Skip to main content
TrustRadius
Veracode

Veracode

Overview

What is Veracode?

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Read more
Recent Reviews

Best in Security

10 out of 10
March 03, 2024
Incentivized
It's being used across whole organization, multiple engineering teams are using it for third-party libraries scan i.e. software …
Continue reading

Veracode to the Rescue!

10 out of 10
February 27, 2024
Veracode DAST is used on app applications in the portfolio. SAST/SCA scans and DAST scans are run monthly for all Critical application in …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

1 video

Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Veracode?

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

919 people also want pricing

Alternatives Pricing

What is SonarQube?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is Indusface WAS?

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

Return to navigation

Product Details

What is Veracode?

The Veracode platform is a software security solution that aims to be pervasive but not invasive, embedded into the environments that developers work in, with recommended fix and in-context learning. Security teams can use Veracode to manage policy, gain a comprehensive view of an organization's security posture though analytics and reporting, mitigate risks, and produce the evidence necessary to meet regulatory requirements.

It is presented as an always-on, continuous orchestration of secure development that gives organizations the confidence that the software being built is secure and meets compliance requirements.

Veracode Features

  • Supported: Continuous Scanning to reduce risks at every phase of development - Veracode Static Analysis, Dynamic Analysis, Software Composition Analysis, and Manual Penetration Test throughout SDLC.
  • Supported: Developer Experience - Finds and fixes laws in line with security integration into where developers work, automated remediation guidance, and in-context learning.
  • Supported: Comprehensive Platform Experience - Streamlined governance, risk and compliance processes through flexible policy management, unified reporting and analytics, and peer benchmarking to mitigate risks fast and deliver a successful DevSecOpsprogram.
  • Supported: Market Expansion - To meet data residency needs in EU with cloud-native instance built in Frankfurt, Germany on AWS.
  • Supported: Contextual Platform Data - Fine-tuned with nearly 2 decades of scanning and customer learning. Predicts future vulnerabilities with self-healing capabilities through applying machine learning and artificial intelligence to the data.
  • Supported: Cloud-native SaaS Architecture - Provides elastic scalability, high performance, and lower costs with cloud-native SaaS architecture.

Veracode Screenshots

Screenshot of The Veracode Platform HomepageScreenshot of Static Analysis ScansScreenshot of Findings Status and History DashboardScreenshot of The Veracode Platform

Veracode Videos

Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo

Watch The Veracode Platform

Veracode Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APAC, LATAM
Supported LanguagesJava, .NET, PHP, Android, iOS, JavaScript, Python

Frequently Asked Questions

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.

Checkmarx, Snyk, and SonarQube are common alternatives for Veracode.

Reviewers rate Support Rating highest, with a score of 8.

The most common users of Veracode are from Enterprises (1,001+ employees).

Veracode Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)18%
Mid-Size Companies (51-500 employees)65%
Enterprises (more than 500 employees)17%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(196)

Attribute Ratings

Reviews

(1-7 of 7)
Companies can't remove reviews or game the system. Here's why
Score 7 out of 10
Vetted Review
Verified User
Incentivized
300
Veracode at our organization is utilized by a few hundred people, most involved in the software development lifecycle (SDLC). They span primarily software development, DevOps, application security, and change management teams.
February 27, 2024

Veracode to the Rescue!

Score 10 out of 10
Vetted Review
Verified User
All developers use Veracode at their desktops, along with Azure pipeline scans and sandbox scans. Greenlight is used in the IDE for development. Other users are the AppSec Team in the CISO's office for oversight and management of the platform, and the compliance teams who pull data directly from the Veracode API.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
100
IT Development, Information security, vulnerability management. Development for the submission of scan and retrieval of findings. InfoSec and VM for administration, processing of analytic data.
Robert Hood | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
150
We have 5 distinct Business units from Gas Cards, Executive Expense cards, Healthcare/insurance, and Travel management. So a rather diverse set of groups. We have several Dev groups within each business unit and they all access Veracode to run their own scans (via Pipeline Scans, and Greenlight access). Their Dev Leads access Veracode itself to pull reporting, The pipeline scans integrate and feedback directly to the tools they are using and in Repos reporting issues.
Return to navigation