Veracode Pricing
Aside from the standard licensing fees, we also have to pay for a competent Success Manager. We initially received a favorable deal in the first year, presumably to secure our business, but we have since observed a gradual annual increase in costs.
I would definitely recommend having a Success Manager in the first year. Once the teams become more mature, companies like Synopsys, Veracode, Checkmarx, and others are large enough to offer competitive deals if they are interested in our business. For small businesses, using open source tools would be worth considering. With Veracode, we pay for the research they have conducted and have gained a deep understanding of various flaws. Their risk rating aligns well with our requirements, which is beneficial. We rely on this tool and find it fantastic from a data perspective. The data provided has greatly assisted us in our strategic decision-making.
View full review »The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available.
To someone considering Veracode but concerned about the price, it can be a challenge for small and mid-sized organizations, but it's a good choice for larger enterprises. If security is a primary concern for any organization, they should consider Veracode; they won't be disappointed.
View full review »PB
Pradeep Honaganahalli Basavaraju
ML engineer at a consultancy with 10,001+ employees
The solution reduced the cost of the development setups for your organization. It is a key feature of Veracode. Once you set it up for the first time and integrate your CI/CD pipeline with our DevOps cycle and the Veracode scan, it takes two or three days to set it up initially.
But after that, it's a one-time effort. You don't need to do anything further. You need to kick off the pipeline, and it runs the scans automatically, providing artifacts for you to review in the report. So it helps in the long run. Once you have your project set up correctly, there's no need for manual intervention at all once it's hooked up. It's a significant long-term benefit.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.
We pay based on the number of developers working on a particular project.
View full review »We aren't paying the listed price. We get some discounts, but we get a lot of value from it regardless of what we're paying. We look at the overall cost of what we would spend without a tool like Veracode. The longer you delay fixing security vulnerabilities, the more it will cost you during the later stages. By integrating it into the development cycle earlier, it helps to keep total costs lower.
View full review »The cost of scanning code is cheaper. It's typically $0.50 per line of code. However, it's expensive to run a high-level process that would normally require a human security expert. For example, penetration testing costs about $1,000 per application for penetration testing. The cost of these features may be too high for smaller organizations. On the other hand, Veracode's interactive application security testing is fast and cheaper compared to other software.
They have made it worth the price with the kind of discount and the kinds of modifications they made for us with regard to licensing. Previously, it was per profile. But they have adjusted according to our requirements because we are a big company and we handle a lot of applications. There's a tiered discount that they have provided us, so the cost is justified.
If someone looking at Veracode is concerned about the price, it depends on their requirements. I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing. Obviously, there are other cutting-edge solutions that have become available recently, but Veracode is something that a big organization should look at.
View full review »The requirements for the code determine whether Veracode is the best option or not. If the code is 15 to 20 years old, and it is very important, then Veracode is the best option. If the code is very new, then I wouldn't want to spend any money on the solution. It all depends on the requirements.
There is a fee to scale up the solution, which I consider expensive.
View full review »KK
Krishna Kant Upadhyay
CEO and App Developer at DroidForge
The pricing is a bit high for smaller organizations. The cost is per line of code scanned, and that comes out to $0.50. However, advanced services like penetration testing are extra. Advanced cybersecurity options may cost $1000 to $2000 per application, which is a challenge for smaller organizations.
It's cost-effective and an on-demand service.
View full review »The pricing is okay for us, however, it can be high for others. it can cost more than $1000 per application which can be a lot for smaller companies. However, it is cheaper than Fortify. While it could be cheaper, it is worth the price.
View full review »The pricing is worth it. However, users need to go through the documentation first to get a handle on the implementation. Users might need the help of a support platform.
View full review »The pricing is expensive.
However, if you have applications and not enough people to analyze the flags, you must use Veracode as it delivers very few false positives.
