode provides software composition analysis, vulnerability tracking, and supports secure coding practices. Kiuwan Insights delivers comprehensive code quality analysis, efficient risk assessment capabilities, and a broad approach to software security, with a noticeable focus on being feature-rich though having a steeper learning curve.

Ease of Deployment and Customer Service: Veracode offers a straightforward deployment process and efficient customer support, catering to teams seeking quick integration. Kiuwan Insights might involve a more complex setup but is complemented by responsive and comprehensive customer service, favoring those who require flexible support.

Pricing and ROI: Veracode generally maintains a manageable setup cost, ideal for smaller budgets, while offering a scalable ROI. Kiuwan Insights, although more expensive upfront, promises substantial ROI through extensive analytical features, attracting businesses interested in prioritizing long-term benefits over initial cost savings.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Kiuwan Insights vs. Veracode Report (Updated: December 2025).
Buyer's Guide
Kiuwan Insights vs. Veracode
December 2025
Download the complete report
Helped 880,745 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Kiuwan Insights
Ranking in Static Code Analysis
24th
Average Rating
4.0
Reviews Sentiment
6.4
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Code Analysis
1st
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of January 2026, in the Static Code Analysis category, the mindshare of Kiuwan Insights is 1.2%, up from 0.4% compared to the previous year. The mindshare of Veracode is 14.5%, down from 30.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Code Analysis Market Share Distribution
ProductMarket Share (%)
Veracode14.5%
Kiuwan Insights1.2%
Other84.3%
Static Code Analysis
 

Featured Reviews

FE
Felix Esteban
Head of Development and Consulting at Logalty
Protects problematic libraries; sorely lacking in customer services
Kiuwan lacks decent support, it's very bad. A couple of years ago an American company bought Kiuwan and support became non-existent. It's a big part of why we're looking to move to another product. We have questions regarding false positives and nobody responds to our tickets. They don't have any answers. If you're looking for a cheaper solution and don't require support, it might be okay, but a large end company that has a lot of questions about how the developers are programming will have trouble.
Read full review
reviewer2703864 - PeerSpot reviewer
reviewer2703864
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
Onboarding developers successfully while improving code security through IDE integration
Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Can help in reducing the number of false positives."
"I have found the interface to be perfect."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"One benefit is that we have automated the scanning process."
"The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."
"In my experience, Veracode is one of the most powerful tools available in the market from a security perspective. It is a market leader in source code analysis."
"I can have quick results by just uploading compiled components."
"I don't have much experience with the solution yet. We're looking at integrating Manual Penetration Testing with JIRA and Bamboo and then building that into a CICD model, so the integration is the most valuable feature so far."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
More Veracode pros
 

Cons

"The solution has issues detecting intrusive methods."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"On-premise implementation is not available."
"The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity."
"The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
"Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to our program management at Veracode about that, and that is actually on their radar to have that improved, I think actually this year."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
"The usability isn't good in Veracode. Sometimes, it will show a problem, but it's difficult to go into their tool and figure out where it is. You primarily use a web browser to access their system. It requires a lot of clicks. The static analysis is a separate part of their system from the SCA, so that's a bit difficult. They haven't fully integrated that. It's difficult for the consumer."
More Veracode cons
 

Pricing and Cost Advice

"Pricing can be improved as well."
"It is an expensive solution, but it's the best solution available on the market. If you want something at the top, you have to pay a bit more than the average."
"I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
"For our company, the price is reasonable for the benefits that we get."
"It is pricey. There is a lot of value in the product, but it is a costly tool."
"Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
"I'm unfamiliar with the solution's pricing, but it must be worth the cost from a company perspective, as we have been using it for years and have no plans to move away from it."
"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
See recommendations
880,745 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
17%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise44
Large Enterprise115
 

Questions from the Community

Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
See all answers
 

Comparisons

OpenText Static Application Security Testing vs Kiuwan Insights Logo
OpenText Static Application Security Testing vs Kiuwan Insights
Compared 42% of the time
More Kiuwan Insights Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 12% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 8% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 5% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 4% of the time
Coverity Static vs Veracode Logo
Coverity Static vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Static Code Analysis
January 2026
Kiuwan Insights reportDownload Kiuwan Insights product report
Buyer's Guide
Veracode
December 2025
Veracode reportDownload Veracode product report
 

Also Known As

Insights SCA
Crashtest Security , Veracode Detect
 

Overview

Kiuwan Insights supports the continuity and integrity of open source management with a complete multi-technology solution that seamlessly integrates with key SDLC tools.

With Kiuwan Insights, you can identify and manage:

vulnerabilities,

compliance, and

operational risk

that may arise from using open source components.

Open source components are a significant and important part of commercial software today. Yet the use of these components introduces the risk of security vulnerabilities, as well as a need to ensure proper licensing and adherence to policies.

Automation is an essential strategy for detection of open source components and security vulnerabilities, compliance analysis, and policy enforcement.

Kiuwan

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Information Not Available
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Kiuwan Insights vs. Veracode
December 2025
Free Report: Kiuwan Insights vs. Veracode
Find out what your peers are saying about Kiuwan Insights vs. Veracode and other solutions. Updated: December 2025.
DOWNLOAD NOW
880,745 professionals have used our research since 2012.
See our Kiuwan Insights vs. Veracode report.
See our list of best Static Code Analysis vendors.

We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.