TrustRadius: an HG Insights company

Veracode Reviews & Insights

Score8.7 out of 10

217 Reviews and Ratings

Top industries

Based on 1,693 HG Insights installations.

Powered by

Community Insights for Veracode

Synthesised from 7 verified reviews.


Synthesised from 7 reviews | Last Published May 27, 2026


Veracode is primarily utilized by organizations to integrate security testing directly into their software development lifecycle, emphasizing proactive vulnerability identification. It leverages Static Application Security Testing (SAST) and Software Composition Analysis (SCA) to analyze code and dependencies, often integrated into IDEs and CI/CD pipelines to


  • Effective IDE and CI/CD integration for early security checks
  • Comprehensive SAST scanning capabilities for compiled code
  • Detailed reporting and dashboards for product owners
  • SaaS platform enabling parallel work execution
  • Dynamic analysis features providing detailed request/response insights
  • Limited integration and API flexibility
  • Dated user interface and web experience
  • Inflexible reporting and analytics customization
  • Challenges with authorization models for dashboards

From 7 reviews | Last Published May 27, 2026

Improved Security Posture

5 mentions

Positive reviews by 100% of reviewers


Why it matters:

  • Reviewers frequently cited Veracode's effectiveness in significantly improving their organization's security posture. Five out of seven reviewers observed a noticeable difference in their software's safety, attributing it to the platform's ability to detect and prevent insecure code from reaching production environments. This enhancement in security directly translates to a reduced risk profile for the business.

I can see the difference before Veracode and after Veracode into the business.

SAST and SCA usage

5 mentions

Positive reviews by 100% of reviewers


Why it matters:

  • Reviewers frequently highlight Veracode's application for Static Application Security Testing (SAST) and Software Composition Analysis (SCA) within their development pipelines. The tool is integrated into the Software Development Life Cycle (SDLC) to scan code, repositories, and CI/CD pipelines, ensuring security checks are an intrinsic part of the deployment process. This comprehensive usage helps organizations identify vulnerabilities in both custom code and third-party components.

we are using its SAST and DAST features.

Reporting for stakeholders

5 mentions

Why it matters:

  • Reviewers consistently highlighted the critical importance of reporting and analytics, with 5 of 7 reviewers stating these features are essential for evaluating security posture and program maturity. While the internal reporting within the tool is considered effective, there is a desire for improved external reports that can be customized for various stakeholders, including developers and less technical management. The ability to tailor metrics for C-suite executives and measure security maturity across different teams is viewed as a key requirement for effective communication and oversight.

Report inside the tool is the best, but report to send to the respective stakeholder such as developers could be better.

Loading Reviews List....

Video reviews