Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents: 

Table of Contents

...

maxLevel5
absoluteUrltrue

What’s Kiuwan

 

Kiuwan is the Optimyth cloud solution platform for Application Security and Enterprise Software Analytics.

 

Info

From the Security point of view, Kiuwan enforces a rigorous approach in the detection of Security Vulnerabilities.

We strive to meet the most stringent requirements and our compliance reports meet all well known security market standards (OWASP, CWE, MISRA, NIST, PCI, and CERT among others).

Please visit FAQs - Security Standards supported by Kiuwan for further info

 

Complementing this Security focus, Kiuwan offers a suite of products that allows you build from the ground up the Software Analytics collaborative environment your company, your development teams and your providers need.

 

Image Removed

 

How Kiuwan can help me

Companies of all shapes, size and color need to develop software to support their business. Some companies develop their software themselves and some others use external providers to help them develop and maintain their business applications. There are companies that just have a few applications and others that have hundreds even thousands. Some rely in 1 or 2 technologies and languages only and others that have been adapting their technology stack over time and use several different languages and technologies.

No matter what the case is, all have the same needs with different levels of complexity, mostly depending on the size:

...

What is Kiuwan?

 

Image Added

 

Kiuwan is a cloud-based solution platform for Application Security and Enterprise Software Analytics.

Kiuwan solutions help teams of all sizes meet their objectives:  

  • Detect security vulnerabilities as early as possible in the development life cycle
  • Reduce issues —bugs— in the technical aspects of applications: performance, efficiency, etc.

...

  • Manage costs associated with development and maintenance,

...

  • from internal or external resources

...

  • Align developed applications with

...

  • business

...

  • goals and missions
  • Increase team productivity 
  • Gain greater control —

...

  • governance— of

...

  • application development or maintenance outsourcing.

In most cases, these companies do not have the people and infrastructure needed to automate Security and Quality Assurance, Control and Certification Management for all developed software. Or cannot afford hiring an "on site" continuous certification service for their software.

Info

Kiuwan is the answer for all these companies. Kiuwan can address all the above needs regardless of the size and the level of complexity of their development processes.

 

Beyond these corporate needs,  Kiuwan is designed to meet the needs of all the roles involved in any company Software Development Process. Again, no matter the size, complexity or color of the company,  Kiuwan has the right information to the right stakeholder in the IT department.  

Find yourself below and see how Kiuwan can help you:

  • CIOs (Chief Information Officers) who need to make strategic decisions to improve software development.
  • CSOs (Chief Security Officers) who need to tackle security from the application perspective.
  • QA Managers and Engineers who need to control and monitor the quality state of applications under development.
  • Project Managers, how need to know the health of the projects they manage from a technical perspective.
  • Application Architects, who can discover structural flaws early in the development process.
  • Operations who need to know the level of quality and security of the application they have in production.
  • DevOps, if companies are taking that transformation path Kiuwan is an essential tool for the people who make it happen.
  • Integration and Deployment Managers, who need to make sure the structural and technical health of the applications they are moving in their respective pipelines is what is expected in the next environment.
  • Developers, who want to develop the best software possible and learn as much as possible in the process.

 

Kiuwan Architecture

 

Info

Kiuwan platform is built on a hybrid cloud architecture and a distributed analysis engine, offering you the best of both approaches (cloud and on-premise).

 

Kiuwan is a SAAS cloud-based platform, 24x7 fault-tolerant infrastructure (AWS).

There's no need to deploy any local infraestructure, Kiuwan will do all the work for you since the very first moment. All you need to do is signup, and start using Kiuwan.

Nevertheless, you can leverage your own infrastructure and service. Kiuwan offers am on-premise distributed analysis engine (KLA - Kiuwan Local Analyzer) that you can freely instantiate as many times as you need, allowing to integrate and embed it into you existing infrastructure.

This hybrid could architecture lets you fully integrate Kiuwan SAAS with client-side infrastructure and operations such as Continuous Integration, Deployment and Development systems, keeping all the communications between your side and Kiuwan with the most advanced security protection mechanisms.

 

 

Image Removed

 

Local Analysis  - Kiuwan Local Analyzer (KLA)

Whatever may be the reason (source code privacy, leverage existing computing resources or integrate analysis within you infrastructure), you may consider to analize locally.

Info

Kiuwan Local Analyzer (KLA) is the distributed analysis engine that allows to you to execute Kiuwan analyses locally.

