We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of CAST Highlight are automation and speed."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"CAST Highlight is easy to use and has a good dashboard."
"It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"Static Scanning is the most valuable feature of Veracode."
"The product provides guidance to develop secure software."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"I don't have much experience with the solution yet. We're looking at integrating Manual Penetration Testing with JIRA and Bamboo and then building that into a CICD model, so the integration is the most valuable feature so far."
"The source composition analysis had very good reporting."
"Veracode is very easy to use."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"There's a bit of a learning curve at the outset."
"The ease of configuration and customization could be improved in CAST Highlight."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"A high number of false positives are reported and this should be reduced."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Snyk, Checkmarx One, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.