Skip to main content
TrustRadius
Veracode

Veracode

Overview

What is Veracode?

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Read more

Learn from top reviewers

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Video Reviews

1 video

Veracode Review: Provides Helpful Support When Troubleshooting Security Needs
02:38
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Veracode?

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

1078 people also want pricing

Alternatives Pricing

What is SonarQube Server?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is Indusface WAS?

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

Return to navigation

Product Details

What is Veracode?

The Veracode Platform provides a comprehensive approach to build and secure software and meet application risk management requirements through tools, solutions, AI-generated fixes and ASPM capabilities to gain visibility into vulnerabilities from code to cloud and quickly remediate them.

Learn more at www.veracode.com, on the Veracode blog, and on LinkedIn and Twitter.

Veracode Screenshots

Screenshot of the Veracode Platform HomepageScreenshot of Static Analysis ScansScreenshot of Findings Status and History DashboardScreenshot of the Veracode Platform

Veracode Videos

Veracode Static Analysis Demo
Veracode Software Composition Analysis Demo
Veracode Dynamic Analysis Demo

Watch The Veracode Platform

Watch Manhattan Associates Success Story

Veracode Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APAC, LATAM
Supported LanguagesJava, .NET, PHP, Android, iOS, JavaScript, Python

Frequently Asked Questions

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security flaws.

Checkmarx, Snyk, and SonarQube Server are common alternatives for Veracode.

Reviewers rate Implementation Rating highest, with a score of 9.1.

The most common users of Veracode are from Enterprises (1,001+ employees).

Veracode Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)18%
Mid-Size Companies (51-500 employees)65%
Enterprises (more than 500 employees)17%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 138)

Comprehensive Review of Veracode for Enhancing Security Strategies.

Rating: 8 out of 10
December 20, 2024
AB
Vetted Review
Verified User
Veracode
1 year of experience
  • Veracode offers a good suite of security testing tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), making sure vulnerabilities are identified and addressed throughout the entire software development lifecycle.
  • It integrates smoothly with mainstream CI/CD tools and development environments, such as GitHub and Visual Studio, which we primarily use, enabling automated security scans to be embedded directly into build and deployment workflows, hence enforcing security best practices early in the development process.
  • Its cloud-native architecture provides a scalable platform that handles large codebases efficiently, while its effective reporting and analytics tools offer great insights, prioritize security risks, and create documentation as per compliance, making sure teams address vulnerabilities swiftly and maintain adherence to industry security standards.
Cons
  • Its huge array of tools and features can be overwhelming for new users, requiring significant time and effort to master. The interface and workflow have a steep learning curve, and detailed documentation and training materials could be improved to make it more accessible for new developers.
  • Like many automated security tools, it sometimes generates false positives, which can result in unnecessary manual verification. This consumes time and resources as developers must manually review and validate flagged issues, which can slow down the development workflow and reduce overall efficiency.
  • While it offers detailed reporting and good documentation, there is limited to no flexibility in customizing these reports and alerts.

My experience with Veracode

Rating: 7 out of 10
September 17, 2024
NG
Vetted Review
Verified User
Veracode
5 years of experience
  • Report generation
  • Flaws description and remediation strategy
  • Consultation requests
Cons
  • Scan results stability: from one scan to another, additional flaws appear whereas code did not change.
  • Entry points selection: hard to be sure selection is optimal, should be automatized or hidden.
  • Branches management: we currently use sandboxes to scan different branches of our software. Would be good to have real branches management.

My experience using Veracode tool

Rating: 9 out of 10
November 18, 2024
SB
Vetted Review
Verified User
Veracode
3 years of experience
  • Veracode does integrate into IDE where the development starts. IDE Scans will help in reducing the versions of code.
  • The best thing about Veracode is, that it is a SAAS platform, and we can run the scan and do our other work parallelly.
  • Veracode dynamic analysis is pretty good as it clearly shows the requests it sends to the server and the response it receives from the server. Which helps in analyzing the vulnerabilities more easily.
Cons
  • Reporting work can be improved.

Good SaaS service for finding security vulnerabilities in code.

Rating: 9 out of 10
September 25, 2024
Vetted Review
Verified User
Veracode
1 year of experience
  • It is good at recommending fixing issues with third-party dependencies used in application code with detailed version information and knowing which version fixes what.
  • It has a very nice interface for triaging flaws. One can sort the vulnerabilities found in code from Very Likely to be exploited to least likely to be exploited.
  • There is a collections feature that allows us to group together groups of application profiles belonging to the same suite of applications.
Cons
  • The Veracode CLI can be provided as a setup or installer file instead of the powershell command to install it from the script.
  • There should be a copy feature that takes comments from vulnerabilities found in one application profile and imports them into matching flaws of another application profile.
  • The automated module selection at the review step just after the upload should be better at identifying entry points and should select only custom-developed code modules instead of third-party ones (at least the common ones).

One-stop SDLC Security

Rating: 10 out of 10
December 19, 2024
Vetted Review
Verified User
Veracode
1 year of experience
  • Assemblies
  • Code scanning
  • Dynamic scanning
  • Presenting results
Cons
  • The web interface needs some getting used to
  • Some parts seem a little off, as its a different piece of software that Veracode is trying to fit in
Return to navigation