View full review »OK
OleksandrKlymenko
Sr. Development Manager at RWS Holdings PLC
We are not using the licensing much because we have a strict internal licensing policy. We mostly avoid GPL licenses and their flavors. Managing the licenses can be tricky. Sometimes you add a library and build some functionality around it, so it may cause some problems to remove it from its source.
Cost is an issue at every stage because you need to evaluate what you're spending and what you expect from the project. You should use common sense and clearly understand the pros and cons. It's hard to say whether the solution is cheap or expensive because it depends on your company's needs. Some companies need Veracode for compliance requirements, and it doesn't matter how expensive it is. It's costly, but it's the best in the industry. You can get something that does the job but it's like a car. You might buy a clunker for a few hundred dollars or an Infiniti for a hundred thousand.
View full review »Veracode is affordable. It offers a good value for the security benefits it offers, especially if you're working with applications that involve payment processing. You cannot afford to take chances there.
View full review »I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution.
JS
Justin Swanson
Manager of Application Development and Integrations at a university with 1,001-5,000 employees
The cost has been a barrier to broader use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. For the level of interaction we get with Veracode staff, it's been pretty good.
Right now, we've had a little more interaction with Veracode staff because they want to sell to the rest of the university. So they've been willing to meet with us frequently, answer questions, and get on support for issues that get closed when they shouldn't be closed.
View full review »It does pay for itself given the pricing structure. Of course, the pricing structure changes based on the sales deal, et cetera. It definitely had a positive impact on the organizations we used it with. Financially, it does make a solid business case for itself.
I believe the price is fair according to market standards. However, if we are anticipating a growth phase in the enterprise, it might be a bit costly for us. On the other hand, if we are currently making profits and aiming to stabilize ourselves while improving our solutions and working with our existing team, it suited us well during that period. We were focused on developing the final product, refining protocols, and enhancing overall product development processes for our brands. Therefore, I believe it was a good fit for us. However, organizations that are in a growth phase may want to consider other options, even if it means compromising slightly on the security aspect.
View full review »We haven't really done any price checks on the competitors.
We purchased a Security Labs license to keep our developers trained in new security practices.
Every development company is different. If someone is looking at Veracode but concerned about the price, it probably depends on their technology stack. There are pros and cons for every decision. As a happy customer, I can say that the service level that I have received from Veracode has been high and understandable every time That also counts a lot. And it's not about the software; it's about how we actually utilize the software best.
View full review »DB
Djean Bruno
Security Engineer at a tech vendor with 10,001+ employees
I'm unfamiliar with the solution's pricing, but it must be worth the cost from a company perspective, as we have been using it for years and have no plans to move away from it.
View full review »It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year.
Security is a major concern for any organization. The developers do hard work in developing code, but if that code has some security flaws, it would be a challenge for any organization.
It is expensive. It depends on the use case, but it is very hard to find a pricing page on their website. Instead, they need to analyze your use case, but without knowing the entire project and how you're going to be using Veracode, how many scans you're going to do, if yours is a small business, it is very expensive and it affects ROI.
If you're concerned about the price, it is not a good solution for a small company.
View full review »Veracode is expensive.
View full review »We can afford Veracode, but it's too expensive for small enterprises. If you're concerned about the price, you should weigh the benefits you can achieve. It has saved us a lot of money on DevOps. We save about $500 a month by not outsourcing this work to experts.
View full review »While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode.
View full review »The licensing model could be more flexible, and Veracode could be more accessible to smaller enterprises. We obtained Veracode through a consultancy. Veracode sets the price through consultation with our reseller, but I have yet to get a direct quotation without any other reseller in the middle. If you are worried about the price, I would say that you could request more information and do a trial, then see if you can negotiate an offer.
View full review »For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it.
