We performed a comparison between Polyspace Code Prover and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Polyspace Code Prover is a very user-friendly tool."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The outputs are very reliable."
"The product detects memory corruptions."
"We have to look at it from the perspectives of how important it is to fix something and when it should be prioritized for fixing. The JSON output from the agent-based scans gives us the CVS core, and that makes things much easier."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"Wide range of platforms and technology assessments."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"One of the main disadvantages is the time it takes to initiate the first run."
"I'd like the data to be taken from any format."
"Automation could be a challenge."
"The tool has some stability issues."
"Using Code Prover on large applications crashes sometimes."
"It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo."
"The current version of the application does not support testing for API."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"It needs more timely support for newer languages and framework versions."
"It could be improved with support for more programming languages, like SQL."
"We are testing Veracode's software composition analysis, but we're having trouble integrating it with SVN. It works out of the box when you use Git but doesn't work as well with other tools like SVN. It's more geared toward Git"
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"Veracode needs to improve its integration with other tools."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Polyspace Code Prover is rated 7.6, while Veracode is rated 8.2. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Polyspace Code Prover vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.