We performed a comparison between Parasoft SOAtest and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Technical support is helpful."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Since the solution has both command line and automation options, it generates good reports."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"They have a feature where they can record traffic and create tests on the report traffic."
"The one thing we really liked about Veracode when we got it was the consultation calls; that our developers are able to schedule them on their own, instead of going to a "gatekeeper." They upload their code, they have questions, they schedule it, they speak with someone on the other side who is an expert, they can speak developer-to-developers."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"The installation was straightforward."
"The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"Static analysis scanning engine is a key feature."
"The best feature of Veracode is that we can do static and dynamic scans."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The summary reports could be improved."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"Reporting facilities can be better."
"From an automation point of view, it should have better clarity and be more user friendly."
"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
"Scanning progress is highly dependent on the speed of the Internet."
"They need to have a plug-in, a better integration with the development environment."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"Mitigation review isn't always super easy."
Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Parasoft SOAtest is rated 8.2, while Veracode is rated 8.2. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Selenium HQ, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Parasoft SOAtest vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.