Please share with the community what you think needs improvement with Kiuwan.
What are its weaknesses? What would you like to see changed in a future version?
Kiuwan should charge based on usage
When you do the download test, there is some part that remains there from the static test. When it comes to the configuration of this library, I've not sure that Kiuwan gives a real vulnerability assessment for a configuration. The configuration hasn't been that good. From a security perspective, we are looking into something in the middle between the static and the dynamic. There are many open-source tools that can generate perfect results. It's not as good as the quality as the Kiuwan or maybe the SonarQube, however, I'm sure it's really close, and it's also free We've had issues with technical support not being responsive enough. We also have had issues with the initial setup.
The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.
I'm still working on learning all the specifics of the tool; it's quite new to me. The solution seems to give us a lot of false positives. This could be improved quite a bit. The rules could be more clear. They need to have more clarity in that respect. It would help make the solution easier to use.
Improvement could be made with the integration of the programming tools. The solution provides some integration tools but for now we're not using these tools very much because it's expensive and we don't get much return. In the future we might be more interested. They could also improve repositories in the solution. I also think the coding could be improved technically and include some features that could be valuable for enterprise companies.
The rate of false positives, where it reports issues that are not really issues, can be improved. Scanning of vulnerabilities on open-source projects is not particularly useful as it is. I would like to see better integration with Azure DevOps in the next release of this solution.
Better integration with code repositories is something that we will need. I would like to see better integration with the Visual Studio and Eclipse IDEs. It would be helpful to have better testing for vulnerabilities in mobile development.
I do not have a clear idea about what could be better. I feel like the general tool is pretty good. The next release should include more flexibility in the reporting.