Its pricing should be based on the size of the application or organization. For a startup organization, they can provide credit-based pricing. They don't need to reduce the price. AWS, Google, and other vendors do the same where they don't reduce the price, but they give credits. I have been in the industry for 15 years, and I have seen that people don't like to change technologies for many reasons. For the first year or the first 18 months, customers can explore the product completely free. If the first year is free and you are onboarded, you would stay with it if it does the job. If the product is doing its job and adding security value, there is no reason to change it in the second year, and you are also ready to pay because, in the first year, you have tested that it is working fine. A company that has used it for the first year would definitely need it in the second year because they keep adding code to the codebase. Another option is that, like Cloudflare, they provide a very slashed rate. Cloudflare onboards everyone at a very cheap price, but when you start exploring the actual use cases, they start adding.
KN
reviewer2288880
Junior Developer Intern at a insurance company with 10,001+ employees
I have no information on the pricing or licensing cost for Veracode.
View full review »Depending on the number of users, my company makes payments toward the solution's licensing costs.
The cost of Veracode is high.
There comes a point when we must make a decision between cost and quality, and we chose to prioritize quality by selecting Veracode. The confidence that Veracode instills in both our developers and clients justifies the associated cost.
We have four solution licenses for the static analysis scans.
View full review »The commercial guys take care of the pricing, it's not something I'm involved in. But the licensing is simple. The SAST product has some rules that some customers have found a little confusing, but overall, the licensing is simple.
View full review »MC
Michael Calabrese
Vice President of Engineering at Avant Assessment
When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project.
Make sure that you're comparing apples to apples if you're concerned about the price of Veracode versus what you're reviewing. Some of the stuff that Veracode does and applies is not the same for other services. When I really compared apples to apples, I found Veracode to be rightly priced.
There were no costs in addition to the standard licensing fees, although we just signed up for a couple of other products.
View full review »It's too expensive for the European market. That is why, in a big bank with 400 applications, we are able to use it for only 10 of them. But the other solutions are also expensive, so it wasn't a differentiator.
The static cost model is not that important. Veracode works on a subscription model, so we have to pay for it every year.
View full review »The pricing is moderate for particular processes. However, if we take an entire process in general, it can be costly. It's more economical to use it for single purposes instead of generalizing processes.
Thanks to its algorithm, Veracode is an on-demand service that can be very cost-effective. With so many features, we no longer require many people to test.
If they are worried about pricing, people should try out their demo feature, which is available online. That way, they can demo and evaluate how it would work for them. If it works for their team and product, they may find it can optimize their processes. Of course, it depends on the use case.
View full review »JW
reviewer2287986
Lead Product Security Engineer at a computer software company with 1,001-5,000 employees
Veracode's pricing is competitive.
I believe Veracode would be willing to negotiate decent terms for organizations that are concerned about the pricing.
View full review »MH
Mark Handzlik
Chief Software Architect at a tech services company with 51-200 employees
I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans.
What I can tell others looking into Veracode but concerned about its price is that the price or cost is justified. After all, you can tell potential clients that your software is better than competitor software because you're scanning it and Veracode-verified.
The verification levels of Veracode are essential because you can use Veracode to start climbing up the ladder to say that your software's even more secure than anybody else because it achieved this level of verification.
In terms of Veracode reducing the cost of DevSecOps in our company, we find that tough to determine because we never had a real concentration on DevSecOps before Veracode. It was forced on us by the fact that the industry was becoming more vulnerable, so now we are experiencing an increase in price in DevSecOps because we're paying attention to it now. We used to skate by and weren't affected by vulnerabilities. Still, because the industry had more vulnerabilities, our customers asked if we were scanning our software, so we had to find a solution and add DevSecOps to address industry needs.
View full review »AK
Anand Kumar
LSA at a consultancy with 10,001+ employees
The pricing depends on the functionality each client desires. For example, one of our clients only wishes to scan two applications, so they pay for that specific service in addition to our organization's third-party access to their system.
View full review »BF
Brian Felker
Application Security Engineer at Advantasure
Veracode is expensive, but other solutions cost as much, if not more. For example, Rapid7's dynamic scan tool was at least as expensive as Veracode, and Rapid7 wasn't willing to negotiate. We are a reasonably large user.
