Companies of different sizes, maturities and industries need to develop software to support their business. Some companies develop their software themselves and some use external providers to help them develop and maintain their business applications. There are companies that just have a few applications and others that have hundreds or even thousands. Some rely in on 1 or 2 technologies and languages only and others that have been adapting their technology stack over time and use several different languages and technologies.
In most cases, these companies do not have the people and infrastructure needed to automate Security and Quality Assurance, Control and Certification Management for all developed software, or cannot afford hiring an "on site" continuous certification service for the development process.
Kiuwan is the answer for to all these companies. Kiuwan can address all the above needs regardless of the size and the level of complexity of the development processes.
- CIOs (Chief Information Officers) who need to make strategic decisions to improve software development.
- CSOs (Chief Security Officers) who need to tackle security from the application perspective.
- QA Managers and Engineers who need to control and monitor the quality state of applications under development.
- Project Managers, who need to know the health of the projects they manage from a technical perspective.
- Application Architects, who can discover structural flaws early in the development process.
- Operations who need , that need to know the level of quality and security of the application they have in production.
- DevOps, if companies are taking that transformation path Kiuwan is an essential tool for the people who make it happen.
- Integration and Deployment Managers, who need to make sure the structural and technical health of the applications they are moving in their respective pipelines is what is expected in the next environment.
- Developers, who want to develop the best software possible and learn as much as possible in the process.
There's no need to deploy any local infraestructureinfrastructure, Kiuwan can do the SAST software analysis for you. All you need to do is signup, and start using Kiuwan.
Nevertheless, you can leverage your own infrastructure and service. Kiuwan offers an on-premise distributed analysis engine (KLA - Kiuwan Local Analyzer) that you can freely instantiate as many times as you need, allowing your compnay company to integrate and embed it into existing infrastructure.
The KLA is adaptable to each organization’s network settings , and can be easily configured to work with a proxy server, or an implemented corporate authentication service, such as LDAP.
- The source code never leaves your organization’s systems, since analyses take place on your machines.
- Your installation will always be updated , because KLA is automatically updated from the Kiuwan cloud
- You will be able to integrate within your existing systems (IDE's, CI/CD pipelines, etc.)
Kiuwan Local Analyzer is a zipped module that you download and uncompress on the target machine. It runs on Windows, Unix/Linux and MacOs , and macOS and only requires JVM (8), 1 Gb of free memory, access to source code and internet connection. It can be executed from Graphical User Interface or by Command-Line Interface.
Kiwuan Local Analyzer provide provides the basis for external system integration (CI systems, SAP servers, etc) as well as to execute analyses in your development IDE.
Please visit Developers - Integrations for futher further help on how to integrate with Jenkins, Team Foundation Server, IBM UrbanCode Deploy, Cloudbees, Bluemix DevOps, TeamCity, etc.
Also, you can visit Kiuwan for Developers if you need to use Kiuwan from within your IDE.
Please visit Kiuwan Local Analyzer for further info.
Kiuwan gathers evidence fromt from the application's source code using Kiuwan static analyzers.
Kiuwan supports more than 20 different technologies, from J2EE to .NET, including legacy (SAP, CobolCOBOL, etc) and SQL
Please visit Kiuwan Supported Technologies
- Source code static analysis, either locally —through a downloadable agent— or in the cloud —uploading the code to Kiuwan site—
- In-depthdetection depth detection of Security Vulnerabilities, providing detailed reports on where the vulnerabilities appear, their correlation to Security standards, providing remediation clues and assessing remediation progress.
- Quality Defects detection that affect important software characteristics: Reliability, Efficiency, Maintainability, and Portability
- Calculation of Software Metrics —number of violations, complexity, design, code size...—.
- Detection of Duplicate Code.
- Calculation of Global Software Indicators, necessary for the governance and management of the software applications portfolio —Risk associated with the structural Security and Quality of the code, Global Indicator and software characteristics indicators, Effort to target, Technical debt —.
