We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"CAST Highlight is easy to use and has a good dashboard."
"It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"Within SCA, there is an extremely valuable feature called vulnerable methods. It is able to determine within a vulnerable library which methods are vulnerable. That is very valuable, because in the vast majority of cases where a library is vulnerable, none of the vulnerable methods are actually used by the code. So, if we want to prioritize the way open source libraries are updated when a library is found vulnerable, then we want to prioritize the libraries which have vulnerable methods used within the code."
"Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo."
"The documentation is poor and the technical support isn't helpful."
"The false positive rates were quite high in our case."
"The training lab is not very user-friendly and takes a long time to set up."
"From what we have seen of Veracode's SCA offering, it is just average."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 186 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Snyk, Checkmarx, Black Duck and Sonatype Lifecycle, whereas Veracode is most compared with SonarQube, Checkmarx, Snyk, Fortify on Demand and OWASP Zap. See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.