It's a fair price. If you're worried about getting your money's worth, you could ask Veracode for a trial license and compare it to other tools in terms of pricing versus features. That's how I would do it. It's crucial to do your homework. At this point, we're somewhat locked in and won't change unless we find something significantly cheaper or better.
View full review »The pricing for Veracode is high, making it difficult for beginners to afford. Whether or not Veracode is a viable option may depend on the specific needs and use cases of the user, as it may not be affordable for small businesses.
Veracode is costly, which makes it unsuitable for small organizations. However, if an organization has the budget for the solution, it is worth investing in.
View full review »The licensing cost for Veracode is fair.
View full review »The thing that I'll go back to is when one of my mentors said to me "Evan, security is a critical aspect of any organization. People don't always believe in it. And the best way to sell it is to explain what could go wrong." So when we compare what could go wrong, having a third-party vulnerability, like a graph library, such as the one that Equifax used, which led to a $3 million lawsuit, and their reputation was destroyed. When you compare that to paying $8,000 for an application, it's a no-brainer. Once the reputation of an organization has been tarnished, that's it. The whole thing is completely over. Really everyone loses faith and once people lose trust, it's almost impossible to get people to believe in a vision.
It's definitely worth it considering what could go wrong. The DevOps Mantra is to always be prepared for what could go wrong. Most things are going to go wrong.
Having a static cost gives people confidence. And once people start using it, if the price changes, then that's going to be dependent on how much they're getting out of it.
View full review »Veracode is inexpensive and cost-effective. The licensing model is unambiguous. You know what you are getting. They also give you several seats for training. That's why it would benefit them to improve the training because more people could take advantage of it and use certifications. Some certifications for other products don't have much real value, but Veracode is a product many companies use, so it could help people get jobs.
If you're concerned about the cost, you should meet with a representative to talk about pricing. Veracode is flexible, and they're willing to let companies try the platform or test different features. They will work with companies to get to the point where they'll use it.
View full review »CM
reviewer2296401
CyberSec professional at a manufacturing company with 5,001-10,000 employees
Veracode is fairly priced.
View full review »It is an expensive solution, but it's the best solution available on the market. If you want something at the top, you have to pay a bit more than the average.
Regarding extra expenses, it depends on what you want to buy. They have certain bundles that provide support via a hotline system with customer service. They can provide you access to certain security laboratories. You can opt for several licenses to educate more developers to be responsible for the security of your applications. All of these change the initial cost.
Of course, if you add more things, you can benefit from a better price. It depends on your negotiation skills and the number of licenses you want to buy.
The price can vary from year to year, and prices usually go up. Maintenance for the servers that do the scanning takes money, as do CPU, power, and memory. And there are the reports that are kept in the history for checking and for ISO certification. Those costs build up during a year.
For example, we have to manually upload the application that we are scanning because it's quite big, and it takes one day to be scanned. That means their scanner runs for a day on this application, and then we get the results back. That means our application is heavily consuming resources of that cloud server. Those resources are no longer paid for directly by us. We delegate this job to Veracode to do it for us, and we pay for it. But we free up our servers locally and can do other jobs with them.
We aren't trying to reduce our costs. We are trying to improve the security and quality to be sure that we and our customers don't have security issues. At the end of the day, security is the most important part. With every new release and with every new year, we allocate more and more to these operations, to improve our overall security.
View full review »The pricing of the product depends upon the number of codes or the number of applications.
You do get value for the price, but unfortunately, for a small enterprise, it's not a good option. It isn't affordable for small businesses. It's expensive for startups. They need to consider its pricing. Its pricing is not so favorable for small businesses that would love to use it.
View full review »Veracode is priced competitively for our market.
View full review »JA
Jai Agarwal
Technical Architect at Orange España
There are no setup or implementation charges. They offer a free trial and free consulting services. That was the first impression it made and something we liked about the Veracode.
