We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Checkmarx is a very good solution and probably a better solution than Veracode, but it costs four times as much as Veracode. You need an entire team to maintain Checkmarx. You also need on-premise servers. So, it is a solution more for an enterprise customer. If you have a small- to medium-sized company, Checkmarx is very hard to use, because it takes so many resources. From this point of view, I would certainly recommend for now, Veracode for small- to medium-sized businesses. Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors. Veracode provides a very good balance between a working solution and cost.
The Veracode price model is based on application profiles, which is how you package your components for scanning. Veracode recently included SCA pricing and support pricing as a factor of the SAST scan count cost. When using microservices, you may need to negotiate pricing based on actual application counts where microservices are usually a portion of an application.
I have no idea what the licensing costs on the solution are. Our IT team handles the details.
I do not remember the licensing costs off hand. I would probably estimate it to be between 50,000 to 75,000 in our case.
The solution recently doubled in price over the past year, which is why I've decided to move away from it. The price jump doesn't make sense. It's not like there was a sudden influx in new features or advancements. Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.