Kiuwan is a world-class application security platform. Kiuwan SAST (Code Security) identifies and helps remediate security vulnerabilities in our source code. Kiuwan SCA (Insights) identifies and helps remediate threats from third party dependencies. All of this is provided in a simple to use, yet robust and extensible format.
While app security is at the forefront, Kiuwan’s foundation is a code analysis engine that provides a full view of the overall quality of your applications. Kiuwan began as a code quality tool based on the ISO 25000 standard of security, efficiency, reliability, portability, and maintainability. This means that, as we scan our applications for security vulnerabilities, we’re also helping to reduce technical debt and increase the overall quality of our products. This is a major differentiator between Kiuwan and other app security tools in the field.
Kiuwan is initiated by running the Kiuwan Local Analyzer (KLA) in your development environment, build server, or CI/CD pipeline. When pointed at a source directory or repository, the KLA scans for and analyzes all source code and configuration files. All in all, Kiuwan scans over 30 languages for security vulnerabilities. When scanning for Code Security, the Code Analysis module simultaneously scans for code quality:
After scanning with the KLA, results are displayed in the Kiuwan portal, along with all the details needed to address each quality defect. The portal presents the data in a simple to understand format, but it also allows us to filter, export, extract, and use the data in the most productive way possible:
For example, if our app’s performance is subpar, we can filter “Efficiency” related defects, and tackle them accordingly:
After uncovering defects in our application, Kiuwan’s Action Plans help us organize this work within our existing development lifecycle. If there are just 10 hours within a sprint to devote to paying down technical debt, Kiuwan will identify the highest priority issues we can remediate within that time frame. It will also give a picture of quality metrics before and after completing this work: