• Home
  • SonarCloud vs. Veracode

SonarCloud vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Sonar Logo
SonarCloud
Read 10 SonarCloud reviews
10,251 views|7,640 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|16,984 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
SonarCloud vs. Veracode
May 2024
Executive Summary

We performed a comparison between SonarCloud and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed SonarCloud vs. Veracode Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Huzaifa Asif
A comprehensive code quality management offering all-in-one functionality, including static code analysis, security...
Through SonarCloud, we gain insights, especially in a microservices environment with product-based products. It provides valuable guidance in... Read more →
Everton Yoshitani
I like the ease of integration and onboarding
Veracode helps us improve our overall security and build trust with our customers. For example, some of our customers have strict security... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of SonarCloud is its overall performance.""The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions.""I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is.""Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.""The solution provides continuous code analysis which has improved the quality of our code. It can raise alarms on vulnerabilities with immediate reports on the dashboard. Few things are false positives and we can customize the rules.""SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs.""The reports from SonarCloud are very good.""For what it is meant to do, it works pretty well."

More SonarCloud Pros →

"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode.""The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them.""I believe the static analysis is Veracode's best and most valuable feature. Software composition analysis is a feature that most people don't use, and we don't use SCA for most of our applications. However, this is an essential feature because it provides insight into the third-party libraries we use.""Ad-hoc scanning during the development cycle and reports for audits are valuable features.""It helps me to detect vulnerabilities.""It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies.""The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports.""Scanning of .war and .jar is key for us."

More Veracode Pros →

Cons
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit.""CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling.""It would be helpful if notifications could go out to an extra person.""The solution needs to improve its customization and flexibility.""The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps.""There's room for improvement in the configuration process, particularly during the initial setup phase.""SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive.""We had some issues with the scanner."

More SonarCloud Cons →

"Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues.""If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing.""Mitigation review isn't always super easy.""The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives.""We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass.""It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share.""It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline.""The overall reporting structure is complicated, and it's difficult to understand the report."

More Veracode Cons →

Pricing and Cost Advice
  • "The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
  • "The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
  • "I am using the free version of the solution."
  • "I rate the pricing a five out of ten."
  • "While not extremely cheap, it aligns well with market standards and offers good value."
  • "The current pricing is quite cheap."

    • More SonarCloud Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about SonarCloud?
    Top Answer:Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
    Read all 9 answers   →
    What is your experience regarding pricing and costs for SonarCloud?
    Top Answer:I would rate the price an eight out of ten because it's reasonable. While not extremely cheap, it aligns well with market standards and offers good value. It's an all-inclusive package where you pay a… more »
    Read all 7 answers   →
    What needs improvement with SonarCloud?
    Top Answer:There's room for improvement in the configuration process, particularly during the initial setup phase. Setting up features like mono reports can be challenging, and the existing documentation could… more »
    Read all 9 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    10th
    out of 67 in Static Application Security Testing (SAST)
    Views
    10,251
    Comparisons
    7,640
    Reviews
    7
    Average Words per Review
    523
    Rating
    8.4
    2nd
    out of 67 in Static Application Security Testing (SAST)
    Views
    25,312
    Comparisons
    16,984
    Reviews
    101
    Average Words per Review
    976
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. SonarCloud
    Compared 78% of the time.
    Checkmarx One logo
    Checkmarx One vs. SonarCloud
    Compared 5% of the time.
    GitLab logo
    GitLab vs. SonarCloud
    Compared 3% of the time.
    OWASP Zap logo
    OWASP Zap vs. SonarCloud
    Compared 3% of the time.
    Coverity logo
    Coverity vs. SonarCloud
    Compared 2% of the time.
    More SonarCloud Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Black Duck logo
    Black Duck vs. Veracode
    Compared 3% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    Sonar
    Veracode
    Interactive Demo
    Sonar
    Watch a demo
    Veracode
    Demo Not Available
    Overview

    SonarCloud is a cloud-based alternative of the SonarQube platform, offering continuous code quality and security analysis as a service. SonarCloud integrates seamlessly with popular version control and CI/CD platforms such as GitHub, Bitbucket, and Azure DevOps. It provides static code analysis to identify and help remediate issues such as bugs and security vulnerabilities. SonarCloud enables developers to receive immediate feedback on their code within their development environment, facilitating the maintenance of high-quality code standards, and promoting a culture of continuous improvement in software development projects. It helps produce software that is secure, reliable, and maintainable. SonarCloud is free for open-source projects and is offered as a paid subscription for private projects, priced per lines of code.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Manufacturing Company9%
    Healthcare Company5%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business56%
    Midsize Enterprise33%
    Large Enterprise11%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise57%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    SonarCloud vs. Veracode
    May 2024
    Free Report: SonarCloud vs. Veracode
    Find out what your peers are saying about SonarCloud vs. Veracode and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    SonarCloud is ranked 10th in Static Application Security Testing (SAST) with 10 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. SonarCloud is rated 8.4, while Veracode is rated 8.2. The top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". SonarCloud is most compared with SonarQube, Checkmarx One, GitLab, OWASP Zap and Coverity, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Black Duck. See our SonarCloud vs. Veracode report.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.