Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
Users have expressed satisfaction with various aspects, highlighting its quality, functionality, and value for money. They appreciate its user-friendly interface and the convenience it offers.
Additionally, users have praised the prompt and helpful customer support provided. Some users have also mentioned the product's durability and reliability.
I think that we pay approximately $100 USD per month.
The price is okay.
I think that we pay approximately $100 USD per month.
The price is okay.
Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.
Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.
The price is quite high because the behavior of the software during the scan is similar to competing products.
Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.
The price is quite high because the behavior of the software during the scan is similar to competing products.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
Sonatype Lifecycle is an open-source security and dependency management software that uses only one tool to automatically find open-source vulnerabilities at every stage of the System Development Life Cycle (SDLC). Users can now minimize security vulnerabilities, permitting organizations to enhance development workflow. Sonatype Lifecycle gives the user complete control over their software supply chain, allowing them to regain wasted time fighting risks in the SDLC. In addition, this software unifies the ability to define rules, actions, and policies that work best for your organizations and teams.
Its pricing is competitive within the market. It's not very cheap, it's not very expensive.
We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.
Its pricing is competitive within the market. It's not very cheap, it's not very expensive.
We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.
Fortify Static Code Analyzer (SCA) utilizes numerous algorithms in addition to a dynamic intelligence base of secure coding protocols to investigate an application’s source code for any potential risk of malicious or dangerous threats. Additionally, the solution will prioritize the most critical concerns and give direction on how users can repair those concerns. This solution researches each and every potential route that workflow and data can travel to discover and repair all possible vulnerabilities. Fortify SCA allows users to create safe and secure software quickly. Users are able to discover potential security gaps more quickly with precise outcomes and repair them immediately.
The price of Fortify Static Code Analyzer could be reduced.
The licensing is expensive and is in the 50K range.
The price of Fortify Static Code Analyzer could be reduced.
The licensing is expensive and is in the 50K range.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].
Today's software is constructed using open source components and third-party libraries, tied together with custom code. Hackers target vulnerable open source components to access sensitive and valuable data, while data protection regulations become more stringent in an effort to encourage better software security practices. While all this is happening, DevOps is taking the world by storm and the burden of securing software is rapidly expanding under the purview of the developers who create it.
It is a little bit high priced. It would be better if it was a little less expensive.
Pricing for Checkmarx Software Composition Analysis needs to be competitive.
It is a little bit high priced. It would be better if it was a little less expensive.
Pricing for Checkmarx Software Composition Analysis needs to be competitive.
WhiteHat Security has been in the business of securing applications for over 15 years. In that time, we’ve seen applications evolve and become the driving force of the digital business, permeating every aspect of our lives. As a result, it’s more important than ever to ensure that security experts and software developers work hand-in-hand to secure the applications that drive our daily digital experiences. The WhiteHat Application Security Platform is a cloud service that allows organizations to bridge the gap between security and development to deliver secure applications at the speed of business. This innovative platform is one of the reasons why WhiteHat has won numerous awards and been recognized by Gartner as a Leader in application security testing four times in row.