We performed a comparison between Rapid7 AppSpider and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"It scans all the components developed within a web application."
"It is really accurate and the rate of false positives is very low."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"I would say that it is stable, as I am not aware of any major issues."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"Veracode provides faster scans compared to other static analysis security testing tools."
"The deployment mode is very useful."
"Before Veracode, the application was deployed to the production server and there would be a lot of bugs and issues. Once we implemented the Veracode scan, the full deployment issues were drastically reduced."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products."
"The pricing is worth it."
"The dashboard and interface are crucial and they need some improvement."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The tech support is responsive but issues remain unresolved."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"Integration could be better."
"This price of this solution is a little bit expensive."
"The enterprise interface is too simple. It should be more customizable."
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"There should be more APIs, especially in SCA, to get some results or automate some things."
"The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."
Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Rapid7 AppSpider is rated 7.8, while Veracode is rated 8.2. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix and Invicti, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Rapid7 AppSpider vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.