We performed a comparison between Polyspace Code Prover and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The outputs are very reliable."
"They also have what's called a Software Composition Analysis that can point out errors and fixes for third-party software frameworks, which is very nice."
"The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."
"Wide range of platforms and technology assessments."
"Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it."
"It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"The tool has some stability issues."
"Using Code Prover on large applications crashes sometimes."
"I'd like the data to be taken from any format."
"Automation could be a challenge."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"It does nearly everything, but penetration testing."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"Once your report has been generated, you need to review the report with consultation team, especially if it is too detailed on the development side or regarding the language. Then, you need some professional help from their end to help you understand whatever has been identified. Scheduling consultation takes a longer time. So, if you are running multiple reports at the same time, then you need to schedule a multiple consultation times with one of their developers. There are few developers on their end who work can work with your developers, and their schedules are very tight."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"On-premise implementation is not available."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Polyspace Code Prover is rated 7.6, while Veracode is rated 8.2. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Polyspace Code Prover vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
