Kiuwan's Frequently Asked Questions

General information

Scanning your code

Technical questions

What are the Kiuwan Solutions for?
Modern companies need software to support their business, whether they develop it themselves or use external providers. 

In both cases, all companies have similar needs: 

  • To detect security vulnerabilities early and fix them before deploying; 
  • To reduce the number of bugs affecting the performance and efficiency of their software; 
  • To manage the costs associated with development and maintenance properly; 
  • To gain greater control of their application development.

The Kiuwan applications can address all the above needs, regardless of the size and level of complexity of the development process. 

Who are the Kiuwan Solutions designed for?
The Kiuwan applications are designed to meet the needs of all the roles involved in a company's software development process:
  • CIOs (Chief Information Officers) who need to make strategic decisions to improve software development
  • CSOs (Chief Security Officers) who need to tackle security from the application perspective
  • QA Managers and Engineers who need to control and monitor the quality state of applications under development
  • Project Managers who need to know the health of the projects they manage from a technical perspective
  • Application Architects who can discover structural flaws early in the development process
  • Operation Officers who need to know the level of quality and security of the application they have in production
  • Integration and Deployment Managers who need to make sure the structural and technical health of the applications they are moving in their respective pipelines is what is expected in the next environment
  • Developers who want to develop the best software possible and learn as much as possible in the process

What is Kiuwan Code Security (SAST)?
Kiuwan Code Security is a SAST solution that scans your code to identify and remediate security vulnerabilities.

It complies with the most stringent security standards and covers all important programming languages. It is a cloud-based solution but offers the possibility of analyzing your source code locally.

Continuous subscriptions also include an IDE plugin to help developers work more efficiently.

Learn more about it on our here.

What is Kiuwan Insights? (SCA)
Kiuwan Insights is an application that scans your code to identify vulnerabilities in third-party and open-source components.

It also helps you ensure compliance with open source and copyleft licenses.

Learn more about it on our here.

What other modules can complement the core functionalities of Kiuwan?
There are three optional modules:
  • Kiuwan Code Analysis
    The focus of this application is to reduce technical debt, making your code more maintainable, reliable, portable and efficient.
  • Kiuwan Governance
    This is a business-oriented dashboard to help managers make smart decisions over their application portfolio.
  • Kiuwan LifeCycle
    This module is included with continuous licenses. It helps you create audits of your analysis results and how they change over time. This module is added to Kiuwan Code Security if you buy a continuous subscription.

Which security standards are supported by Kiuwan Code Security?
Kiuwan Code Security is an OWASP corporate member and is CWE certified.

It covers the following standards:

  • SANS 25
  • CERT-Java/C/C++
  • WASC
  • NIST
  • BIZEC. 

...and the list is continuously growing!

Learn more about how Kiuwan Code Security performs on the OWASP Benchmark here

How does Kiuwan Code Security perform in the OWASP Benchmark?
The OWASP Benchmark is a test suite designed to evaluate the coverage and accuracy of automated vulnerability detection tools.

The chart below shows the performance of Kiuwan Code Security for the latest version of the OWASP Benchmark, as of November 2019. The results show that Kiuwan (at position K) detected 100% of true positives, correctly identifying all vulnerabilities present in the test application.

For more details about the OWASP Benchmark and Kiuwan Code Security, read our original blog post from 2017, or review our most recent results and run your own test

Is Kiuwan in the Gartner Magic Quadrant?
The Gartner Magic Quadrant selects companies based on various criteria, including "market share, number of clients, installed base, types of products/services, target market." This formula favors companies with very high revenue.

Kiuwan is currently a modest income company, and our revenue does not meet the target for inclusion in the current Gartner Magic Quadrant. However, we are growing rapidly and anticipate that this will change in the near future.

Kiuwan solutions are trusted by 500+ companies worldwide, including:

To learn more, read verified reviews from Kiuwan users at the following third-party sites:

How does Kiuwan Code Security help me make decisions on how to fix my application?
Kiuwan Code Security provides a module to create Action Plans, i.e. concrete and defined sets of goals and actions to be performed on your application to improve your code.

