We performed a comparison between ReShaper and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Veracode, Checkmarx, OpenText and others in Static Code Analysis."The most valuable feature of ReShaper is that it provides continuously scanning of the data in real-time. ReShaper has a really good mechanism and process, they have a decent system."
"It comes with many features and supports almost all of the coding languages available."
"It's comprehensive from a feature standpoint."
"Scanning of .war and .jar is key for us."
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"Developer Sandboxes help move scanning earlier within the SDLC."
"This static analysis helps ensure a secure application rollout across all environments."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"Provides consistent evaluation and results without huge fluctuations in false positives or negatives."
"When it's integrated with a weak server machine, the performance isn't that great. It starts up slowly and even crashes at times."
"ReShaper could improve by increasing the performance of the scans. Their application is taking too much CPU. The processing is taking too many CPU resources which causes the system to slow down."
"It's very expensive for a small organization."
"The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement."
"I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams."
"It should include more informational, low level, vulnerability summaries and groupings. Large related groups of low level vulnerabilities may amount to a design flaw or another avenue for attack."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues."
"There should be more APIs, especially in SCA, to get some results or automate some things."
ReShaper is ranked 7th in Static Code Analysis while Veracode is ranked 1st in Static Code Analysis with 194 reviews. ReShaper is rated 8.6, while Veracode is rated 8.2. The top reviewer of ReShaper writes "Detects, analyzes, and fixes any coding issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". ReShaper is most compared with Whole Tomato Visual Assist and Fortify Static Code Analyzer, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Static Code Analysis vendors.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.