The price depends on your requirements, your source code sizes, and how complicated your source code is. Prospective buyers should understand their requirements when it comes to source code and data size first, and how often they require security analysis of their source code.
View full review »Veracode is a very expensive product.
View full review »SA
Shahnawaz Azam
Manager IT at a tech company with 201-500 employees
Veracode is fairly priced.
View full review »JV
reviewer2183154
Manager Consultant at a tech services company with 1-10 employees
Veracode provides value for the cost, with no additional charges apart from the standard licensing fee.
View full review »It has good, fair licensing. If the price could depend on the scope of its scanning or the languages supported, then that would be better.
It is quite important to have fixed or static costs because it is easier for our financing.
Compared to other solutions, Veracode is more expensive but offers a lot for free.
View full review »GG
Gustavo_Gonzalez
Technical Program Manager at a engineering company with 10,001+ employees
Veracode is a very complete tool; that drives you to invite customers, the apps team, developers and even the product and marketing team to navigate through the whole application. Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
View full review »Veracode's pricing is on the higher end, but it is acceptable.
View full review »The price is reasonable and affordable for a small company like ours. Veracode provides a lot of features. You can purchase some additional tools. For example, we are currently testing software composition analysis. We discussed adding that to our standard package.
CD
reviewer1745850
Vice President QE Practice at a computer software company with 1,001-5,000 employees
Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier. It depends upon the ecosystem you are using, whether your application is a web application or a custom, non-web application. It can support all of them. The pricing depends where you are at with your overall security strategy.
If you have multiple applications and you want to scale it at an enterprise level, this is a good tool. But a very small shop might not want to go with it because there are a bunch of alternatives that work well. Again, it depends upon where you are at on your overall software AppSec journey.
View full review »SS
ShubhamSharma5
Senior Consultant at Material Vision
We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides. In addition to the standard licensing costs, there are no additional costs.
To someone who is looking at Veracode but is concerned about the price, I would recommend exploring it themselves. They might not need the same features that we need. They might be looking at some other aspects of security. I would recommend exploring it and doing a price evaluation based on their needs.
View full review »KW
Konah Wafula
Founder/Developer at Sarkonah
The pricing is fair. You get a lot out of the product. If you're concerned about the pricing, I will show you how it is cheap.
View full review »Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able to add and remove microservices and scale them that way.
The pricing is solid. I think with the current consolidated pricing that we have is pretty consistent every year.
View full review »I'm not familiar with the costs, but I believe it's around half a million. I'm not sure how it compares to the other solutions, but I assume they're all in the same ballpark. HCL might have been a little less expensive.
KB
reviewer1705929
Sr. VP Engineering at a computer software company with 51-200 employees
I was impressed with the pricing we got from Veracode. I was able to make it work very well within our budget.
View full review »The price is worth it. You have to consider the cost versus the security Veracode provides. It's also cheaper than the other solutions we considered.
SC
Stephen Cook
Systems Engineer at Shift movers
Veracode is a little costly. It's cost-effective for a large enterprise, but it may be too expensive for small businesses.
View full review »SR
reviewer2067186
Product Marketer at a media company with 1,001-5,000 employees
The pricing is fair. We are planning to renew for the next year.
It's definitely value for money. I would tell someone who is looking at Veracode not to be concerned about the pricing because the value that they will get, for this price, in the market, is very good when it comes to their long-term plans.
View full review »NS
delivery908448
Delivery Manager at a tech vendor with 10,001+ employees
Veracode's price is reasonable because of the value it offers. If you don't catch bad code before it goes into production, you have to spend money to rework it, and a security failure in your product can cost your company. We think it's worth what we pay.
It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.
View full review »PR
Paul Rice
Senior Security Consultant at a financial services firm with 1,001-5,000 employees
The price of Veracode Static Analysis could improve.