 

With Kiuwan Local Analyzer, you can perform analyses without the source code leaving your premises. It analyzes the source code and uploads (encrypted and through HTTPS)  the results (containing the defects found, the number of the line containing the defects, and optionally, the source code of the lines found to be defective) to Kiuwan.

The KLA adapts to each organization’s network settings, and can be easily configured to work with a proxy server, or an implemented corporate authentication service, such as LDAP.

With KLA:

  • The source code never leaves your organization’s systems, since analyses take place on your machines.
  • Your installation will always be updated, because KLA is automatically updated 
  • You will be able to integrate with your existing systems

Kiuwan Local Analyzer is a zipped module that you download and uncompress in the target machine. It runs on Windows, Unix/Linux and MacOs. And only requires JVM (8), 1 Gb of free memory, access to source code and internet connection. It can be executed from Graphical User Interface or by Command-Line Interface. 

 

Info

Kiwuan Local Analyzer provide the basis for external system integration (CI systems, SAP servers, etc) as well as to execute analyses in your development IDE.

Please visit Developers - Integrations for futher help on how to integrate with Jenkins, Team Foundation Server, IBM UrbanCode Deploy, Cloudbees, Bluemix DevOps, TeamCity, etc.

Also, you can visit Kiuwan for Developers if you need to use Kiuwan from within your IDE.

 

Please visit Kiuwan Local Analyzer for further info.

 

 

 

 

Image Removed

 

 

How Kiuwan works

 

Info

Kiuwan gathers evidence form application's source code using home grown original Kiuwan static analyzers.

It supports more than 20 different technologies, from J2EE to .NET, including legacy techs (SAP, Cobol,etc) and SQL

Please visit Kiuwan Supported Technologies

 

...

Kiuwan gathers evidence from an application's source code using Kiuwan static analyzers, which support more than 30 different technologies

 

 

How Kiuwan works

Image Added

 

Kiuwan calculates and presents relevant Software Analytics metrics to help

...

stakeholders make informed decisions and

...

continuously improve the software and SDLC processes.

  • Source code static analysis, either locally

...

  • through a downloadable

...

  • agent or in the cloud

...

  • , uploading the code to Kiuwan

...

  • site
  • In-

...

  • depth detection of security vulnerabilities, providing detailed reports on where the vulnerabilities appear, their correlation to

...

  • security standards, providing remediation clues and assessing remediation progress.
  • Quality

...

  • defects detection that

...

  • affects important software characteristics:

...

  • reliability,

...

  • efficiency,

...

  • maintainability, and

...

  • portability
  • Calculation

...

  • of software metrics —number of violations, complexity, design,

...

  • code size.
  • Detection of duplicate code.
  • Calculation

...

  • of global software Indicators, necessary for the governance and management of the software applications portfolio

...

  • , including risk associated with the structural

...

  • security and

...

  • quality of the code,

...

  • global Indicator and software characteristics indicators,

...

  • effort to target,

...

  • and technical debt

...

  • .

 

Info

Beyond the specific analysis information provided at the analysis moment, Kiuwan provides a collaborative environment that let to explore all the gathered information

 

All results are available in your Kiuwan account through 

...

dashboards (with

...

powerful filters, aggregated and historical views,  etc)

You can also extract results to consume elsewhere through Kiuwan's REST API.

Reports generation at all levels and

...

in different formats (PDF, CSV, etc.), with

...

the ability to create custom reports with a custom level of details depending on your

...

specific needs

A complete set of tools to fully customize Kiuwan to your needs:

  • Create and manage different

...

  • software models

...

  •  to analyze your applications.
  • Generate and

...

  • track action plans

...

  •  automatically.
  • Mute defects

...

  •  when needed and re-calculate analytics on the fly.
  • Create and manage

...

  • different audits

...

  •  and apply them automatically to all deliveries in your application life cycle.
  • Group your applications

...

  • in portfolios

...

  •  to give you relevant perspectives of your Software Analytics.

...

  • Generate rankings

...

  •  by perspective.
  • Cross different perspectives for several metrics and indicators to answer important questions about your application portfolio.
  • Etc.

...

Image Added

Kiuwan SaaS

 

Kiuwan Saas has been designed to suite your needs and provides you with a full suite of solutions that leverage you existing source code to build up a comprehensive Security and Software Analytics environment.

