We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of CAST Highlight are automation and speed."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"I have found the user interface extremely helpful in prioritizing issues."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"Veracode provides faster scans compared to other static analysis security testing tools."
"The most valuable feature is the static scan that checks for security issues."
"Because it is a SaaS offering, I do not have to support the infrastructure."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"It should include more informational, low level, vulnerability summaries and groupings. Large related groups of low level vulnerabilities may amount to a design flaw or another avenue for attack."
"In some cases we use their APIs; they're not as rich as I would like."
"Once your report has been generated, you need to review the report with consultation team, especially if it is too detailed on the development side or regarding the language. Then, you need some professional help from their end to help you understand whatever has been identified. Scheduling consultation takes a longer time. So, if you are running multiple reports at the same time, then you need to schedule a multiple consultation times with one of their developers. There are few developers on their end who work can work with your developers, and their schedules are very tight."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"They should improve on the static scanning time."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues."
CAST Highlight is ranked 13th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 2nd in Software Composition Analysis (SCA) with 194 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Snyk, Black Duck, Checkmarx One and Sonatype Lifecycle, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.