Veracode Competitors and Alternatives
Read reviews of Veracode competitors and alternatives
Review of Contrast Security
Jun 21 2020
What is most valuable?Contrast has a feature called Protect. When a real exploit comes through, we can look at it and say, "Hey, yeah, this is a Cross-Site Scripting or SQL Injection," and then… more»
How has it helped my organization?If an app team is going to deploy new features to prod, they put in a ticket saying, "We are including these features in our 2.0 release." The ticket comes to our team. We… more»
What needs improvement?Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not… more»
What's my experience with pricing, setup cost, and licensing?I like the per-application licensing model, but there are reasons why some solutions want to do per KLOC. For us, especially because it's per app, it's really easy. We… more»
Which solution did I use previously and why did I switch?Before Contrast we were using regular manual pen-testing tools like Burp and other common tools. We switched to Contrast because the way it scans is different. Back in… more»
What other advice do I have?If you are thinking about Contrast, you should evaluate it for your specific needs. Companies are different. The way they work is different. I know a bunch of companies… more»
Which other solutions did I evaluate?Before choosing Contrast Assess, we looked at Veracode and Checkmarx. Contrast does things continuously so it's more of an IAST. Checkmarx didn't. Using it, you would have… more»
Review of Snyk
Jun 01 2020
What is most valuable?The general source composition analysis is the key to the piece. That is the feature to check our open source libraries for vulnerabilities and the primary feature that we… more»
How has it helped my organization?It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have… more»
What needs improvement?There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the… more»
What's my experience with pricing, setup cost, and licensing?It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website.
Which solution did I use previously and why did I switch?We previously used Black Duck. We switched to Snyk because of its better false positive ratings along with its ease of use, integration, and deployment.
What other advice do I have?If you're looking for a source composition analysis tool or a tool to monitor your open source security, then it's a fantastic solution. SAST and DAST are very important… more»
Which other solutions did I evaluate?We focused our evaluation specifically on Black Duck and Snyk, plus Veracode as a larger product offering. The Snyk platform does everything we've expected it to do. It… more»
Review of SonarQube
Jul 08 2020
Provides an automated gated procedure to ensure that engineers are able to deliver great, secure code to production
What is most valuable?By far the quality gate controls. Without this, there would be no way to really utilize the power of this tool. We are able to automatically ensure that no code is… more»
How has it helped my organization?It has helped many of the organizations that I have worked at to improve overall security, quality, and test confidence within the codebases. It also provides this in a… more»
What needs improvement?It should keep up with newer technologies. As this is primarily open-source, it does require updates from the community. As such, there is sometimes a delay for new… more»
What's my experience with pricing, setup cost, and licensing?SonarQube will incur hosting costs. There are SaaS options available at competitive prices too. Self-hosting SonarQube is subject to its open-source licenses documented on… more»
Which solution did I use previously and why did I switch?I have used Checkmarx and also tried a demo of Veracode. Checkmarx was far too heavy-handed and only handled security concerns for a VERY large price tag. Veracode is very… more»
What other advice do I have?Security analysis is a MUST.
Which other solutions did I evaluate?We also evaluated Checkmarx, Veracode and open source solutions specific to each programming language.
Review of CAST
May 01 2020
What is most valuable?CAST Highlight is easy to use and has a good dashboard. This solution integrates well with Azure DevOps and you can import the dashboard into that environment.
What needs improvement?The level of abstraction is a little bit high compared to other solutions, such as Veracode. The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user. Reducing this type… more»
What's my experience with pricing, setup cost, and licensing?Basic support is included with the standard licensing fee but it can be upgraded for an additional cost.
Which solution did I use previously and why did I switch?I have also used Veracode and I like it much better. Veracode is easier for developers to work with. I have also worked with SonarQube. The integration with Azure DevOps means that there are things you can do in CAST Highlight that you… more»
What other advice do I have?In general, this solution is easy to set up, easy to get started, easy to use, and easy to integrate, but the usability is not as high as that of Veracode. It would be great if it were more developer-friendly and it provided more… more»
Review of Micro Focus
Jan 29 2020