What users are saying about
1 Rating
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
126 Ratings
1 Rating
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 5 out of 100

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
126 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.8 out of 100

Likelihood to Recommend

FOSSA

The only issue we have had is sometimes the web app is too slow, and that causes issues with us wanting to continue to use FOSSA over going with another tool. That is the only problem. I noticed it happened more recently, but if that is solved now or will be solved, I would 100% recommend this tool to anyone!
Anonymous | TrustRadius Reviewer

Veracode

It has been an excellent [user-friendly] tool and that is why our whole client organization is using it to scan their applications. We currently have 25+ applications being scanned every 6 weeks or so and we have been able to fix and identify all the issues with great ease. The fix recommendations with the exact code location are of great help. The support staff is excellent in resolving the issues and [is] always reachable[.]
Rubal Jain | TrustRadius Reviewer

Pros

FOSSA

  • Setup of tool.
  • Speed of scans.
  • Automated emails with reports.
Anonymous | TrustRadius Reviewer

Veracode

  • Binary scanning. Veracode static analysis is based out of binaries derived from source code which is more accurate that just the pure source code scanning. This accuracy translates to less false positives in the defects reported, thereby saving time of developers in tackling the real issues.
  • Veracode being a SaaS platform reduces the IT burden on your organisation. No servers to worry about, no performance concerns, no storage expansion to plan ahead and no capacity/elasticity challenges to take care of on all the infra (compute, storage, networking).
  • Veracode platform is very quick to configure and very easy to use. It just takes a few minutes to setup an application profile and start scanning. It is particularly easy to use for modern programming languages like Java as the java binaries are optimal for scanning.
  • Learning - Veracode's eLearning portal is very good and has all the relevant training on various aspects of security and again is seamlessly available in the same platform/tenant where the teams scan.
  • Security Consultation - Very easy to get help within the platform itself for a security consultation which is invaluable for the first few scans. Veracode is probably one of the very few SAST solutions which has such easy provision to get security consultation.
Śrinivāsa Rao Kuruba | TrustRadius Reviewer

Cons

FOSSA

  • Interface for loading results can be slow, this is the #1 issue we have faced.
  • Speed of scans could be improved.
Anonymous | TrustRadius Reviewer

Veracode

  • Although an improvement to what was there previously, the Analytics section using Looker, could still use some improvement. It does seem that what Veracode has deployed is a very limited version of Looker. While helpful and useful, there seems to be so much more that Looker does (such as dynamic querying), however, the version that Veracode employs doesn't seem to offer this.
  • More user control of administrative functions such as user adding/deleting. Veracode still uses a 'soft delete'/'hard delete' functionality. This can become cumbersome for self-user-administration when a deleted user has to be re-added. A support call is then necessary to have this done.
  • Their idle timeout process needs work. While using the Looker tool, you must save your work every few minutes, as their 'Shark-attack-like' idle timeout will sneak up on you and redirect you away in an instant causing you to lose any unsaved work.
Anonymous | TrustRadius Reviewer

Likelihood to Renew

FOSSA

No score
No answers yet
No answers on this topic

Veracode

Veracode 9.1
Based on 2 answers
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Anonymous | TrustRadius Reviewer

Usability

FOSSA

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.0
Based on 24 answers
This used to be terrible. Had a difficult time figuring out where information was. Partly this was due to duplicative features, jargon labels, and user navigation. However, in the seven years I've been using the product, it has gotten better.Some of my issues were associated with trying to get scans to work unassisted. Now that scans, once set up, just run periodically, I don't have to deal with that as much. Part of this might also be that I've learned what I need to know about getting around. And still part of this assessment is in comparison to other tools out there that are even worse. Still, they could benefit from an investment in a full useability redesign from someone with an outside perspective, modernizing the UX but also studying and working through the bigger usability concerns. I would love to see better diagnostic tools around getting scans to work so I wouldn't need their tech support people to get scans to work. However, as long as the scheduler keeps going, my needs on this get ever rarer.
David Nelson-Gal | TrustRadius Reviewer

Support Rating

FOSSA

FOSSA 10.0
Based on 1 answer
Never needed support but the chat and help seem forefront of the app!
Anonymous | TrustRadius Reviewer

Veracode

Veracode 7.9
Based on 53 answers
Veracode Support has been great. Any time I have had a question, they have responded in a prompt manner. I'd say nine out of ten times they are able to resolve any issues that have come up with a short email exchange. For issues requiring a bit more investigation, their consultants are tops.
Teresa Kosinski | TrustRadius Reviewer

Implementation Rating

FOSSA

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 1 answer
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Anonymous | TrustRadius Reviewer

Alternatives Considered

FOSSA

BlackDuck and Synk
Anonymous | TrustRadius Reviewer

Veracode

Veracode is SaaS, it runs quicker, [and] it has better results in terms of false positives. The company itself is a lot better than MicroFocus in terms of support and CS, it's easier to license and they truly want to help your company get better results, in terms of AppSec, they don't just sell it and leave you by yourself.
Roberto Perrotti Filho | TrustRadius Reviewer

Return on Investment

FOSSA

  • Hard to measure the ROI, but no doubt having licenses be above board is fantastic for protection of your software.
  • Caused developers to make more informed decisions.
Anonymous | TrustRadius Reviewer

Veracode

  • As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
  • The analysis report is accepted by our clients as a proper SSAT report.
  • Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.
Glenn Jones | TrustRadius Reviewer

Pricing Details

FOSSA

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Veracode

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison