Kiuwan_logo

Continuous Code Quality & Security Improvement

Take your code quality and security to the next level

Kiuwan is an on-line code review tool based on static analysis. It gives you high level indicators, about risk, quality and defects.

Code Quality & Security has economic importance

Code Quality & Security are important topics with significant economic importance. That means that they should be measured with accuracy, using effective metrics, proven measurement practices, and consistent indicators across the different technologies & languages used inside companies.

Kiuwan makes it easy

Unlike other static analysis tools, Kiuwan make automatic code review activity very easy.

Its code analyzers scan Java, JSP, Javascript, PHP, C/C++, ABAP IV, Cobol, JCL, C#, PL/SQL, Transact-SQL, SQL, VB 6, VB.Net, or Hibernate code (and new technologies that are added continuously).

Even, Kiuwan helps you with the mobile app testing, analyzing Android Programming and IOS (Objetive-C) code.

What is unique with Kiuwan is its multi-technology scan engine, supported with more than 1,000 rules and around 100 metrics, which implement best of breed programming best practices, detect critical code errors & security vulnerabilities in your software.

Standards Supported

These capabilities allow you to shape the security and quality of your applications in accordance with industry standards, such as OWASP, CWE, WASC, PCI, MISRA o CERTC, ISO/IEC 25000, ISO/IEC 9126.

Multitenant Architecture

Kiuwan it is not an on-premise code review tool hosted in a Cloud provider. It has been designed from the beginning as a SaaS application and, therefore, it is “multitenant”, which prevents that anyone but the owner of an application and its data could access to data that are not theirs (malicious users, hacker, back doors, system errors, information in logs, etc.).

There is no need to upload your code

You can scan your code locally downloading the analyzer, running it in your infrastructure, and uploading (encrypted) the results of your analysis, process them securely and seeing the results in Kiuwan cloud.

Where are the errors?

In order to see where in the code errors or security vulnerabilities are, you can choose:

  1. To upload the lines of code where they are located (Kiuwan shows them in defects report), or
  2. not to upload anything of your code at all (in this case, Kiuwan shows just the line numbers where errors or vulnerabilities have been found).

Kiuwan gives you a Quality Model by default

To measure and provide relevant quality and security indicators for your code, it needs a Quality Model (set of rules, metrics and indicators about the code).

This Quality Model has to be easily understood and applied by every part of the evaluation and code certification processes, so it must be based on industry standards, such as ISO/IEC 25000 or ISO/IEC 9126.

Kiuwan provides a multi-technology Quality Model by default: CQM, which enables you to start to analyze your code from day one.

…But you can customize it

However, Kiuwan provides a powerful utility that allows you to customize every CQM single detail, as: add new rules or metrics from Kiuwan’s “Library”; modify any of its parameters (priority, classification, parameters, sample code…).

Or just create your own Model

Or create your own Model, based on CQM, or from scratch, selecting the technologies, rules and metrics that you need.

What if I already have a quality model?

If you use an opensource tool in which you have already spent time to configure a quality model (Checkstyle, Findbugs o PMD), you will appreciate that you won’t have to repeat that work. We have thought about that, too, and we have implemented it on Kiuwan.

You’ll just have to give some data about where and how you have configured those tools and Kiuwan will incorporate those tools models (rulesets) and, from then on, you can treat them as any rule from Kiuwan’s Library.

Dashboard for each role

Kiuwan analyzers have much precision in finding defects in the code. However, Kiuwan stands out in its ability to present the information (dashboards and reports) for making decisions based on our applications’ quality and security.

Kiuwan views, diagrams and reports show relevant information for your applications’ management, such as: knowing the risk, thetechnical debt or the effort to repair your applications portfolio.

And, depending on the role you have in your company, Kiuwan gives this information at just one application, one group (portfolio) or at your whole portfolio’s level (global).

Action plans

If you are sure of the quality level you want to achieve, Kiuwan will help you by telling you how much will it take you to reach it and, day by day, the shortest way to get it, keep that level over time and improve it continuously!

It will surprise you!

Govern your applications

Kiuwan is the only cloud solution that allows you:

  • Take decisions about your application portfolio.
  • Compare them, see the evolution.
  • Explore the best repair scenario to fit  your needs and resources.
  • Help to decide if an application has to be conserved, optimized or replaced.

Continuous Quality & Security Management

Kiuwan is designed to make Continuous Code Inspection. Therefore, there are integration capabilities available in your Development Process (ALM) which allow you to know the status of your applications’ quality and security.

Agile, devOps

Kiuwan (and code analysis practice) is “neutral” from a methodological point of view, but its architecture and integration facilities enable it to fit “down pat” with agile methodologies and devOps.

Kiuwan is continuously analyzed and deployed

Considering that we do believe it, Kiuwan develops following these practices and with help from Kiuwan itself and some of the technological partners it integrates with.

Try it! It works! We have improved (and keep improving) our productivity, efficiency, quality and security levels.

Kiuwan integrates with…

  • JIRA
  • Cloudbees
  • Jenkins
  • Urban Code
  • …and more coming

Or make your own integration

Kiuwan provides RESTfull API, so you can invoke its functionalities and use them from your own environment.

Defects remediation

My application has plenty of different defects:

  • Where should I start to fix them?
  • How much time does it take me to repair each one of them?
  • Which are the optimal path and action plan to reach my quality goals?
  • I only have 20 hours to fix errors before the next delivery. What should I fix to aim the best possible quality?
  • Can I automatically transfer the errors-to-repair list to Development team?
  • Do I have “out-of-the-box” reports at executive level?

Let Kiuwan help you to answer these and other questions that may arise…