• Home
  • HCL AppScan vs. Veracode

HCL AppScan vs Veracode comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo
HCL AppScan
Read 40 HCL AppScan reviews
5,423 views|4,191 comparisons
82% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|17,157 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
HCL AppScan vs. Veracode
May 2024
Executive Summary

We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. Veracode Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Veracode but chose HCL AppScan: Offers many support languages, scans in a decent amount of time and is easy to set up
AkashKhurana
Easy to configure, stable, and good vulnerability detection
Veracode's ability to prevent vulnerable code from being deployed into production is crucial. Typically, if a dependency we use has security issues... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code.""I like the recording feature.""We use it as a security testing application.""Compared to other tools only AppScan supports special language.""IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability.""You can easily find particular features and functions through the UI.""The most valuable feature of the solution is the scanning or security part.""It was easy to set up."

More HCL AppScan Pros →

"Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it.""The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws.""I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate.""My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.""The integration capabilities with our existing development tools are very good.""The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws.""Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode.""I like Veracode's API. You can put it into a simple bash script and run your own security testing from your MacBook in less than 15 minutes."

More Veracode Pros →

Cons
"There is not a central management for static and dynamic.""I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.""The solution could improve by having a mobile version.""A desktop version should be added.""IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.""AppScan is too complicated and should be made more user-friendly.""HCL AppScan needs to improve security.""It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."

More HCL AppScan Cons →

"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time.""Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects.""We use Ruby on Rails and we still don't have any support for that from Veracode.""Some features could be improved in terms of user-friendliness.""The zip file scanning has room for improvement.""The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed.""I would like Veracode to add more language support.""It needs better controls to include/exclude specific sections when creating a report that can be shared externally with customers and prospects."

More Veracode Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about HCL AppScan?
    Top Answer:The product has valuable features for static and dynamic testing.
    Read all 17 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Read all 20 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Read all 18 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    15th
    out of 74 in Application Security Tools
    Views
    5,423
    Comparisons
    4,191
    Reviews
    16
    Average Words per Review
    360
    Rating
    7.2
    2nd
    out of 74 in Application Security Tools
    Views
    25,312
    Comparisons
    17,157
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. HCL AppScan
    Compared 15% of the time.
    Acunetix logo
    Acunetix vs. HCL AppScan
    Compared 10% of the time.
    OWASP Zap logo
    OWASP Zap vs. HCL AppScan
    Compared 8% of the time.
    Checkmarx One logo
    Checkmarx One vs. HCL AppScan
    Compared 8% of the time.
    More HCL AppScan Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    GitLab logo
    GitLab vs. Veracode
    Compared 2% of the time.
    More Veracode Competitors   →
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Crashtest Security , Veracode Detect
    Learn More
    HCLTech
    Veracode
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Government15%
    Transportation Company15%
    Comms Service Provider10%
    Financial Services Firm10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government9%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    HCL AppScan vs. Veracode
    May 2024
    Free Report: HCL AppScan vs. Veracode
    Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    HCL AppScan is ranked 15th in Application Security Tools with 40 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitLab. See our HCL AppScan vs. Veracode report.

    See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.