Sometimes the model that Veracode pushes forward for you to use isn't beneficial. I advise companies to use SonarQube and Veracode together because we use SonarQube for all the individual developers to scan and do their checks and tasks before they do a full peer review to make sure that they have it clean and it's understood. We then use Veracode Static Analysis for repository control because you need fewer licenses. Veracode Static Analysis is expensive and this is why we split the two solutions.
There are extra costs per developer and it can get expensive quickly. They charge approximately $25 a month for each developer that uses it.
I rate the price of Veracode Static Analysis an eight out of ten.
View full review »To my knowledge, licensing for Veracode Static Analysis is paid yearly by my company.
View full review »The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees.
I rate the price of Veracode Static Analysis a three out of ten.
View full review »The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us. It's an expensive product but we are paying for quality.
View full review »ST
Sebastian Toma
Engineering Security Manager at Nextiva
They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works.
We are in negotiations with Veracode. The old model was about $500 for dynamic analysis and about $4500 for the static analysis, per app or service, per year.
Veracode offers a lot of other license options that you can put on top of what we just discussed, but I don't think we ever looked into any of those. The way we implemented it was very straightforward. You have your app and you pay this much for both dynamic and static licensing. That's all we cared about per year.
SM
Swarup M
Security Analyst at a tech services company with 11-50 employees
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
View full review »It's very expensive, especially when you are a very small organization. If you're using Veracode at an individual level, for example, you're a developer or you run agents, the pricing might not affect you, but if you're using it at a company level to troubleshoot security issues, the pricing is not quite favorable. It may affect ROI.
View full review »SP
Stephen Pack
Software development program leader at Vendavo
From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately.
I like that the platform provides you with some flexibility. We had to revise our licensing because it did not fit our environment. We wanted to license based on the number of applications, rather than another measure such as the number of lines of code. There was clearly some complexity that led us to be in that situation, although it seems preventable. Ever since our last renewal, the licensing has been smooth and clear. There is a certain amount of flexibility in that regard but also, they allow us some leeway in our current model.
There have been times when for some reason, we spin up a new application on a temporary basis. It may be because we're trying a new configuration. Even though we're licensed for a certain number of applications, the platform lets us exceed that. Consequently, we receive an email stating that we can't do that forever, but it's very useful to have the flexibility for the couple of times that we've used it to briefly exceed the application account.
View full review »SM
reviewer1450479
Principal for the Application Security Program and Access Control at a engineering company with 10,001+ employees
It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent.
We bought the product for its expected benefits, in terms of all the bells and whistles that we saw during the sales cycle. When it came time to really implement it, that is where we have been having buyer's remorse.
View full review »If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount.
View full review »DC
Dave Cheli
Chief Technology Officer
I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product.
About licensing, just go ahead and get them.
Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code.
The solution is expensive.
View full review »VD
reviewer1526550
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Veracode is costly. They have different license models for different customers. What we had was based on the amount of code that has been analyzed. The license that we had was capped to a certain amount, for example, 5 Gig. There would be an extra charge for anything above 5 Gig.
View full review »KS
reviewer2381340
Lead Consultant DevOps and Infrastructure at a tech vendor with 5,001-10,000 employees
I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features.
View full review »For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization.
View full review »AF
reviewer2333736
Cloud system engineer at a consultancy with 1-10 employees
Veracode is affordable for large organizations, but its pricing may be out of reach for small and medium companies.
View full review »LF
reviewer1699062
Sales Engineer at a computer software company with 51-200 employees
Its pricing is fair.
View full review »SM
ShubhamMittal
Sponsorship Sales Specialist
The pricing is a bit high. Although we are in a trial phase, if we are going to make the decision to purchase the software, the pricing is going to be high for us.
For our company, the price is reasonable for the benefits that we get.
We paid for a one-year license. The contract was reasonable in terms of financial features. The pricing itself depends on the size of the company and on how much the company is willing to pay for these security extensions and how much the company is willing to invest in security in the first place.
View full review »NS
Nachu Subramanian
Automation Practice Leader at a financial services firm with 10,001+ employees
Veracode is very, very expensive, one of the most expensive security scanning tools available.
