We performed a comparison between Kiuwan Insights and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, OpenText, JetBrains and others in Static Code Analysis."I have found the interface to be perfect."
"Can help in reducing the number of false positives."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"I like the way the flaws are reported in the system."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"The article scanning is excellent."
"Scanning of .war and .jar is key for us."
"Static code scanning is the most valuable feature."
"The solution has issues detecting intrusive methods."
"The solution is great, but improvement is needed in the number of lines of code allowed, that is the capacity. Pricing can be improved as well."
"The scanning could be improved, because some scans take a bit of time."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources."
"The interface is too complex."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"The reports on offer are too verbose."
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking."
Earn 20 points
Kiuwan Insights is ranked 11th in Static Code Analysis while Veracode is ranked 1st in Static Code Analysis with 194 reviews. Kiuwan Insights is rated 4.0, while Veracode is rated 8.2. The top reviewer of Kiuwan Insights writes "Protects problematic libraries; sorely lacking in customer services". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Kiuwan Insights is most compared with Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
See our list of best Static Code Analysis vendors.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.