FlexNet Code Insight vs Veracode Comparison 2024

FlexNet Code Insight

Veracode

FlexNet Code Insight

Read 1 FlexNet Code Insight review

335 views|266 comparisons

Veracode

Read 194 Veracode reviews

6,768 views|4,518 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Software Composition Analysis (SCA)

April 2024

Executive Summary

We performed a comparison between FlexNet Code Insight and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA).

To learn more, read our detailed Software Composition Analysis (SCA) Report (Updated: April 2024).

Download the complete report

768,886 professionals have used our research since 2012.

Featured Review

Anonymous User

Works

A decent web interface for reports, but the snippet style code matching requires too much effort

After about a year, we never really institutionalized the reports and review data coming from Flexera due to a number of issues. Some of those... Read more →

Anonymous User

Lead Consultant DevOps and Infrastructure at a tech vendor

Prevents vulnerable code, offers end-to-end visibility, and saves our developers time

Veracode's ability to prevent vulnerable code from entering the production environment is good. Using Veracode's ASC team is easy. I can send them... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools."

More FlexNet Code Insight Pros →

"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well.""It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies.""Wide range of platforms and technology assessments.""Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful.""There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.""We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.""We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing.""The most valuable feature is Veracode SDP, which allows for something related to third-party vulnerabilities. When we build a product, we use a lot of third-party libraries instead of building everything from scratch. We just use a library which is already been built; we just use that component in our product. Sometimes, these libraries may have bugs or issues, and it's hard to keep track of them because we use thousands of them."

More Veracode Pros →

Cons

"I found the user interface cumbersome and difficult to use."

More FlexNet Code Insight Cons →

"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them.""Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end.""The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted.""The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives.""The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow.""Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved.""Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines.""Scanning large amounts of code can be a time-consuming process and there is scope for improvement."

More Veracode Cons →

Pricing and Cost Advice

Information Not Available

"Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."

"The pricing is pretty high."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."

"It's worth the value"

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

More Veracode Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See Recommendations

768,886 professionals have used our research since 2012.

Questions from the Community

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »

Read all 6 answers →

What do you like most about Veracode?

Top Answer:The SAST and DAST modules are great.

Read all 96 answers →

What is your experience regarding pricing and costs for Veracode?

Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

Read all 66 answers →

Ranking

17th

out of 40 in Software Composition Analysis (SCA)

Views

335

Comparisons

266

Reviews

Average Words per Review

Rating

N/A

3rd

out of 40 in Software Composition Analysis (SCA)

Views

6,768

Comparisons

4,518

Reviews

Average Words per Review

970

Rating

8.1

Comparisons

Black Duck vs. FlexNet Code Insight

Compared 75% of the time.

Mend.io vs. FlexNet Code Insight

Compared 25% of the time.

More FlexNet Code Insight Competitors →

SonarQube vs. Veracode

Compared 27% of the time.

Checkmarx One vs. Veracode

Compared 14% of the time.

Snyk vs. Veracode

Compared 6% of the time.

Fortify on Demand vs. Veracode

Compared 6% of the time.

OWASP Zap vs. Veracode

Compared 4% of the time.

More Veracode Competitors →

Also Known As

Crashtest Security , Veracode Detect

Learn More

Revenera

Video Not Available

Veracode

Overview

FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk, while you build your products and during their lifecycle. Manage open source license compliance. And add automation to your processes and implement a formal OSS strategy and policy that balances business benefits and risk management.

Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

Here are some of the benefits of using Veracode:

Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application.
Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Top Industries

VISITORS READING REVIEWS

Computer Software Company24%

Manufacturing Company18%

Real Estate/Law Firm13%

Financial Services Firm11%

REVIEWERS

Computer Software Company26%

Financial Services Firm23%

Insurance Company9%

Comms Service Provider6%

VISITORS READING REVIEWS

Financial Services Firm18%

Computer Software Company15%

Manufacturing Company8%

Government6%

Company Size

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise26%

Large Enterprise59%

REVIEWERS

Small Business31%

Midsize Enterprise20%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise13%

Large Enterprise70%

FlexNet Code Insight vs Veracode comparison

FlexNet Code Insight

Veracode