We performed a comparison between FlexNet Code Insight and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."
"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"Wide range of platforms and technology assessments."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."
"I found the user interface cumbersome and difficult to use."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
Earn 20 points
FlexNet Code Insight is ranked 17th in Software Composition Analysis (SCA) while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. FlexNet Code Insight is rated 4.0, while Veracode is rated 8.2. The top reviewer of FlexNet Code Insight writes "A decent web interface for reports, but the snippet style code matching requires too much effort". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". FlexNet Code Insight is most compared with Black Duck and Mend.io, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.