Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel5
absoluteUrltrue

What’s Kiuwan

 

Kiuwan is the Optimyth a cloud-based solution platform for Application Security and Enterprise Software Analytics.

...

Info

From the Security point of view, Kiuwan enforces a rigorous approach in the detection of Security Vulnerabilities.

We strive to meet the most stringent requirements and our compliance reports meet all well known security market standards:

  • OWASP, CWE, MISRA, NIST, PCI, and CERT, among others.

Please visit FAQs - Security Standards supported by Kiuwan for further info

 

Complementing this Security focus, Kiuwan offers Kiuwan offers not only functionality focusing on Security, but also a suite of products features that allows you to build from the ground up the a Software Analytics collaborative environment customized for the needs of your company, your development teams and your providers need.

 

 

How Kiuwan can help me

Companies of all shapesdifferent sizes, size maturities and color need industries need to develop software to support their business. Some companies develop their software themselves and some others use external providers to help them develop and maintain their business applications. There are companies that just have a few applications and others that have hundreds or even thousands. Some rely in 1 or 2 technologies and languages only and others that have been adapting their technology stack over time and use several different languages and technologies.

No matter what the case is, all have the same needs with different levels of complexity, mostly depending on the size:

  • Early detection of Security Vulnerabilities, even previously prior to deployment, and fix them as soon as possible
  • Reduction of issues —bugs— of the technical requirements of its the applications: performance, efficiency, etc.
  • Proper cost management associated to with development and maintenance, whether it’s carried out either by themselves or others external resources,
  • Align developed applications with the business goals and missions, 
  • Increase the productivity of the projects, or
  • Gain greater control —governmentgovernance— of their application development or maintenance outsourcing.

In most cases, these companies do not have the people and infrastructure needed to automate Security and Quality Assurance, Control and Certification Management for all developed software. Or , or cannot afford hiring an "on site" continuous certification service for their softwarethe development process.

Info

Kiuwan is the answer for all these companies. Kiuwan can address all the above needs regardless of the size and the level of complexity of their the development processes.

 

Beyond these corporate needs,  Kiuwan is designed to meet the needs of all the roles involved in any company's Software Development Process. Again, no matter the size, complexity or color of the company,  Kiuwan has the right information to the right stakeholder in the IT department.  

...

  • CIOs (Chief Information Officers) who need to make strategic decisions to improve software development.
  • CSOs (Chief Security Officers) who need to tackle security from the application perspective.
  • QA Managers and Engineers who need to control and monitor the quality state of applications under development.
  • Project Managers, how who need to know the health of the projects they manage from a technical perspective.
  • Application Architects, who can discover structural flaws early in the development process.
  • Operations who need to know the level of quality and security of the application they have in production.
  • DevOps, if companies are taking that transformation path Kiuwan is an essential tool for the people who make it happen.
  • Integration and Deployment Managers, who need to make sure the structural and technical health of the applications they are moving in their respective pipelines is what is expected in the next environment.
  • Developers, who want to develop the best software possible and learn as much as possible in the process.

...

There's no need to deploy any local infraestructure, Kiuwan will can do all the work SAST software analysis for you since the very first moment. All you need to do is signup, and start using Kiuwan.

Nevertheless, you can leverage your own infrastructure and service. Kiuwan offers an on-premise distributed analysis engine (KLA - Kiuwan Local Analyzer) that you can freely instantiate as many times as you need, allowing your compnay to integrate and embed it into you existing infrastructure.

This hybrid could cloud architecture lets you fully integrate Kiuwan SAAS with client-side infrastructure and operations such as Continuous Integration, Deployment and Development systems, keeping limiting all the communications between your side and Kiuwan with to the analysis results and via the most advanced security protection mechanisms.

...

Whatever may be the reason (source code privacy, leverage existing computing resources or integrate analysis within you infrastructure), you may consider want to analize analyze locally.

Info

Kiuwan Local Analyzer (KLA) is the distributed analysis engine that allows to you to execute Kiuwan analyses locally.

...

With Kiuwan Local Analyzer, you can perform analyses without the source code leaving your premises. It analyzes the source code and uploads (encrypted and through HTTPS)  the results (containing the defects found, the number of the line containing the defects, and optionally, the source code of the lines found to be defective) to Kiuwan.

The KLA adapts is adaptable to each organization’s network settings, and can be easily configured to work with a proxy server, or an implemented corporate authentication service, such as LDAP.

...

  • The source code never leaves your organization’s systems, since analyses take place on your machines.
  • Your installation will always be updated, because KLA is automatically updated updated from the Kiuwan cloud
  • You will be able to integrate with within your existing systems (IDE's , CI/CD pipelines, etc.)

Kiuwan Local Analyzer is a zipped module that you download and uncompress in on the target machine. It runs on Windows, Unix/Linux and MacOs . And , and only requires JVM (8), 1 Gb of free memory, access to source code and internet connection. It can be executed from Graphical User Interface or by Command-Line Interface. 

...

Info

Kiuwan gathers evidence form fromt the application's source code using home grown original using Kiuwan static analyzers.