- All results are available in your Kiuwan account through Dashboards (with powerful powerful Filters , Aggregated and Historical Views, etc)
- You can also extract results to consume elsewhere through Kiuwan's REST API.
- Reports generation at all levels and in different formats (PDF, CSV, etc.), with the ability to create your own Custom Reports with custom level of details depending on your specific needs
- A complete set of tools to fully customize your needs:
- Create and manage different software models to analyze your applications.
- Generate and track action plans automatically.
- Mute defects when needed and re-calculate analytics on the fly.
- Create and manage different audits and apply them automatically to all deliveries in your application life cycle.
- Group your applications in portfolios to give you relevant perspectives of your Software Analytics.
- Generate rankings by perspective.
- Cross different perspectives for several metrics and indicators to answer important questions about your application portfolio.
Kiuwan Saas has been designed to suite suit your needs and provides you with a full suite of solutions that leverage you your existing source code to build up a comprehensive Security and Software Analytics environment.
At Kiuwan we firmly believe that “the truth is in the source code”. As you could read in this paper, you will see that all Kiuwan functionalities are based on an in-depthanalysis depth analysis of your source code.
Kiuwan Architecture offers a revolutionary approach to Application Inventory Management, letting you to you detect and surfaces the components and dependencies in your applications, giving you the ability to truly understand your architecture and applications’ structure.
Kiuwan Life Cycle lets you sensibly reduce development time, testing and integration effort during your your software development life cycle by establishing baselines and analyzing deliveries and change requests, letting you to define and apply automatic audits to make sure every delivery is not going to make your application worse.
Kiuwan Governance helps you to make informed decisions based on the objective information gathered by Code Security and Code Analysis. Group your applications in portfolios that are meaningful for your business and consume aggregated information by the perspectives they provide. Manage the different types of risk you face in the different perspectives, create rankings to prioritize efforts and much more. Help decision-makers focus on that, make decisions, without the complicated technical details.
Kiuwan for Developers is a plug-in available for Eclipse and IBM RAD IDEs that will check code against Security and Quality issues at the earliest stage, i.e. as you type your code. Define your Security and Quality thresholds and spread the check over the developers’ workbench. That way, you will be sure that no “bad” code arrives to at production or integration environments without have having been properly fixed at the developer desk.
(old) Kiuwan Code Review is a Kiuwan version specially especially suited to GitHub collaborative environment. If you are using this environment, you can benefit of Kiuwan by seamlessly analyze (automatically or on-demand) your GitHub repositories.
- Create your first application.
- Decide how to analyze the code
- Locally, by downloading and installing the Kiuwan Local Analyzer on a local machine and sends the results to the server; or
- In the cloud, "uploading" the code of your application.
- Analyze your application
- Do not worry if there is code of different technologies and languages, Kiuwan know knows how to distinguish them.
- If you choose to analyze in the Kiuwan cloud, Kiuwan deletes the uploaded code to safeguard your privacy once the analysis is finished
- Work with the results in one of these ways:
- Using the Kiuwan Dashboards;
- Generating PDF reports, either at executive or detail level;
- Exporting the result data in Excel format; or
- Using the REST API to extract relevant information.
- Iterate and Refine
- With the results and the list of recommendations, it would be normal that your development team wants to review and fix the code and analyze it again, to verify whether they have achieved the desired goals.
- You can see, therefore, the evolution over time of your application's Software Analytics. This will let you "refine" the Kiuwan default Software Model to your specific needs.
- Manage and Govern
- Kiuwan Governance allows you to group your applications in "portfolios" or logical groups, to obtain global indicators for the criteria you need —Technology, Suppliers, functional units...— to analyze their evolution in time or compare its results.
- Integrate the analysis in your Software Development Life Cycle
- To implement continuous analysis within other SDLC continuous processes (integration, deployment).
- You can automate Kiuwan analysis for your application or for deliveries of change requests during maintenance if you include Kiuwan Life Cycle functionality.