ShiftLeft vs Veracode Comparison 2024

ShiftLeft

Veracode

ShiftLeft

Read 1 ShiftLeft review

290 views|222 comparisons

Veracode

Read 194 Veracode reviews

25,312 views|17,157 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Application Security Tools

May 2024

Executive Summary

We performed a comparison between ShiftLeft and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: May 2024).

Download the complete report

771,157 professionals have used our research since 2012.

Featured Review

Shivendra S.

Senior Director of Engineering - Information Security at Apna

Effectively in identify and fix bugs early in the development lifecycle

ShubhamSharma5

Senior Consultant at Material Vision

A very good tool for dynamic application testing, but its price is a little high

We have had challenges with security because developers come from different organizations and different backgrounds. They have different ways of... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."

More ShiftLeft Pros →

"This static analysis helps ensure a secure application rollout across all environments.""I can have quick results by just uploading compiled components.""I like the way the flaws are reported in the system.""The source composition analysis component is great because it gives our developers some comfort in using new libraries.""It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results.""The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface.""Before Veracode, the application was deployed to the production server and there would be a lot of bugs and issues. Once we implemented the Veracode scan, the full deployment issues were drastically reduced.""The most valuable feature of Veracode is the binary scan feature for auditing, which allows us to audit the software without the source code."

More Veracode Pros →

Cons

"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."

More ShiftLeft Cons →

"On-premise implementation is not available.""Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues.""Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it.""We have encountered occasional issues with scalability.""There should be more APIs, especially in SCA, to get some results or automate some things.""When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us.""There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it.""The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary."

More Veracode Cons →

Pricing and Cost Advice

Information Not Available

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"The pricing is pretty high."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

"It's worth the value"

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

More Veracode Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See Recommendations

771,157 professionals have used our research since 2012.

Questions from the Community

What do you like most about ShiftLeft?

Top Answer:When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness.

What needs improvement with ShiftLeft?

Top Answer:When it comes to areas of improvement for ShiftLeft, I believe it could benefit from greater support from senior management. It's important to have their involvement when it comes to architectural… more »

What advice do you have for others considering ShiftLeft?

Top Answer:I would highly recommend ShiftLeft. It greatly simplifies the job for both security professionals and developers. By identifying and fixing bugs earlier in the development lifecycle, it significantly… more »

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The SAST and DAST modules are great.

Read all 96 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Read all 66 answers →

Ranking

26th

out of 74 in Application Security Tools

Views

290

Comparisons

222

Reviews

Average Words per Review

959

Rating

10.0

2nd

out of 74 in Application Security Tools

Views

25,312

Comparisons

17,157

Reviews

101

Average Words per Review

989

Rating

8.1

Comparisons

SonarQube vs. ShiftLeft

Compared 44% of the time.

Black Duck vs. ShiftLeft

Compared 38% of the time.

Semgrep Supply Chain vs. ShiftLeft

Compared 18% of the time.

More ShiftLeft Competitors →

SonarQube vs. Veracode

Compared 26% of the time.

Checkmarx One vs. Veracode

Compared 14% of the time.

Fortify on Demand vs. Veracode

Compared 7% of the time.

Snyk vs. Veracode

Compared 6% of the time.

OWASP Zap vs. Veracode

Compared 4% of the time.

More Veracode Competitors →

Also Known As

Crashtest Security , Veracode Detect

Learn More

ShiftLeft

Veracode

Overview

Shipping secure code is painful and time-consuming – slowing down development teams and AppSec teams alike. ShiftLeft is on a mission to make vulnerabilities history. Our revolutionary Code Property Graph (CPG) enables us to seamlessly insert 10x faster code analysis, prioritized OSS vulnerability findings and real-time security education in one single SaaS platform integrated directly into modern development workflows. Combining our OWASP-benchmark dominating NG-SAST, Intelligent SCA, instant secrets detection, and contextual security education, ShiftLeft CORE code security platform turns every developer into an AppSec expert.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Top Industries

VISITORS READING REVIEWS

Financial Services Firm17%

Computer Software Company11%

Retailer11%

Legal Firm9%

REVIEWERS

Computer Software Company26%

Financial Services Firm23%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Financial Services Firm18%

Computer Software Company15%

Manufacturing Company8%

Government6%

Company Size

VISITORS READING REVIEWS

Small Business27%

Midsize Enterprise7%

Large Enterprise66%

REVIEWERS

Small Business31%

Midsize Enterprise20%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise13%

Large Enterprise70%

ShiftLeft vs Veracode comparison