Info
titleThe Truth is in the Source Code

At Kiuwan we firmly believe that “the truth is in the source code”. As you could read in this paper, you will see that all Kiuwan functionalities are based on an in-deep analysis of your source code.

 

Depending on your needs, Kiuwan provides solutions to analyze your code, manage your applications portfolio and expand to development staff.

 

Image Removed

 

Analyze your code

Kiuwan Code Security 

Kiuwan Code Security enforces a rigorous approach in the detection of Security Vulnerabilities.

We strive to meet the most stringent requirements and our compliance reports meet all well known market standards (OWASP, CWE, MISRA, NIST, PCI, and CERT among others). Integrate Kiuwan Code Security in your development process and increase the overall security of your applications while reducing risk and cost thanks to early detection and correction of newly introduced vulnerabilities. Your developers and security managers will have at a finger print all the details of security vulnerabilities and remediation progress.

 

Kiuwan Code Analysis

Kiuwan Code Analysis offers unparalleled scope in the detection of quality defects, smoothly integrating within continuous development processes.

Identify code defects and manage your remediation effort with blazingly fast speed in a collaborative and unlocalized environment. Your developers and project managers will have all the information they need to continuously improve applications.

Kiuwan Architecture

Kiuwan Architecture offers a revolutionary approach to Application Inventory Management, letting you to detect and surfaces the components and dependencies in your applications, giving you the ability to truly understand your architecture and applications’ structure.

 

Manage your applications portfolio

Kiuwan Life Cycle

Kiuwan Life Cycle lets you sensibly reduce development time, testing and integration effort during  your software development life cycle by establishing baselines and analyzing deliveries and change requests, letting you to define and apply automatic audits to make sure every delivery is not going to make your application worse.

Kiuwan Governance

Kiuwan Governance helps you to make informed decisions based on the objective information gathered by Code Security and Code Analysis. Group your applications in portfolios that are meaningful for your business and consume aggregated information by the perspectives they provide. Manage the different types of risk you face in the different perspectives, create rankings to prioritize efforts and much more. Help decision makers focus on that, make decisions, without the complicated technical details.

 

Expand to your daily tasks

Kiuwan for Developers

Kiuwan for Developers is a plug-in available for Eclipse and IBM RAD IDEs that will check code against Security and Quality issues at the earliest stage, i.e. as you type your code. Define your Security and Quality thresholds and spread the check over the developers’ workbench. That way, you will be sure that no “bad” code arrives to production or integration environments without have been properly fixed at the developer desk.

Kiuwan Code Review

Kiuwan Code Review is a Kiuwan version specially suited to GitHub collaborative environment.  If you are using this environment, you can benefit of Kiuwan by seamlessly analyze (automatically or on-demand) your GitHub repositories.

               

How can I start to work with Kiuwan

...

 

How do I start using Kiuwan? 

 

Info

If you do not have a Kiuwan account yet, request a demo from our sales team here

If you already have an account, visit our User Guide or see below:


In short: 

Once you have a Kiuwan account, you have access to the Kiuwan collaborative environment in the cloud, and you can start analyzing your applications to generate the Software Analytics for your application portfolio.

...

Below is an outline of the basic steps to analyze your application:

  1. Create your first application.

  2. Decide how to analyze the code
    1. Locally, by downloading and installing the Kiuwan Local Analyzer on a local machine and sends the results to the server; or
    2. In the cloud,

...

    1. uploading

...

    1. the code of your application.

  1. Analyze

...

  1.  your application
    1. Do not worry if there is a code of different technologies and languages, Kiuwan

...

    1. knows how to distinguish them.

...

    1. If you choose to analyze in the Kiuwan cloud, Kiuwan deletes the uploaded code to safeguard your privacy

...

    1. once the analysis is finished

  1. Work with the results

...

  1.  in one of these

...

  1. ways:

    ...

      1. Use the

    ...

      1. Kiuwan Dashboards;

    ...

      1. Generate PDF reports, either at an executive or detail level;

    ...

      1. Export the result data

    ...

      1. in Excel

    ...

      1.  format; or

    ...

      1. Use the REST API

    ...

      1.  to extract relevant information.

    1. Iterate and

    ...

    1. refine
      1. With the results and the list of recommendations,

    ...

      1. your development team

    ...

      1. will likely want to review and fix the code and analyze it again, to verify whether they have achieved the desired goals.
      2. As a result,

    ...

