Veracode Pricing and License Cost

Kyle Engibous
Systems Architect at a tech vendor with 201-500 employees
If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price. View full review »
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily. I'd say many customers might not quite go to that level. But that's their choice. View full review »
Sebastian Toma
Engineering Security Manager at Nextiva
They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works. We are in negotiations with Veracode. The old model was about $500 for dynamic analysis and about $4500 for the static analysis, per app or service, per year. Veracode offers a lot of other license options that you can put on top of what we just discussed, but I don't think we ever looked into any of those. The way we implemented it was very straightforward. You have your app and you pay this much for both dynamic and static licensing. That's all we cared about per year. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
396,515 professionals have used our research since 2012.
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others. Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money. You really need to understand how your application is going to be delivered and not think of it just as, "This is a website and this is a mobile app," or "This is a website and this is a fat client." Often, with new frameworks, you have websites - especially with Java specifically, which is not even a new framework - running Java, but you also have things running in a local Java sandbox on the machine, or on a Java virtual machine. You really want to understand how that application is being delivered to the end-user, and not just think of it as applications on a box and websites. View full review »
Chief Information Security Officer with 501-1,000 employees
We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you pay for too. Vendors need to be fair and I think Veracode has been fair. We use their SaaS solution and it's just an annual subscription. View full review »
Dave Cheli
Chief Technology Officer
I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. About licensing, just go ahead and get them. Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code. View full review »
Associate Director
It is pricey. There is a lot of value in the product, but it is a costly tool. The customer should demand better turnaround times for the money that they are paying, especially around the reporting and standing up processes that we need to go through. It needs much more technical information on the platform with a tool that can help with information or have 24/7 support available, then it will be worth the price that we are paying, because right now, we don't have many options. There are not may companies who are in the market for Veracode, who want this type of in-depth analysis and examination. That is why customers, with the money that they are paying, have room for improvement in the scope of the Veracode product. I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms. I suggest just not to get tied up with a long-term commitment, because I have seen with Black Duck that they are almost one-third of the price of the big platforms. Once there are the same features and functionality (or lot better performance) available in the market, people are going to migrate away from this platform. The market is changing so fast, and with the Black Duck acquisition, it is also expected that we may get a solution with a much faster platform with much better service at a cheaper price. View full review »
Information Technology at a insurance company with 51-200 employees
The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was. The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements. View full review »
Senior Infrastructure Engineer at a healthcare company with 5,001-10,000 employees
Just do your research. Make sure you're getting the best price on this. It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in. Then just see if it can work. Try and make sure you get the best price possible. View full review »
Dennis Miller
VP Development
We get good value out of what we have right now. View full review »
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need. View full review »
Information Security Lead Analyst at a Consumer Goods with 10,001+ employees
I'm not the pricing guy. Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it. View full review »
VP of Services at a tech vendor with 51-200 employees
It's worth the value. View full review »
Mike McAlpen
CISSP, CISM at a tech services company with 1,001-5,000 employees
Pricing is worth the value. View full review »
Application & Product Security Manager at a insurance company with 1,001-5,000 employees
The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune. View full review »
Rick Spickelmier
Chief Technology Officer at a tech vendor with 201-500 employees
No issues, the pricing seems reasonable. View full review »
Elina Petrovna
Professor at a government with 51-200 employees
Costs are reasonable. No special infrastructure is required and the license model is good. View full review »
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform. View full review »
Managing Principal Consultant at a tech vendor with 11-50 employees
This solution is on the pricey side. They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey. View full review »
Chief Compliance Officer at a financial services firm with 51-200 employees
Negotiate some, but their prices are reasonable. View full review »
Evan Christoe
AVP, IS Manager with 1,001-5,000 employees
We are about to enter discussions for renewal. I have heard there may be some changes to pricing. I will reserve judgment until the discussions are complete. View full review »
Terry Chu
DevOps Release Engineer at a tech services company with 51-200 employees
We are satisfied. View full review »
Head of Technology. at a tech services company with 11-50 employees
Pricing/licensing is complicated. View full review »
Lead Security Engineer at a tech vendor with 201-500 employees
The pricing is good for static code analysis. View full review »
VP Worldwide Delivery Acceleration at a financial services firm
Negotiate for the best deal. View full review »
Find out what your peers are saying about Veracode, SonarQube, Micro Focus and others in Application Security. Updated: February 2020.
396,515 professionals have used our research since 2012.