2018-03-06T09:06:00Z

What is your experience regarding pricing and costs for Veracode?


Hi Everyone,

What is your experience regarding pricing and costs for Veracode?

Thanks for sharing your thoughts with the community!

Guest
2525 Answers

author avatar
Consultant

This solution is on the pricey side. They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey.

2019-06-11T11:10:00Z
author avatar
Consultant

They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works. We are in negotiations with Veracode. The old model was about $500 for dynamic analysis and about $4500 for the static analysis, per app or service, per year. Veracode offers a lot of other license options that you can put on top of what we just discussed, but I don't think we ever looked into any of those. The way we implemented it was very straightforward. You have your app and you pay this much for both dynamic and static licensing. That's all we cared about per year.

2019-05-23T06:10:00Z
author avatar
Vendor

No issues, the pricing seems reasonable.

2018-11-12T09:12:00Z
author avatar
Top 20Real User

We are about to enter discussions for renewal. I have heard there may be some changes to pricing. I will reserve judgment until the discussions are complete.

2018-11-12T09:12:00Z
author avatar
Real User

We're always looking to save the taxpayers' money. I used to tell my vendors, sharpen those pencils and make the tip laser-sharp. When it can be, I want it to be less expensive, but you get what you pay for too. Vendors need to be fair and I think Veracode has been fair. We use their SaaS solution and it's just an annual subscription.

2018-11-01T11:57:00Z
author avatar
Real User

It is pricey. There is a lot of value in the product, but it is a costly tool. The customer should demand better turnaround times for the money that they are paying, especially around the reporting and standing up processes that we need to go through. It needs much more technical information on the platform with a tool that can help with information or have 24/7 support available, then it will be worth the price that we are paying, because right now, we don't have many options. There are not may companies who are in the market for Veracode, who want this type of in-depth analysis and examination. That is why customers, with the money that they are paying, have room for improvement in the scope of the Veracode product. I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms. I suggest just not to get tied up with a long-term commitment, because I have seen with Black Duck that they are almost one-third of the price of the big platforms. Once there are the same features and functionality (or lot better performance) available in the market, people are going to migrate away from this platform. The market is changing so fast, and with the Black Duck acquisition, it is also expected that we may get a solution with a much faster platform with much better service at a cheaper price.

2018-07-03T06:10:00Z
author avatar
Real User

Negotiate for the best deal.

2018-05-23T10:30:00Z
author avatar
Real User

The pricing is good for static code analysis.

2018-05-16T08:31:00Z
author avatar
Top 10Real User

Costs are reasonable. No special infrastructure is required and the license model is good.

2018-05-04T18:03:00Z
author avatar
Real User

I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others. Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money. You really need to understand how your application is going to be delivered and not think of it just as, "This is a website and this is a mobile app," or "This is a website and this is a fat client." Often, with new frameworks, you have websites - especially with Java specifically, which is not even a new framework - running Java, but you also have things running in a local Java sandbox on the machine, or on a Java virtual machine. You really want to understand how that application is being delivered to the end-user, and not just think of it as applications on a box and websites.

2018-05-02T07:27:00Z
author avatar
Real User

We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily. I'd say many customers might not quite go to that level. But that's their choice.

2018-04-12T05:42:00Z
author avatar
Real User

Negotiate some, but their prices are reasonable.

2018-04-11T10:47:00Z
author avatar
Real User

Pricing/licensing is complicated.

2018-04-11T10:47:00Z
author avatar
Real User

We get good value out of what we have right now.

2018-03-28T12:05:00Z
author avatar
PopularReal User

If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price.

2018-03-22T09:39:00Z
author avatar
Real User

I'm not the pricing guy. Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.

2018-03-20T11:53:00Z
author avatar
Real User

I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. About licensing, just go ahead and get them. Get a license at the beginning of a project. Don't wait until the end, because you want to use the product throughout the entire software development lifecycle, not just at the end. You could be surprised, and not in a positive way, with all the vulnerabilities there are in your code.

2018-03-15T07:51:00Z
author avatar
Real User

The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was. The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements.

2018-03-14T08:56:00Z
author avatar
Real User

Just do your research. Make sure you're getting the best price on this. It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in. Then just see if it can work. Try and make sure you get the best price possible.

2018-03-13T06:59:00Z
author avatar
Real User

Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need.

2018-03-11T06:55:00Z
author avatar
Real User

Pricing is worth the value.

2018-03-08T09:23:00Z
author avatar
Real User

It's worth the value.

2018-03-08T09:23:00Z
author avatar
Real User

I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform.

2018-03-07T09:02:00Z
author avatar
Real User

The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune.

2018-03-06T09:06:00Z
Learn what your peers think about Veracode. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,846 professionals have used our research since 2012.