      1. you can

    ...

      1. see

    ...

      1. the evolution over time of your application's Software Analytics. This

    ...

      1. allows you

    ...

      1. to refine

    ...

      1. the Kiuwan default Software Model to your specific needs.

    1. Manage and

    ...

    1. govern
      1. Kiuwan Governance

    ...

      1. allows you

    ...

      1. to group your applications

    ...

      1.  in "portfolios" or logical groups, to obtain global indicators for the criteria you need

    ...

      1. — technology,

    ...

      1. suppliers, functional units, etc.

    ...

      1. — to analyze

    ...

      1. their evolution

    ...

      1.  in time or compare its results.

    1. Integrate the analysis in your Software Development Life Cycle
      1. To

    ...

      1. implement continuous analysis

    ...

      1.  within other SDLC continuous processes (integration, deployment).
      • You

    ...

      • can automate Kiuwan

    ...

      • analyses for your application or

    ...

      • deliveries of change requests during maintenance if you include Kiuwan Life Cycle functionality.

     

    From there, the sky is the limit.

     

     

    Kiuwan Analysis Options

    Image Added

     

    Section
    bordertrue
    Column
    width25%
    Tip

    Kiuwan Local Analyzer

    Kiuwan Local Analyzer (KLA) is the distributed analysis engine that allows you to execute Kiuwan analyses locally.

    With Kiuwan Local Analyzer, you can perform analyses without the source code leaving your premises.

    It analyzes the source code and uploads (encrypted and through HTTPS)  the results to Kiuwan.

    Column
    width25%

    Kiuwan Cloud Analyzer

    You also have the option of uploading your source code (encrypted and through HTTPS to the cloud and analyzing it there.

    The results will show in Kiuwan, just like the KLA.

    Column
    width25%

    Kiuwan On-Premises

    Kiuwan On-Premises is the on-premises version of Kiuwan SaaS, providing full Kiuwan functionalities but completely deployed on your own premises.

    It is an alternative to the cloud solution for those customers who prefer to maintain a private instance completely managed within their own infrastructure.

    Kiuwan On-Premises can be installed on a single host or on multiple hosts (externalizing one, some or all of the provided infrastructure services).

    Column
    width25%

    Developers - Integrations

    Kiuwan can integrate with the most popular IDEs and CI environments.



     

    Kiuwan Modules

    Section
    bordertrue
    Column
    width50%

    Image Added

    Kiuwan Code Security

    Kiuwan Code Security enforces a rigorous approach in the detection of security vulnerabilities.

    We strive to meet the most stringent requirements and our compliance reports support well-known market standards (OWASP, CWE, MISRA, NIST, PCI, and CERT among others). Integrate Kiuwan Code Security in your development process and increase the overall security of your applications while reducing risk and cost thanks to early detection and correction of newly introduced vulnerabilities. Your developers and security managers will have at their fingertips details of security vulnerabilities and remediation progress.

    Column
    width50%

    Image Added

    Kiuwan Insights

    With Kiuwan Insights, you can identify and manage vulnerabilities, compliance, and operational risk that may arise from using open source components.

    Open source components are a significant and important part of commercial software today.

    Yet the use of these components introduces the risk of security vulnerabilities, as well as a need to ensure proper licensing and adherence to policies.

     

    Section
    bordertrue
    Column
    width33%

    Kiuwan Code Analysis

    Kiuwan Code Analysis offers unparalleled scope in the detection of quality defects, smoothly integrating within continuous development processes.

    Identify code defects and manage your remediation effort with blazingly fast speed in a collaborative and decentralized environment. Your developers and project managers will have all the information they need to continuously improve applications

    Column
    width33%

    Kiuwan Governance

    Kiuwan Governance helps you to make informed decisions based on the objective information gathered by Code Security and Code Analysis.

    Group your applications in portfolios that are meaningful for your business and consume aggregated information by the perspectives they provide.

    Manage the different types of risk you face in the different perspectives, create rankings to prioritize efforts, and much more. Help decision-makers focus on that, make decisions, without the complicated technical details.

    Column
    width33%

    Kiuwan Life Cycle

    Kiuwan Life Cycle helps you sensibly reduce development time, testing, and integration effort during your software development life cycle by establishing baselines and analyzing deliveries and change requests. This empowers you to define and apply automatic audits to make sure each delivery meets your goals without introducing regressions.