You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 21 Next »

Frequently Asked Questions

 

General Information

Scanning your code

 

Technical Questions

What is Kiuwan Code Security (SAST)?
Kiuwan Code Security is a SAST solution that scans your code to identify and remediate security vulnerabilities.

It complies with the most stringent security standards and covers all important programming languages. It is a cloud-based solution but offers the possibility of analyzing your source code locally.

Continuous subscriptions also include an IDE plugin to help developers work more efficiently.

Learn more about it on our here.

What is Kiuwan Insights? (SCA)
Kiuwan Insights is an application that scans your code to identify vulnerabilities in third-party and open-source components.

It also helps you ensure compliance with open source and copyleft licenses.

Learn more about it on our here.

Which security standards are supported by Kiuwan Code Security?
Kiuwan Code Security is an OWASP corporate member and is CWE certified.

It covers the following standards:

  • SANS 25
  • CERT-Java/C/C++
  • WASC
  • PCI-DSS
  • NIST
  • MISRA
  • BIZEC. 

...and the list is continuously growing!

Learn more about how Kiuwan Code Security performs on the OWASP Benchmark here

How does Kiuwan Code Security perform in the OWASP Benchmark?
The OWASP Benchmark is a test suite designed to evaluate the coverage and accuracy of automated vulnerability detection tools.

The chart below shows the performance of Kiuwan Code Security for the latest version of the OWASP Benchmark, as of November 2019. The results show that Kiuwan (at position K) detected 100% of true positives, correctly identifying all vulnerabilities present in the test application.

For more details about the OWASP Benchmark and Kiuwan Code Security, read our original blog post from 2017, or review our most recent results and run your own test

How does Kiuwan Code Security help me make decisions on how to fix my application?
Kiuwan Code Security provides a module to create Action Plans, i.e. concrete and defined sets of goals and actions to be performed on your application to improve your code.

There are two options: 

  1. Build an Action Plan based on the criteria that are more important to you (available man-power, high-security vulnerabilities...)
  2. Ask Kiuwan Code Security to build an Action Plan for you based on your preferred strategy (e.g. I want to reach a 5-star rating)

 



Can I scan my source code without uploading it to the cloud?
Yes. If you do not want to upload your code for security reasons, you can run your analysis locally instead with Kiuwan Local Analyzer

Your results (defects, metrics, etc.) are uploaded securely to the Kiuwan Cloud, and you will view them in the dashboard. 

Secure Socket Layer (SSL) technology protects information sent to Kiuwan using encryption and authentication server. It ensures that your data in transit is safe, secure, and visible only to registered users in your organization.


How long does a scan take to complete?
The length of a scan depends on the programming languages and the number of lines of code (LoC). 

We tested the speed to give you an idea and these are the results:

  • 577k LoC in Java ~ 15 minutes
  • 32k LoC in Python in ~ 12 minutes
  • 9m LoC in C/C++ (Juliet v1.3) in ~ 23 hours

Results may vary.

Can I run multiple scans at the same time?
By instantiating multiple Kiuwan Local Analyzer applets simultaneously, you can run multiple scans at the same time. 

Which are the main indicators provided by Kiuwan Code Security?
The main indicators provided for Kiuwan are the following:
  • Software characteristics
    • Security, efficiency, maintainability, reliability, and portability
  • Global Indicator
    • The weighted average of the above software characteristics through a complex algorithm. This considers the severity of the defects, the weight of the category in which the defect is, the analyzed code volume, and the criticality of the language for Kiuwan users. This algorithm can be customized. 
  • Effort to Target
    • The amount of work effort needed to reach a defined goal. 
  • Risk Index
    • A representation of the potential problems that could arise by not paying attention to the security and quality of your source code. Any value greater than 0 should be observed and actions should be done to decrease the number. 

 

 

What are the requirements to use the Kiuwan Applications?
Kiuwan Code Security and Kiuwan Insights are cloud-based solutions, so to use the applications you only need Internet access to https://www.kiuwan.com and https://kiuwan.zendesk.com.

If you want to use the Kiuwan Local Analyzer you also need Java Runtime Environment installed on your computer. Read more about the requirements here: Installation Requirements for Kiuwan Local Analyzer

Which programming languages are supported?
The Kiuwan solutions support all of the most popular programming languages. Below, an overview:

Language

Extensions

ABAP

abap,bsp

ActionScript

as

ASP.NET

asax,ascx,ashx,asmx,aspx,master

C

c,h,pc

COBOL

cob,cbl,cpy,pco

C++

h,hh,cpp,hpp,cc,pc

C#

cs,cshtml

Gogo

HTML

htm,html,xhtml

Informix

sql,4gl

Java

java

JavaScript /TypeScript

js,xsjs,ts,tsx

JCL

jcl,prc

JSP

jsp,jspx,xhtml

Kotlinkt,ktm,kts

Natural

nls,nlp,nlh,nlm,nss,nsp,nsh

Objective C

h,m

OracleForms

oforms

PHP

php,php3,php4,php5,php6, phps,phtml

PL-SQL

sql,sf,sps,spb,sp,fnc,spp,plsql,trg,st,prc,pks,pkb,pck

PowerScript

sru,sra,srw,srf,srs,srm,srx

Python

python,py

RPG4

rpg,rpg3,rpg4,rpgle,dspf,mbr

Scalascala
Swiftswift

Transact-SQL

sql,tsql,sp

VisualBasic 6

bas,frm,cls

VB.NET

vb

Find more details here: https://www.kiuwan.com/languages/


The list keeps on growing! Contact our support team to find out which languages will be added in the future. 

Does Kiuwan Code Security integrate with JIRA?
Defects found by Kiuwan Code Security and incorporated into an Action Plan can generate tasks automatically in JIRA, accelerating the step between the certification of an application and the remediation of the found issues.

Please visit Export an Action Plan for further information.

Can I use Kiuwan Code Security in Continuous Integration?
Developers and integrators can connect to Kiuwan Code Security by different means.

Please visit Developers - Integrations for a full list of possibilities. 

Can I Use Kiuwan Local Analyzer via CLI?
The Kiuwan Local Analyzer has a CLI that can be integrated and scripted. Find more instructions in our documentation.

The Kiuwan Applications also have a REST API that can be used for more advanced integrations and interactions.

 



  • No labels