Nagaraj SheshachalamLead Cyber Security Engineer at Ecolab Inc.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support."
"The Veracode price model is based on application profiles, which is how you package your components for scanning."
"Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors."
At Accurics™, we envision a world where organizations can innovate in the cloud with confidence. Our mission is to enable cyber resilience through self-healing as organizations embrace cloud native infrastructure. The Accurics platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the secure posture in runtime by programmatically mitigating risks from changes. Accurics enables organizations of all sizes to achieve cloud cyber resilience through free cloud-based and open source tools such as Terrascan™.
FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk, while you build your products and during their lifecycle. Manage open source license compliance. And add automation to your processes and implement a formal OSS strategy and policy that balances business benefits and risk management.
Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance.
FlexNet Code Insight is ranked 10th in Software Composition Analysis (SCA) with 1 review while Veracode Software Composition Analysis is ranked 7th in Software Composition Analysis (SCA) with 8 reviews. FlexNet Code Insight is rated 4.0, while Veracode Software Composition Analysis is rated 7.8. The top reviewer of FlexNet Code Insight writes "A decent web interface for reports, but the snippet style code matching requires too much effort". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Provides extensive guidance for writing secure code and pointing to vulnerable open source libraries". FlexNet Code Insight is most compared with WhiteSource and Black Duck, whereas Veracode Software Composition Analysis is most compared with Black Duck, JFrog Xray, Snyk and WhiteSource.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.