Most Helpful Review | ||||||
Use Accurics? Share your opinion. |
|
| ||||
Find out what your peers are saying about FOSSA vs. Veracode Software Composition Analysis and other solutions. Updated: January 2021. 455,962 professionals have used our research since 2012. |
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pricing and Cost Advice | ||
Information Not Available | "FOSSA is not cheap." | "Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support." "The Veracode price model is based on application profiles, which is how you package your components for scanning." "Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors." More Veracode Software Composition Analysis Pricing and Cost Advice » |
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs. 455,962 professionals have used our research since 2012. | ||
Questions from the Community | ||
Ask a question Earn 20 points | Ask a question Earn 20 points | Top Answer: The article scanning is excellent. Top Answer: I have no idea what the licensing costs on the solution are. Our IT team handles the details. Top Answer: The licensing model could be improved. If they can provide an automatic upload model, that would be really good. Right… more » |
Popular Comparisons | ||
![]() Compared 46% of the time. ![]() Compared 20% of the time. ![]() Compared 15% of the time. ![]() Compared 8% of the time. | ![]() Compared 42% of the time. ![]() Compared 20% of the time. ![]() Compared 13% of the time. ![]() Compared 11% of the time. ![]() Compared 2% of the time. | |
Also Known As | ||
Veracode SCA, SourceClear | ||
Learn | ||
Accurics | FOSSA Video Not Available | Veracode |
Overview | ||
At Accurics™, we envision a world where organizations can innovate in the cloud with confidence. Our mission is to enable cyber resilience through self-healing as organizations embrace cloud native infrastructure. The Accurics platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the secure posture in runtime by programmatically mitigating risks from changes. Accurics enables organizations of all sizes to achieve cloud cyber resilience through free cloud-based and open source tools such as Terrascan™. |
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for legal teams to maintain license compliance, security to fix vulnerabilities, and engineering to improve code quality across the entire software supply chain. As the only developer-native open source management platform, FOSSA fully integrates with your existing CI/CD pipeline to provide complete visibility and context earlier in the software development lifecycle. For the first time, teams can collaboratively shift left and audit, analyze, control, and remediate license issues and vulnerabilities right in their existing workflows.
| Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance. |
Offer | ||
Learn more about Accurics | Learn more about FOSSA | Learn more about Veracode Software Composition Analysis |
Sample Customers | ||
Automation Anywhere, NBA, GroundTruth, ServiceMax, Navis, Edcast | AppDyanmic, Uber, Twitter, Zendesk, Confluent | Blue Prism, Advantasure, Automation Anywhere, Cox Automotive |
Top Industries | ||
Computer Software Company24% Financial Services Firm15% Comms Service Provider14% Insurance Company6% | Computer Software Company43% Legal Firm14% Comms Service Provider14% Financial Services Firm14% Computer Software Company39% Manufacturing Company12% Comms Service Provider11% Financial Services Firm5% | Computer Software Company42% Comms Service Provider10% Financial Services Firm7% Manufacturing Company5% |
Company Size | ||
No Data Available | Small Business29% Midsize Enterprise14% Large Enterprise57% | Small Business44% Midsize Enterprise22% Large Enterprise33% |
FOSSA is ranked 6th in Software Composition Analysis (SCA) with 7 reviews while Veracode Software Composition Analysis is ranked 7th in Software Composition Analysis (SCA) with 8 reviews. FOSSA is rated 8.6, while Veracode Software Composition Analysis is rated 7.8. The top reviewer of FOSSA writes "Compatibility with a wide range of dev tools, web and "C-type", enables us to scan across our ecosystem, including legacy software". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Provides extensive guidance for writing secure code and pointing to vulnerable open source libraries". FOSSA is most compared with Black Duck, WhiteSource, Snyk and Sonatype Nexus Lifecycle, whereas Veracode Software Composition Analysis is most compared with Black Duck, JFrog Xray, Snyk, WhiteSource and FlexNet Code Insight. See our FOSSA vs. Veracode Software Composition Analysis report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.