We performed a comparison between Rapid7 AppSpider and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"It is really accurate and the rate of false positives is very low."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"It scans all the components developed within a web application."
"The most valuable feature is the reporting, which is compliant with international standards."
"I would say that it is stable, as I am not aware of any major issues."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"Developer Sandboxes help move scanning earlier within the SDLC."
"I believe the static analysis is Veracode's best and most valuable feature. Software composition analysis is a feature that most people don't use, and we don't use SCA for most of our applications. However, this is an essential feature because it provides insight into the third-party libraries we use."
"The SCA, agent-based analysis, is valuable. SAST and DAST take time, while this is quite fast. It gives the results very quickly. We have implemented it into our CI/CD pipeline."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"The most valuable feature is the static scan that checks for security issues."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"Integration could be better."
"The tech support is responsive but issues remain unresolved."
"AppSpider has some problems with the RAM needed while scanning."
"There are some glitches with stability, and it is an area for improvement."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"This price of this solution is a little bit expensive."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
"When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
Rapid7 AppSpider is ranked 26th in Static Application Security Testing (SAST) with 13 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Rapid7 AppSpider is rated 7.8, while Veracode is rated 8.2. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix and Invicti, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Rapid7 AppSpider vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
