We performed a comparison between Parasoft SOAtest and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."They have a feature where they can record traffic and create tests on the report traffic."
"Since the solution has both command line and automation options, it generates good reports."
"The testing time is shortened because we generate test data automatically with SOAtest."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Every imaginable source in the entire world of information technology can be accessed and used."
"The solution is scalable."
"Technical support is helpful."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools."
"Ad-hoc scanning during the development cycle and reports for audits are valuable features."
"Provides the capability to track remediation and the handling of identified vulnerabilities."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"The performance could be a bit better."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"UI testing should be more in-depth."
"From an automation point of view, it should have better clarity and be more user friendly."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The summary reports could be improved."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Straightforward to set up, but the configuration of the rules engine is difficult and complicated."
"Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"The solution does not support Dynamic Application Security Testing."
"Veracode's false positives have room for improvement."
"A high number of false positives are reported and this should be reduced."
Parasoft SOAtest is ranked 29th in Static Application Security Testing (SAST) with 30 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Parasoft SOAtest is rated 8.2, while Veracode is rated 8.2. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Selenium HQ, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Parasoft SOAtest vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.