We performed a comparison between Synopsys Code Dx and Veracode based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Veracode comes out ahead of Synopsys Code Dx. Although both products have valuable features and good technical support, our reviewers found that Synopsys Code Dx has higher false positive rates and less flexibility in licensing options.
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"Static analysis scanning engine is a key feature."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"Allows us to track the remediation and handling of identified vulnerabilities."
"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."
"The time savings has been tremendous. We saw ROI in the first six months."
"I like the way the flaws are reported in the system."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
"Some important languages are not supported."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"Veracode needs to improve its integration with other tools."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
"It's taking too much time to do a quality scan."
"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
Synopsys Code Dx is ranked 31st in Static Application Security Testing (SAST) with 1 review while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Synopsys Code Dx is rated 0.0, while Veracode is rated 8.2. The top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Synopsys Code Dx is most compared with Checkmarx One, Coverity and SonarQube, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.