We performed a comparison between ShiftLeft and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no manual upload. The code review function is great. It allows you to find flaws in source code."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"The most valuable feature is the dynamic application security testing."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"The product provides guidance to develop secure software."
"It does software composition analysis, discovering open source software weaknesses."
"The deployment mode is very useful."
"It has the ability to scale, and the fact that it doesn't produce a lot of false positives."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
"The product has issues with scanning."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
ShiftLeft is ranked 26th in Application Security Tools with 1 review while Veracode is ranked 2nd in Application Security Tools with 194 reviews. ShiftLeft is rated 10.0, while Veracode is rated 8.2. The top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". ShiftLeft is most compared with SonarQube, Black Duck and Semgrep Supply Chain, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
See our list of best Application Security Tools vendors, best Application Security Testing (AST) vendors, and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.