We pay an annual license fee that is over $1 million.
DM
reviewer1450191
IT Cybersecurity Analyst at a educational organization with 11-50 employees
The solution is very pricey.
View full review »CG
reviewer1258986
Enterprise Architect, VP at a financial services firm with 501-1,000 employees
I do not remember the licensing costs off hand. I would probably estimate it to be between 50,000 to 75,000 in our case.
View full review »KM
Karen Meohas
Information Assurance Manager at xMatters
Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive.
There is also a fee for the support package, which I think is extremely expensive. We used to have the premium support and we didn't use most of it, so we're downgrading to the basic support, and even the basic support is expensive.
AS
reviewer1436241
DevSecOps Consultant at a comms service provider with 10,001+ employees
Veracode's price is high. I would like them to better optimize their pricing.
View full review »ST
Associat7de6
Associate Director
It is pricey. There is a lot of value in the product, but it is a costly tool.
The customer should demand better turnaround times for the money that they are paying, especially around the reporting and standing up processes that we need to go through. It needs much more technical information on the platform with a tool that can help with information or have 24/7 support available, then it will be worth the price that we are paying, because right now, we don't have many options. There are not may companies who are in the market for Veracode, who want this type of in-depth analysis and examination. That is why customers, with the money that they are paying, have room for improvement in the scope of the Veracode product.
I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms. I suggest just not to get tied up with a long-term commitment, because I have seen with Black Duck that they are almost one-third of the price of the big platforms. Once there are the same features and functionality (or lot better performance) available in the market, people are going to migrate away from this platform. The market is changing so fast, and with the Black Duck acquisition, it is also expected that we may get a solution with a much faster platform with much better service at a cheaper price.
CS
reviewer2249226
Executive Assistant at a tech company with 51-200 employees
Veracode's price is reasonable.
View full review »FN
reviewer2131128
Application Security Engineer at a financial services firm with 1,001-5,000 employees
My advice to anyone considering Veracode will be to negotiate with the team directly and define what constitutes an additional application.
View full review »RL
reviewer1448070
Security Architect at a financial services firm with 1,001-5,000 employees
In addition to the standard licensing fees there's a support cost and an implementation cost at the beginning.
View full review »The price of Veracode Static Analysis is on the higher side.
View full review »DJ
DavidJellison
Senior Director, Quality Engineering at a tech services company with 1,001-5,000 employees
The Veracode price model is based on application profiles, which is how you package your components for scanning. Veracode recently included SCA pricing and support pricing as a factor of the SAST scan count cost. When using microservices, you may need to negotiate pricing based on actual application counts where microservices are usually a portion of an application.
View full review »HJ
Hemanth Jayakumar
Sr Director at a non-profit with 51-200 employees
The solution recently doubled in price over the past year, which is why I've decided to move away from it. The price jump doesn't make sense. It's not like there was a sudden influx in new features or advancements.
Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.
View full review »RR
reviewer1310136
Founder & CEO at a healthcare company with 1-10 employees
The pricing for qualified startups such as Neo4j could be improved.
It allows startups to develop a secure product, but it takes time for startups to get money for the products.
Veracode could provide the services, at a significantly lower price during that period with a condition that the moment that it becomes production, Veracode has to be paid.
If they would change that, it would be phenomenal for the entire industry and for them.
Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward.
View full review »AB
Reviewer64985
Principle Consultant at a tech services company with 11-50 employees
Checkmarx is a very good solution and probably a better solution than Veracode, but it costs four times as much as Veracode. You need an entire team to maintain Checkmarx. You also need on-premise servers. So, it is a solution more for an enterprise customer. If you have a small- to medium-sized company, Checkmarx is very hard to use, because it takes so many resources. From this point of view, I would certainly recommend for now, Veracode for small- to medium-sized businesses.
Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors.
Veracode provides a very good balance between a working solution and cost.
View full review »The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune.
