We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"Our development team use this solution for static code analysis and pen testing."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"The security team can track the remediation and risk acceptance statistics."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
"It could be improved with support for more programming languages, like SQL."
"Veracode does not support scans for .NET Blazor server applications."
"We have encountered occasional issues with scalability."
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"The user interface could be more sleek. Some scanning requirements aren't flexible. Some features take some time for new users to understand (like what exactly "modules" are)."
"The UI is not user-friendly and can be improved."
"In the future, I would like to see the RASP capability built-in."
Earn 20 points
NowSecure is ranked 33rd in Static Application Security Testing (SAST) while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. NowSecure is rated 7.0, while Veracode is rated 8.2. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". NowSecure is most compared with GitLab, Data Theorem API Secure , Acunetix and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.