We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting."
"Ad-hoc scanning during the development cycle and reports for audits are valuable features."
"The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."
"The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code."
"Good static analysis and dynamic analysis."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"The integration of static testing with our Azure DevOps CI pipeline was easy."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
"The one thing I'd like to be able to do is schedule dynamic scans. Today we're kicking those off manually, but I believe that it's something have on their roadmap."
"From what we have seen of Veracode's SCA offering, it is just average."
"Veracode does not support scans for .NET Blazor server applications."
"Software developers are always thinking about the next big thing but lose sight of what's happening right now. If you have an idea for a feature request, you must submit it to be voted on by the Veracode community. I don't like this. No one will look at it unless enough people vote for it."
"The overall reporting structure is complicated, and it's difficult to understand the report."
"It would help to have more training for developers to help them set it up."
"Veracode Static Analysis lacks penetration testing, so that's a concern. The tool is also unable to scan when it's a C or C++ model, so that's another area for improvement."
"It's taking too much time to do a quality scan."
Earn 20 points
NowSecure is ranked 33rd in Static Application Security Testing (SAST) while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. NowSecure is rated 7.0, while Veracode is rated 8.2. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". NowSecure is most compared with GitLab, Data Theorem API Secure , Acunetix and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.