What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
174 Ratings

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
174 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.9 out of 100

Attribute Ratings

Likelihood to Recommend

8.9

Veracode

89%
115 Ratings

Likelihood to Renew

8.1

Veracode

81%
4 Ratings

Usability

7.5

Veracode

75%
26 Ratings

Availability

9.1

Veracode

91%
1 Rating

Performance

6.4

Veracode

64%
1 Rating

Support Rating

7.9

Veracode

79%
59 Ratings

Implementation Rating

7.3

Veracode

73%
2 Ratings

Configurability

6.4

Veracode

64%
1 Rating

Ease of integration

5.5

Veracode

55%
1 Rating

Product Scalability

7.3

Veracode

73%
1 Rating

Vendor post-sale

6.0

Veracode

60%
2 Ratings

Vendor pre-sale

8.2

Veracode

82%
1 Rating

Likelihood to Recommend

Veracode

I think that Veracode is a good basic code scan in order to ensure code security. It is super easy to integrate into CI-CD processes and offers good protection against common code vulnerabilities. It is less appropriate to consider it as the ONLY security consideration for your application.
Read full review

Pros

Veracode

  • The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
  • Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
  • SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
  • Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
Read full review

Cons

Veracode

  • Build a ticket management screen into the platform
  • Easier integrations to SSO/SAML
  • A different method of having API users, they should be either integrated into the team (an API key as part of the team) or at least separate from the regular user area.
Read full review

Pricing Details

Veracode

Starting Price

Editions & Modules

Veracode editions and modules pricing
EditionModules

Footnotes

    Offerings

    Free Trial
    Free/Freemium Version
    Premium Consulting/Integration Services

    Entry-level set up fee?

    No setup fee

    Additional Details

    Developer pricing options available

    Pricing Info

    Likelihood to Renew

    Veracode

    At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
    Read full review

    Usability

    Veracode

    - Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
    Read full review

    Reliability and Availability

    Veracode

    Veracode has always been up and available to us.
    Read full review

    Performance

    Veracode

    At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
    Read full review

    Support Rating

    Veracode

    Secure code training it's a great option to enable developers in the security world, it's a dynamic platform that helps to understand the vulnerabilities and how to fix them in a real environment, and the documentation contains all the information you need to understand all the functions of the Veracode platform.
    Read full review

    Implementation Rating

    Veracode

    We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
    Read full review

    Alternatives Considered

    Veracode

    I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.
    Read full review

    Scalability

    Veracode

    It meets our needs.
    Read full review

    Return on Investment

    Veracode

    • Veracode's tools can perform in a couple of hours what would take us weeks to do.
    • Our customers--rightfully--expect a high degree of security from us.
    • It's easy to integrate Veracode into a CI pipeline allowing you to catch flaws while the code changes are fresh in your mind.
    Read full review

    Screenshots

    Add comparison