We performed a comparison between Polyspace Code Prover and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The product detects memory corruptions."
"Polyspace Code Prover is a very user-friendly tool."
"The outputs are very reliable."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"Scanning of .war and .jar is key for us."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"I believe the static analysis is Veracode's best and most valuable feature. Software composition analysis is a feature that most people don't use, and we don't use SCA for most of our applications. However, this is an essential feature because it provides insight into the third-party libraries we use."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"Veracode has good support for microservices, and I also like the sandbox environment. For example, when introducing a new component, we can scan it in a sandbox environment. It will not impact the main environment. When our team fixes it, they. can push it to the production environment when the results are acceptable."
"I can have quick results by just uploading compiled components."
"Using Code Prover on large applications crashes sometimes."
"Automation could be a challenge."
"I'd like the data to be taken from any format."
"The tool has some stability issues."
"One of the main disadvantages is the time it takes to initiate the first run."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."
"Their platform is not consistent. It needs a lot of user experience updates. It's slow performing, and they log you out of the system every 15 minutes, so using the platform is challenging from a developer's perspective because you always have to log in."
"Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."
"The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity."
Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. Polyspace Code Prover is rated 7.6, while Veracode is rated 8.2. The top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Semmle QL, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Polyspace Code Prover vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.