Veracode Competitors and Alternatives

Get our free report covering SonarQube, Checkmarx, Micro Focus, and other competitors of Veracode. Updated: July 2020.
430,745 professionals have used our research since 2012.

Read reviews of Veracode competitors and alternatives

Ramesh Raja
Real User
Senior Security Architect at a tech services company with 5,001-10,000 employees
Jun 21 2020

What is most valuable?

Contrast has a feature called Protect. When a real exploit comes through, we can look at it and say, "Hey, yeah, this is a Cross-Site Scripting or SQL Injection," and then… more»

How has it helped my organization?

If an app team is going to deploy new features to prod, they put in a ticket saying, "We are including these features in our 2.0 release." The ticket comes to our team. We… more»

What needs improvement?

Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not… more»

What's my experience with pricing, setup cost, and licensing?

I like the per-application licensing model, but there are reasons why some solutions want to do per KLOC. For us, especially because it's per app, it's really easy. We… more»

Which solution did I use previously and why did I switch?

Before Contrast we were using regular manual pen-testing tools like Burp and other common tools. We switched to Contrast because the way it scans is different. Back in… more»

What other advice do I have?

If you are thinking about Contrast, you should evaluate it for your specific needs. Companies are different. The way they work is different. I know a bunch of companies… more»

Which other solutions did I evaluate?

Before choosing Contrast Assess, we looked at Veracode and Checkmarx. Contrast does things continuously so it's more of an IAST. Checkmarx didn't. Using it, you would have… more»
Real User
Manager, Information Security Architecture at a consultancy with 5,001-10,000 employees
Jun 01 2020

What is most valuable?

The general source composition analysis is the key to the piece. That is the feature to check our open source libraries for vulnerabilities and the primary feature that we… more»

How has it helped my organization?

It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have… more»

What needs improvement?

There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the… more»

What's my experience with pricing, setup cost, and licensing?

It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website.

Which solution did I use previously and why did I switch?

We previously used Black Duck. We switched to Snyk because of its better false positive ratings along with its ease of use, integration, and deployment.

What other advice do I have?

If you're looking for a source composition analysis tool or a tool to monitor your open source security, then it's a fantastic solution. SAST and DAST are very important… more»

Which other solutions did I evaluate?

We focused our evaluation specifically on Black Duck and Snyk, plus Veracode as a larger product offering. The Snyk platform does everything we've expected it to do. It… more»
Donovan Greeff
Real User
Head of Software Delivery at a tech services company with 51-200 employees
Jul 08 2020

What is most valuable?

By far the quality gate controls. Without this, there would be no way to really utilize the power of this tool. We are able to automatically ensure that no code is… more»

How has it helped my organization?

It has helped many of the organizations that I have worked at to improve overall security, quality, and test confidence within the codebases. It also provides this in a… more»

What needs improvement?

It should keep up with newer technologies. As this is primarily open-source, it does require updates from the community. As such, there is sometimes a delay for new… more»

What's my experience with pricing, setup cost, and licensing?

SonarQube will incur hosting costs. There are SaaS options available at competitive prices too. Self-hosting SonarQube is subject to its open-source licenses documented on… more»

Which solution did I use previously and why did I switch?

I have used Checkmarx and also tried a demo of Veracode. Checkmarx was far too heavy-handed and only handled security concerns for a VERY large price tag. Veracode is very… more»

What other advice do I have?

Security analysis is a MUST.

Which other solutions did I evaluate?

We also evaluated Checkmarx, Veracode and open source solutions specific to each programming language.
Kangkan Goswami
Real User
Digital Solution Architect at a tech services company with 10,001+ employees
May 01 2020

What is most valuable?

CAST Highlight is easy to use and has a good dashboard. This solution integrates well with Azure DevOps and you can import the dashboard into that environment.

What needs improvement?

The level of abstraction is a little bit high compared to other solutions, such as Veracode. The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user. Reducing this type… more»

What's my experience with pricing, setup cost, and licensing?

Basic support is included with the standard licensing fee but it can be upgraded for an additional cost.

Which solution did I use previously and why did I switch?

I have also used Veracode and I like it much better. Veracode is easier for developers to work with. I have also worked with SonarQube. The integration with Azure DevOps means that there are things you can do in CAST Highlight that you… more»

What other advice do I have?

In general, this solution is easy to set up, easy to get started, easy to use, and easy to integrate, but the usability is not as high as that of Veracode. It would be great if it were more developer-friendly and it provided more… more»
ManoharRaju
Real User
AVP at a tech vendor with 1,001-5,000 employees
Jan 29 2020

What is most valuable?

The reporting is very useful because you can always view an entire list of the issues that you have. The importing of the reports into the dashboard is helpful.

What needs improvement?

The integrability of this solution can be improved. Integration with other tools such as Jira is needed. We are having issues with false positives that need to be resolved. Being able to save reports in different formats would be helpful… more»

Which solution did I use previously and why did I switch?

The solution that we used prior to this one was developed internally, and we have not used other commercial tools. I have seen Rapid7 solutions, but have not used them to a great extent.

What other advice do I have?

I would rate this solution a seven out of ten.

Which other solutions did I evaluate?

We evaluated a couple of other options including Checkmarx and Veracode. We also looked at a solution to help collect and collate all of the logs and reports from different tools. I do think that in terms of coverage, Micro Focus Fortify… more»
Get our free report covering SonarQube, Checkmarx, Micro Focus, and other competitors of Veracode. Updated: July 2020.
430,745 professionals have used our research since 2012.