View full review »Just do your research. Make sure you're getting the best price on this. It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in. Then just see if it can work. Try and make sure you get the best price possible.
View full review »I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good. It's just a good product, overall.
View full review »MV
Mauro Verderosa
Cybersecurity Expert at PSYND
The pricing is quite standard. It's not cheaper, it's not more expensive.
SH
ChiefInfaf47
Chief Information Security Officer with 501-1,000 employees
We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you pay for too. Vendors need to be fair and I think Veracode has been fair.
We use their SaaS solution and it's just an annual subscription.
View full review »SK
Siddharth Kundalkar
Director Software Engineering at a tech services company with 51-200 employees
I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform.
View full review »NĐ
reviewer1825527
Product Security Engineer at a tech services company with 5,001-10,000 employees
I don't have any insights on pricing. I don't handle any aspects of the licensing process so I can't speak to the overall costs or terms.
View full review »BM
Assistan84a9
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need.
View full review »Veracode is expensive. But the solution is worth it.
View full review »JS
reviewer1345386
Senior Software Developer at a pharma/biotech company with 201-500 employees
Its cost for what we needed it for was too high. It wasn't too high for other companies and it was competitively priced, but for us, it just didn't fit. We did plan to use it and increase the usage. In the end, it may have been abandoned because of the cost, but I'm not a hundred percent sure. So, even though we had planned on using it more and more, because of the cost and the business conditions of things, we didn't have the opportunity to really use it more.
View full review »No issues, the pricing seems reasonable.
View full review »EP
Elina Petrovna
Professor at BitBrainery University
Costs are reasonable. No special infrastructure is required and the license model is good.
View full review »I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others.
Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money.
You really need to understand how your application is going to be delivered and not think of it just as, "This is a website and this is a mobile app," or "This is a website and this is a fat client." Often, with new frameworks, you have websites - especially with Java specifically, which is not even a new framework - running Java, but you also have things running in a local Java sandbox on the machine, or on a Java virtual machine. You really want to understand how that application is being delivered to the end-user, and not just think of it as applications on a box and websites.
SS
reviewer1451973
Head Of Information Security at a media company with 51-200 employees
The pricing is really fair compared to a lot of other tools on the market.
It's not like a typical SaaS offering. Let's say you got SaaS software from G Suite. You're going to get Google Docs and Google Drive and Google Sheets, etc. It's going to be the same for everybody. But in Veracode, it's not. You buy a license for specific kinds of scanners. I had two licenses for static analysis scanners and one license for a dynamic analysis scanner.
View full review »EC
Evan Christoe
AVP, IS Manager at a financial services firm with 1,001-5,000 employees
We are about to enter discussions for renewal. I have heard there may be some changes to pricing. I will reserve judgment until the discussions are complete.
View full review »We're very comfortable with their model. We think they're a good value.
We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach.
So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily. I'd say many customers might not quite go to that level. But that's their choice.
View full review »If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price.
View full review »Negotiate for the best deal.
View full review »Negotiate some, but their prices are reasonable.
View full review »We get good value out of what we have right now.
View full review »The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was.
The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements.
View full review »AE
AldrineEinsteen
Enterprise Architect at a computer software company with 1-10 employees
I have no idea what the licensing costs on the solution are. Our IT team handles the details.
View full review »VV
reviewer1542384
Senior Project Manager at a computer software company with 501-1,000 employees
I don't have enough information to be able to comment on the cost of licensing the product. That's more of a sales question. I don't handle any aspect of that part of the solution.
View full review »Pricing is worth the value.
View full review »I don't know about the prices.
View full review »Pricing/licensing is complicated.
View full review »I'm not the pricing guy.
Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.
View full review »The pricing is good for static code analysis.
View full review »This solution is on the pricey side. They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey.
View full review »It's worth the value.
View full review »We are satisfied.
View full review »The pricing is pretty high.
View full review »Buyer's Guide
Veracode
March 2024
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.