Table of Contents |
---|
Introduction
Kiuwan allows for a true shiflteft approach by integrating with all the main IDEs.
Kiuwan for Developers (K4D) is a plug-in for development IDEs that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.
It provides the following benefits:
- Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
- Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its quality models to prevent errors and automatically standardise the code.
- Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.
Kiuwan for Developers monitors and reports on the security, quality and efficiency of your code at the point that it is written. This immediate feedback provides you with the opportunity to improve your code before it is delivered.
Supported IDEs and Requeriments
Info | ||
---|---|---|
| ||
Kiuwan for Developers (K4D) has been succesfully tested in following IDEs and minimum versions:
K4D is also available for Microsoft Visual Studio (please visit Kiuwan for Developers for Microsoft Visual Studio) For others IDEs and versions, please contact Kiuwan Technical Support |
Info | ||
---|---|---|
| ||
Kiuwan for Developers (K4D) requires Java 8 or above —either JDK or JRE— is required. You may download it from http://www.oracle.com/technetwork/java/javase/downloads/index.html. Please visit Setting Java 8 and JAVA_HOME for further info |
Info | ||
---|---|---|
| ||
If your are running Eclipse under Linux/Unix you can experience problems after install K4D. That's due to some well-known problems with GTK3 use by Eclipse distributions. Please visit next links for furhter info.
To solve this issue, please modifiy eclipse.ini : Add to your eclipse.ini: --launcher.GTK_version before the line: --launcher.appendVmargs |
Installation
To install Kiuwan for Developers just follow the steps below:
- Open Eclipse and, in the main menu, click on Help >> Install New Software...
- Select the Add... option and type the following values:
- Name: Kiuwan
- Location: https://www.kiuwan.com/pub/updatesite
- Pressing Ok will save this new update site and Eclipse will query our server to retrieve available features and plugins
- The Kiuwan for Developers feature will appear in the list below, check it and click on Next >
- Read and accept our Terms of Use
- Accept the certificate used to sign our product
- When the installation finishes and Eclipse asks to restart the IDE, please do so
If installation successfully completes, Kiuwan for Developers will be up and running upon restart!
Updates
Kiuwan for Developers checks automatically for updates on Eclipse startup and on a daily basis after that.
If you need to check it manually, you can do so through the standard Eclipse mechanisms, or by simply going to Window >> Preferences >> Kiuwan and pressing the Check for updates button.
Configuration
Connection Settings
Info | ||
---|---|---|
| ||
After installation, you need to configure K4D to connect to Kiuwan servers. K4D connection settings is configured at Window >> Preferences >> Kiuwan >> Connection Settings |
Fill in you User and Password of your Kiuwan Account and click Check Credentials to validate access.
In case you are using a proxy, please configure Proxy Settings.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
K4D execution modes
...
title | Execution modes |
---|
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
This option will open an internal browser to display Rule Information.
In case you are presented with Kiuwan Login page, please use the same credentials than used in K4D Connection Settings.
Vulnerabilities details (Source and Sink)
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Additionally, you can define filters based on Priority, Characteristic and Language.
Because your source code could be different to the source code of the analysys server, it might happens that some server defects could not match your current source code.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...