Kiuwan can improve its UI a little more. The user experience can be made better. Kiuwan offers a user interface that is similar to the one offered by Windows 7 or Windows 98, which I saw when I ran the tool and tried to scan the repository to find the security issues. The product's UI has certain shortcomings, where improvements are required.

It would be beneficial to streamline calls and transitions seamlessly for improved functionality. When dealing with connections, prioritizing a smooth flow can enhance overall performance.

Kiuwan should charge based on usage

In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further. 

Another issue I've encountered is that Kiuwan only looks at the version of components and doesn't take into account any workaround fixes that have been implemented at the code level. This can result in false positives being reported. Additionally,  these issues are in the "insights" tab and not in the code base security aspect. Lastly, when muting findings that are false positives, there should be an option to see the only available at the code level rather than at the organization level because it can lead to missing vulnerabilities if they are muted at the org level.

An additional feature that would be helpful is the ability to easily download reports from Kiuwan. Specifically, in the "insights" tab, we have been encountering an error when trying to download the PDF report. We are able to download the code-based security report, but not the insights report. This has been an ongoing issue for the past couple of months and would be beneficial if it could be resolved.

My main recommendation would be to address the issues with downloading reports that we have been experiencing. Additionally, it would be helpful if Kiuwan could support a wider range of programming languages, as there are currently some that are not compatible with the tool. If the code of a particular application falls under the category which is not compatible with Kiuwan, then it will not be able to scan it.

Integration with development frameworks like IntelliJ, NetBeans, and Visual Studio Code can be improved as a part of Kiuwan's capabilities. There are plugins available for these systems, facilitating smoother integration and usage within these popular development environments.

In our scenario, with approximately fifty applications and ten users, conducting around five hundred analyses per day, we've noticed that updating Kiuwan rules is time-consuming. Analyzing new rules also takes a significant amount of time. It might be partly due to how we develop the rules; it seems that our approach to creating rules might contribute to this issue. This impacts the time it takes to conduct analyses using Kiuwan.

There are limited alternatives from other libraries or dependencies to enhance the application which posed a challenge for me as it necessitated modifications across different cases. It's problematic since you might need to alter or replace everything for potential improvements.

When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. 

The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. 

There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free

We've had issues with technical support not being responsive enough. 

We also have had issues with the initial setup.

Improvement could be made with the integration of the programming tools. The solution provides some integration tools but for now we're not using these tools very much because it's expensive and we don't get much return. In the future we might be more interested. They could also improve repositories in the solution. I also think the coding could be improved technically and include some features that could be valuable for enterprise companies.

Better integration with code repositories is something that we will need.

I would like to see better integration with the Visual Studio and Eclipse IDEs.

It would be helpful to have better testing for vulnerabilities in mobile development.

More languages and frameworks would enhance this tool.

I'm still working on learning all the specifics of the tool; it's quite new to me.

The solution seems to give us a lot of false positives. This could be improved quite a bit.

The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.

I do not have a clear idea about what could be better. I feel like the general tool is pretty good.

The next release should include more flexibility in the reporting.

From a maketing perspective, I would suggest demonstrating that using these tools will make money for the customer. The customer should have a clear vision of what they purchsed and what they received. They should push more technical articles on LinkedIn. There is always space to make things better, but for now, it is making a difference.

These products have some dreams, as I heard from some Dev Managers, but I’m sure that with a closer relationship, we can upscale that.

• Indicators regarding metrics

The rate of false positives, where it reports issues that are not really issues, can be improved.

Scanning of vulnerabilities on open-source projects is not particularly useful as it is.

I would like to see better integration with Azure DevOps in the next release of this solution.

DIfferent languages, such Spanish, Portuguese, and so on.

• Identification of OSS usage and multiple versions in use throughout portfolio

Perhaps more languages supported.

The development-to-delivery phase.

I would like to see additional languages supported.

The QA developer and security could be improved.

The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.