There are two options: 

  1. Build an Action Plan based on the criteria that are more important to you (available man-power, high-security vulnerabilities...)
  2. Ask Kiuwan Code Security to build an Action Plan for you based on your preferred strategy (e.g. I want to reach a 5-star rating)

Does Kiuwan store my application's uploaded source code?
Kiuwan offers two different analysis modes:
  1. Analyzing in the cloud: In this case, you upload the source code to the Kiuwan Cloud. The source code is then deleted as soon as the analysis is finished.
  2. Analyzing locally:  In this case, analyzing locally, the source code never leaves the local machine: it is locally analyzed. The generated results are encrypted and securely uploaded to Kiuwan Cloud. Once received, those results are used to calculate metrics to be displayed to the Kiuwan users.

Can I scan my source code without uploading it to the cloud?
Yes. If you do not want to upload your code for security reasons, you can run your analysis locally instead with Kiuwan Local Analyzer

Your results (defects, metrics, etc.) are uploaded securely to the Kiuwan Cloud, and you will view them in the dashboard. 

Secure Socket Layer (SSL) technology protects information sent to Kiuwan using encryption and authentication server. It ensures that your data in transit is safe, secure, and visible only to registered users in your organization.

How long does a scan take to complete?
The length of a scan depends on the programming languages and the number of lines of code (LoC). 

We tested the speed to give you an idea and these are the results:

  • 577k LoC in Java ~ 15 minutes
  • 32k LoC in Python in ~ 12 minutes
  • 9m LoC in C/C++ (Juliet v1.3) in ~ 23 hours

Results may vary.

Can I run multiple scans at the same time?
By instantiating multiple Kiuwan Local Analyzer applets simultaneously, you can run multiple scans at the same time. 

Do I have to scan the complete source code or can I just scan parts of it?
No, by applying filters you can reduce the lines of code analyzed in a given analysis session. This consequently also accelerates the scanning time.

Which are the main indicators provided by Kiuwan Code Security?
The main indicators provided for Kiuwan are the following:
  • Software characteristics
    • Security, efficiency, maintainability, reliability, and portability
  • Global Indicator
    • The weighted average of the above software characteristics through a complex algorithm. This considers the severity of the defects, the weight of the category in which the defect is, the analyzed code volume, and the criticality of the language for Kiuwan users. This algorithm can be customized. 
  • Effort to Target
    • The amount of work effort needed to reach a defined goal. 
  • Risk Index
    • A representation of the potential problems that could arise by not paying attention to the security and quality of your source code. Any value greater than 0 should be observed and actions should be done to decrease the number. 

How do I download the Kiuwan Local Analyzer?
Log in to your Kiuwan account;
  1. Click the Management menu on the dashboard;
  2. Select Download Kiuwan Local Analyzer.

What are the requirements to use the Kiuwan Applications?
Kiuwan Code Security and Kiuwan Insights are cloud-based solutions, so to use the applications you only need Internet access to and

If you want to use the Kiuwan Local Analyzer you also need Java Runtime Environment installed on your computer. Read more about the requirements here: Installation Requirements for Kiuwan Local Analyzer

Which programming languages are supported?
The Kiuwan solutions support all of the most popular programming languages. Below, an overview:
























JavaScript /TypeScript









Objective C





php,php3,php4,php5,php6, phps,phtml












VisualBasic 6




Find more details here:

The list keeps on growing! Contact our support team to find out which languages will be added in the future. 

Does Kiuwan Code Security integrate with JIRA?
Defects found by Kiuwan Code Security and incorporated into an Action Plan can generate tasks automatically in JIRA, accelerating the step between the certification of an application and the remediation of the found issues.

Please visit Export an Action Plan for further information.

Can I use Kiuwan Code Security in Continuous Integration?
Developers and integrators can connect to Kiuwan Code Security by different means.

Please visit Developers - Integrations for a full list of possibilities. 

Can I Use Kiuwan Local Analyzer via CLI?
The Kiuwan Local Analyzer has a CLI that can be integrated and scripted. Find more instructions in our documentation.

The Kiuwan Applications also have a REST API that can be used for more advanced integrations and interactions.

Does Kiuwan Code Security support XML?
For more information about XML support on Kiuwan Code Security, check Does Kiuwan support XML?
Do you have a troubleshooting guide?
Yes, review Troubleshooting or browse our Zendesk FAQ

Question not answered?

We can help!

I'm a client 

Have a look through our User Guide  

or contact our technical support team here.

I'm not a client (yet)

Our sales team will be happy to help you.

  • No labels