CodeSonar vs Veracode Comparison 2024

CodeSonar

Veracode

CodeSonar

Read 7 CodeSonar reviews

574 views|359 comparisons

Veracode

Read 194 Veracode reviews

5,895 views|3,861 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

CodeSonar vs. Veracode

May 2024

Executive Summary

We performed a comparison between CodeSonar and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Code Analysis solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed CodeSonar vs. Veracode Report (Updated: May 2024).

Download the complete report

770,292 professionals have used our research since 2012.

Featured Review

Manjunath Nada

Team Lead at a tech services company

Useful buffering and beneficial categorized classes

The solution has helped out the organization because of the buffer usage. There was a vehicle identification number that we had to configure and... Read more →

Evan Gertis

Penetration Tester at a tech vendor

Enables us to provide a certificate showing stakeholders and potential customers the proof that we take security...

My case is different from other individuals. I worked for a startup, so we had to find a way to capitalize on all the resources in Veracode. Larger... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.""The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful.""It has been able to scale.""The most valuable feature of CodeSonar is the catching of dead code. It is helpful.""The tool is very good for detecting memory leaks.""CodeSonar’s most valuable feature is finding security threats.""There is nice functionality for code surfing and browsing."

More CodeSonar Pros →

"The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process.""Ad-hoc scanning during the development cycle and reports for audits are valuable features.""It provides security of different Shadow IT activities in our environment, especially around application development and website hosting.""The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy.""In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application.""The recommendations and frequent updates are the most valuable features of Veracode.""The static analysis gives you deep insights into problems.""The capability to identify vulnerable code is the most valuable feature of Veracode."

More Veracode Pros →

Cons

"It was expensive.""CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C.""In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.""The scanning tool for core architecture could be improved.""There could be a shared licensing model for the users.""It would be beneficial for the solution to include code standards and additional functionality for security.""In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."

More CodeSonar Cons →

"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated.""If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing.""Scanning large amounts of code can be a time-consuming process and there is scope for improvement.""The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time.""There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it.""We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass.""From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front.""Their scanning engine is sometimes a little bit slow. They can improve the scan time."

More Veracode Cons →

Pricing and Cost Advice

"Pricing is a bit costly."

"The solution's price depends on the number of licenses needed and the source code for the project."

"Our organization purchased a license to use the solution."

"The application’s pricing is high compared to other tools."

More CodeSonar Pricing and Cost Advice →

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"The pricing is pretty high."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

"It's worth the value"

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

More Veracode Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.

See Recommendations

770,292 professionals have used our research since 2012.

Questions from the Community

What do you like most about CodeSonar?

Top Answer:CodeSonar’s most valuable feature is finding security threats.

Read all 6 answers →

What is your experience regarding pricing and costs for CodeSonar?

Top Answer:The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.

Read all 6 answers →

What needs improvement with CodeSonar?

Top Answer:Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will… more »

Read all 6 answers →

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The SAST and DAST modules are great.

Read all 96 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Read all 66 answers →

Ranking

5th

out of 20 in Static Code Analysis

Views

574

Comparisons

359

Reviews

Average Words per Review

505

Rating

8.2

1st

out of 20 in Static Code Analysis

Views

5,895

Comparisons

3,861

Reviews

101

Average Words per Review

976

Rating

8.1

Comparisons

SonarQube vs. CodeSonar

Compared 51% of the time.

Coverity vs. CodeSonar

Compared 18% of the time.

Klocwork vs. CodeSonar

Compared 10% of the time.

Polyspace Code Prover vs. CodeSonar

Compared 6% of the time.

More CodeSonar Competitors →

SonarQube vs. Veracode

Compared 27% of the time.

Checkmarx One vs. Veracode

Compared 14% of the time.

Fortify on Demand vs. Veracode

Compared 7% of the time.

Snyk vs. Veracode

Compared 6% of the time.

OWASP Zap vs. Veracode

Compared 4% of the time.

More Veracode Competitors →

Also Known As

Crashtest Security , Veracode Detect

Learn More

CodeSecure

Veracode

Overview

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

Here are some of the benefits of using Veracode:

Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application.
Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.

Sample Customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Top Industries

VISITORS READING REVIEWS

Manufacturing Company22%

Computer Software Company16%

University9%

Government6%

REVIEWERS

Computer Software Company26%

Financial Services Firm23%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Financial Services Firm18%

Computer Software Company15%

Manufacturing Company8%

Government6%

Company Size

REVIEWERS

Small Business63%

Midsize Enterprise13%

Large Enterprise25%

VISITORS READING REVIEWS

Small Business19%

Midsize Enterprise14%

Large Enterprise67%

REVIEWERS

Small Business31%

Midsize Enterprise20%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise13%

Large Enterprise70%

Buyer's Guide

CodeSonar vs. Veracode

May 2024

Free Report: CodeSonar vs. Veracode

Find out what your peers are saying about CodeSonar vs. Veracode and other solutions. Updated: May 2024.

DOWNLOAD NOW

770,292 professionals have used our research since 2012.

CodeSonar is ranked 5th in Static Code Analysis with 7 reviews while Veracode is ranked 1st in Static Code Analysis with 194 reviews. CodeSonar is rated 8.2, while Veracode is rated 8.2. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CodeSonar is most compared with SonarQube, Coverity, Klocwork and Polyspace Code Prover, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our CodeSonar vs. Veracode report.

See our list of best Static Code Analysis vendors and best Application Security Tools vendors.

We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

CodeSonar vs Veracode comparison