It Kiuwan supports more than 20 different technologies, from J2EE to .NET, including legacy techs (SAP, Cobol,etc) and SQL

Please visit Kiuwan Supported Technologies

 

Based on this evidence, Kiuwan calculate calculates and presents relevant Software Analytics metrics to help different stakeholder in the SDLC, stakeholders make informed decisions and manage all kinds of aspects of the process with the common goal of continuously improve the software and SDLC processes.

  • Source code static analysis, either locally —through a downloadable agent— or in the cloud —uploading the code to Kiuwan site—
  • In-deep detection depthdetection of Security Vulnerabilities, providing detailed reports on where the vulnerabilities appear, their correlation to Security standards, providing remediation clues and assessing remediation progress.
  • Quality Defects detection that affect  important software characteristics: Reliability, Efficiency, Maintainability and Portability
  • Calculation of Software Metrics —number of violations, complexity, design, volumecode size...—.
  • Detection of Duplicate Code.
  • Calculation of Global Software Indicators, necessary for the governance and management of the software applications portfolio —Risk associated with the structural Security and Quality of the code, Global Indicator and software characteristics indicators, Effort to target, Technical debt —.

...

Info

Beyond the specific analysis information provided at the analysis moment, Kiuwan provides a collaborative environment that let lets you to explore all the gathered information

...

  • All results are available in your Kiuwan account through Dashboards (with powerful Filters , Aggregated and Historical Views,  etc)
  • You can also extract results to consume elsewhere through Kiuwan's REST API.
  • Reports generation at all levels and at in different formats (PDF, CSV, etc.), with possibility the ability to create your own Custom Reports  with custom level of details depending on your reports distribution specific needs
  • A complete set of tools to fully customize your needs:
    • Create and manage different software models to analyze your applications.
    • Generate and track action plans automatically.
    • Mute defects when needed and re-calculate analytics on the fly.
    • Create and manage different audits and apply them automatically to all deliveries in your application life cycle.
    • Group your applications in portfolios to give you relevant perspectives of your Software Analytics.
    • Generate rankings by perspective.
    • Cross different perspectives for several metrics and indicators to answer important questions about your application portfolio.
    • Etc.

...

Info
titleThe Truth is in the Source Code

At Kiuwan we firmly believe that “the truth is in the source code”. As you could read in this paper, you will see that all Kiuwan functionalities are based on an in-deep analysis depthanalysis of your source code.

 

Depending on your needs, Kiuwan provides solutions to analyze your code, manage your applications portfolio and expand to development staff.

...

We strive to meet the most stringent requirements and our compliance reports meet all well-known market standards (OWASP, CWE, MISRA, NIST, PCI, and CERT among others). Integrate Kiuwan Code Security in your development process and increase the overall security of your applications while reducing risk and cost thanks to early detection and correction of newly introduced vulnerabilities. Your developers and security managers will have at a finger print all the their fingertips details of security vulnerabilities and remediation progress.

...

Identify code defects and manage your remediation effort with blazingly fast speed in a collaborative and unlocalized decentralized environment. Your developers and project managers will have all the information they need to continuously improve applications.

...

In order to use Kiuwan, you must have a Kiuwan Account. If you do not have one yet, register for a Kiuwan trial account

Once you have a Kiuwan account, you have access to the Kiuwan collaborative environment in the cloud, and you can start analyzing your applications to generate the Software Analytics for your application portfolio.

The user experience helps us to make its operation is extremely intuitive and simple:

  • Create your first application.
  • Decide how to analyze the code
    • Locally, by downloading and installing the Kiuwan Local Analyzer on a local machine and sends the results to the server; or
    • In the cloud, "uploading" the code of your application.
  • Analyze your application
    • Do not worry if there is code of different technologies and languages, Kiuwan know how to distinguish them.
    • Once the analysis is finished, if we chose to upload the code to the cloud, Kiuwan delete it If you choose to analyze in the Kiuwan cloud, Kiuwan deletes the uploaded code to safeguard your privacy .once the analysis is finished
  • Work with the results in one of these three ways:
    •  Using the Kiuwan Dashboards;
    •  Generating PDF reports, either at executive or detail level;
    • Exporting the result data in Excel format; or
    • Using the REST API to extract relevant information.
  • Iterate and Refine
    • With the results and the list of recommendations, it would be normal that your development team wants to review and fix the code and analyze it again, to verify whether they have achieved the desired goals, which you can set.
    • You can see, therefore, the evolution over time of your application's Software Analytics. This will let you "refine" the Kiuwan default Software Model to your specific needs.
  • Manage and Govern
    • Kiuwan Governance alllows allows you to group your applications in "portfolios" or logical groups, to obtain global indicators for the criteria you need —Technology, Suppliers, functional units...— to analyze their evolution in time or compare its results.
  • Integrate the analysis in your Software Development Life Cycle
    • To implement continuous analysis within other SDLC continuous processes (integration, deployment).
    • You can automate Kiuwan analysis for your application or for deliveries of change requests during maintenance if you include Kiuwan Life Cycle functionality.

...