We performed a comparison between ShiftLeft and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"That it is a cloud-based solution is very valuable to us. We don't need that hardware running our scans and hosting the environment to be scanned. Also, the technology, the static scanning versus dynamic scanning produces a much better result, a more accurate result."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"Vericode's policy reporting for ensuring compliance with industry standards and regulations is great. I"
"One thing we like is the secret detection feature. It has helped us to discover keys stored in our settings file as a TXT document. We can address that vulnerability by using encryption. We can even scan Docker images for vulnerabilities. Static analysis is another good feature of Veracode because we can run a security scan during development to identify the vulnerabilities."
"The integration with DevOps pipelines is seamless."
"The time savings has been tremendous. We saw ROI in the first six months."
"Before Veracode, the application was deployed to the production server and there would be a lot of bugs and issues. Once we implemented the Veracode scan, the full deployment issues were drastically reduced."
"Provides the capability to track remediation and the handling of identified vulnerabilities."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"They should improve on the static scanning time."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
"Veracode is costly, and there is potential for improvement in its pricing."
"The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while Veracode is ranked 2nd in Application Security Tools with 194 reviews. ShiftLeft is rated 10.0, while Veracode is rated 8.2. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". ShiftLeft is most compared with SonarQube, Black Duck and Semgrep Supply Chain, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
