IT Central Station is now PeerSpot: Here's why

Which would you recommend to a colleague, Kiuwan or SonarQube?

Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)

One of the most popular comparisons on IT Central Station is Kiuwan vs SonarQube.

One user says about Kiuwan, "It is the most effective tool for IT procurement managers and directors. It includes technical debt metrics and is action plan oriented to rejected deliveries."

Another user says about SonarQube, "A usual addition to this tool is the IntelliJ plugin called SonarLint, which integrates into your IDE. Then, it allows you to run the convention rules file by file and receive immediate feedback when making changes. This removes the need to push to the server before finding out what issues you need to resolve."

In your opinion, which is better and why?

PeerSpot user
44 Answers

CindyBlake - PeerSpot reviewer

It's generally better to test for security early in the SDLC so my choice would be Sonarqube over Kiuwan because it includes static application security testing.

Arthur Hicken - PeerSpot reviewer

It depends on your role and what you're trying to accomplish. If you're trying to harden your own code then a tool that does SAST or static code analysis like SonarQube is a great idea. For example, Parasoft C/C++test is the only tool that has full support for every rule in the CERT-C standard. If you're trying to secure applications that aren't yours, systems, etc., then SAST tools aren't for you. You have to have the code for them to be useful.

Fabio Cegali - PeerSpot reviewer

I’m sorry, I don’t know Kiuwan – so it’s hard for me to tell.

What I can say is that SonarQube is fairly common here in Brazil, many organizations are using it. So I suspect it must be a good AST tool.

Andrew  Wishart - PeerSpot reviewer

Depending on the application that you are developing and the complexity, you need to be able to ensure that the application is secure along with APIs , its libraries and operating system and kernel interactions. Therefore it is eminently sensible to ensure you have taken all steps to remove any security risk or known threat in the deployed application. Any toolsets that address this and to enable metrics, rules, and customisation to meet QA and Corporate Governance should be deployed within the SDLC.

Buyer's Guide
Kiuwan vs. SonarQube
July 2022
Find out what your peers are saying about Kiuwan vs. SonarQube and other solutions. Updated: July 2022.
620,068 professionals have used our research since 2012.