Frequently Asked Questions

Kiuwan is an industry leading code security solutions provider, offering a range of solutions from SAST to QA to support development teams through every stage of the development process. We have comprised a list of the top questions we from prospects & customers to assist you in understanding everything you need to know about Kiuwan.

Kiuwan Logo

General Questions

What Are Kiuwan Solutions For?

Modern companies need software to support their business, whether they develop it themselves or use external providers. In both cases, all companies have a few particular needs. Brands use Kiuwan to detect security vulnerabilities, reduce the number of bugs in code and manage costs associated with development.

Who are the Kiuwan solutions designed for?

Kiuwan is designed to support teams throughout the development infrastructure, giving developers the tools to secure their projects & CIOs the ability to monitor projects throughout the pipeline.

What is Kiuwan Code Security [SAST]?

Kiuwan Code Security is a SAST solution that scans your code to identify and remediate security vulnerabilities. Compliant with the most stringent security standards the tool enables teams to deploy with confidence. Kiuwan covers all important languages and operates via a hybrid solution available on-premise or in the cloud effectively supporting development teams. With continuous scanning subscriptions, teams can use Kiuwan directly within their IDE empowering increased efficiency and development speed.

What is kiuwan Insights [SCA]?

Kiuwan Insights is an application that scans your code to identify vulnerabilities from third-party and open source components. Insights provides a full repository of application code enabling teams to ensure compliance with open source components and licenses.

What other products does Kiuwan sell?

As part of your Kiuwan solutions package, your team can elect to add-on Kiuwan modules as needed. Including Code Analysis, Governance & Lifecycle to ensure full coverage throughout the development process.

How does Kiuwan Code Security perform in the OWASP Benchmark?

Kiuwan is an outstanding performer in the OWASp benchmark, recent results indicate that Kiuwan detected 100% of true positives, correctly identifying all vulnerabilities present in the test application.

How does Kiuwan help me improve my decision making?

Kiuwan Code Security provides a module to create Action Plans, i.e. concrete and defined sets of goals and actions to be performed on your application to improve your code. Users can build action plans based on their key criteria, Kiuwan can also construct an action plan for you based on your preferred development strategy.

Scanning Your Code

Does Kiuwan store my application's uploaded source code?

Kiuwan provides a hybrid code security solution, enabling analysis in the cloud or locally. When scanning in the cloud, source code is deleted as soon as the analysis is finished. When analyzing locally, the source code never leaves the local machine with generated results securely uploaded to the Kiuwan cloud.

Can I scan my source code without uploading to the cloud?

Kiuwan can be used on your device alone using the kiuwan Local Analyzer, results can be uploaded to the cloud securely. Secure Socket Layer is used to protect information sent to Kiuwan using encryption and authentication server. With security as your priority, Kiuwan focuses on optimizing security as part of all process to keep your development properties safe.

How long does a scan take to complete?

The duration of a code scan depends on the programming languages and Lines Of Code Scanned. Some benchmarks to give you an idea: 577k LoC in Java ~ 15 minutes 32k LoC in Python in ~ 12 minutes 9m LoC in C/C++ (Juliet v1.3) in ~ 23 hours

Can I run multiple scans at the same time?

By instantiating multiple Kiuwan Local Analyzer applets simultaneously, you can run multiple scans at the same time with the Kiuwan tool.

Do I have to scan the complete source code?

By applying filters you can reduce the lines of code analyzed in a given analysis session. This consequently also accelerates the scanning time.

What are the main indicators provided by Kiuwan?

Kiuwan provides a range of key indicators to aid decision making including: Software characteristics, Global Indicator, Effort to Target & Risk Index.

Technical Questions

What requirement are needed to use Kiuwan applications?

Kiuwan Code Security and Kiuwan Insights are cloud-based solutions, so to use the applications you only need Internet access to use Kiuwan & Zendesk. If you want to use the Kiuwan Local Analyzer you also need Java Runtime Environment installed on your computer. Read more about the requirements here: Installation Requirements for Kiuwan Local Analyzer

Which programming languages are supported?

The Kiuwan solutions support all of the most popular programming languages, Kiuwan SAST supports 30+ technologies, Kiuwan SCA features support for 15+ languages.

Does Kiuwan integrate with JIRA?

Defects found by Kiuwan Code Security and incroporated into an Action Plan can generate tasks automatically in JIRA, accelerating the step between the certification of an application and the remediation of found issues.

Can I use Kiuwan Code Security in Continuous Integration?

Developers and integrators can connect to Kiuwan Code Security by different means. Visit our documentation to identify the full list of integration options.

Can I use Kiuwan Local Analyzer via CLI?

The Kiuwan Local Analyzer has a CLI that can be integrated and scripted, following instructions noted in the documentation. The Kiuwan applications also have a REST API that can be leveraged for more advanced integrations and interactions.