Try our new research platform with insights from 80,000+ expert users

Apiiro vs Veracode comparison

Apiiro and Veracode are both solutions in the Static Application Security Testing (SAST) category. Apiiro is ranked #20 with an average rating of 8.5, while Veracode is ranked #2 with an average rating of 8.1. Apiiro holds a 0.7% mindshare in SAST, compared to Veracode’s 8.3% mindshare. Additionally, 100% of Apiiro users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
Apiiro
Read 2 Apiiro reviews
  • 1,056 Views
  • 66 Comparison Views
100% willing to recommend
Veracode
Read 201 Veracode reviews
  • 15,486 Views
  • 1,866 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Veracode and Apiiro compete in the application security category. Apiiro takes the lead with its comprehensive feature set and proactive security management approach.

Features: Veracode enhances security with static analysis capabilities, diverse integration options, and a streamlined deployment process. Apiiro offers detailed threat modeling, risk analysis, and a comprehensive, proactive security posture.

Room for Improvement: Veracode can improve its reporting functionalities, speed of analysis, and expand integrations. Apiiro requires enhanced integration options, more detailed user guides, and service assistance improvement.

Ease of Deployment and Customer Service: Veracode is straightforward to deploy with strong customer support. Apiiro provides flexible deployment but needs better service streams.

Pricing and ROI: Veracode is cost-effective with low setup costs, enhancing ROI. Apiiro has higher initial costs but offers long-term value with its feature-rich offering.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Apiiro vs. Veracode Report (Updated: May 2025).
Buyer's Guide
Apiiro vs. Veracode
May 2025
Download the complete report
Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Apiiro
Ranking in Static Application Security Testing (SAST)
20th
Ranking in Software Composition Analysis (SCA)
11th
Ranking in Application Security Posture Management (ASPM)
4th
Average Rating
8.6
Reviews Sentiment
7.7
Number of Reviews
2
Ranking in other categories
API Security (11th), Software Supply Chain Security (8th), Risk-Based Vulnerability Management (12th)
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Ranking in Software Composition Analysis (SCA)
3rd
Ranking in Application Security Posture Management (ASPM)
2nd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
201
Ranking in other categories
Application Security Tools (2nd), Container Security (8th), Static Code Analysis (1st)
 

Mindshare comparison

As of June 2025, in the Static Application Security Testing (SAST) category, the mindshare of Apiiro is 0.7%, up from 0.5% compared to the previous year. The mindshare of Veracode is 8.3%, down from 10.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Ryan-Murphy - PeerSpot reviewer
A great secrets detection feature, good visibility, and integrates well
The biggest benefit of Apiiro for us was the visibility it gave us into our GitHub organization, which we didn't have much of before. The benefit of adding Apiiro early is that it would be integrated into our pipeline from the start. Since we have had some of our software products for many years, we would have to do a lot of cleaning up before integrating Apiiro into our developer workflow. Integrating Apiiro early allows us to stay ahead of the curve on security issues and address them as they arise, rather than having a huge backlog for developers to fix. Apiiro's ability to provide visibility into the risk of our application components is great. This was a selling feature for us. Apiiro was a less mature product a little over a year ago when they were still early on in their development. However, they have made fantastic advancements over the last year, which has given us much more visibility into that sort of thing. Apiiro has helped prevent business-critical risks by making recommendations based on what it thinks is a high or critical issue. I think it does a pretty good job at that, but those recommendations still need a manual review from us. In general, if Apiiro flags a critical issue, it is usually pretty close to identifying whether it is business-critical or not. It is something we should review, even if we end up downgrading it. Apiiro raises valid concerns, and I am happy that it does.
Read full review
David-Robertson - PeerSpot reviewer
Static scanning and software composition analysis are very helpful, but the usability needs improvement
Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The workflow automation is likely the best aspect of the solution."
"Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."
"It has an easy-to-use interface."
"The most valuable feature is the dynamic application security testing."
"The ease of integration with Bitbucket pipelines and Git pipelines is vital for us."
"I have found the user interface extremely helpful in prioritizing issues."
"We have to look at it from the perspectives of how important it is to fix something and when it should be prioritized for fixing. The JSON output from the agent-based scans gives us the CVS core, and that makes things much easier."
More Veracode pros
 

Cons

"I would like support for our self-hosted Git server, other than GitHub, just regular Git."
"User management is a little bit clunky."
"The scanning could be improved, because some scans take a bit of time."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"They need to have a plug-in, a better integration with the development environment."
"It would be better if we had a channel for direct communication with the engineering team to speed up the process of providing feedback."
"Veracode does not support scans for .NET Blazor server applications."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
"Maybe the boards could be made easier to understand or easier to customize."
"There is room for improvement in the speed of the system. Sometimes, the servers are very busy and slow... Also, the integration with SonarQube is very weak, so we had to implement a custom solution to extend it."
More Veracode cons
 

Pricing and Cost Advice

Information not available
"It is an expensive solution, but it's the best solution available on the market. If you want something at the top, you have to pay a bit more than the average."
"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."
"The price of Veracode Static Analysis could improve."
"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
"Veracode's price is high. I would like them to better optimize their pricing."
"It's worth the value"
"The pricing is reasonable compared to other tools."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
20%
Financial Services Firm
12%
Comms Service Provider
8%
Outsourcing Company
7%
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Apiiro?
Apiiro's secrets detection feature has saved us several times, which we appreciate greatly.
See all answers
What is your experience regarding pricing and costs for Apiiro?
My understanding is the pricing is pretty competitive.
See all answers
What needs improvement with Apiiro?
Apiiro recently integrated SaaS, and we would love to see them expand on that. They provide many integrations to different products, including SaaS products such as Snyk. Ideally, Apiiro would incl...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

Snyk vs Apiiro Logo
Snyk vs Apiiro
Compared 29% of the time
Cycode vs Apiiro Logo
Cycode vs Apiiro
Compared 20% of the time
Ox Security vs Apiiro Logo
Ox Security vs Apiiro
Compared 16% of the time
Legit Security vs Apiiro Logo
Legit Security vs Apiiro
Compared 9% of the time
SonarQube Server (formerly SonarQube) vs Apiiro Logo
SonarQube Server (formerly SonarQube) vs Apiiro
Compared 8% of the time
More Apiiro Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 19% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 10% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 4% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Application Security Posture Management (ASPM)
June 2025
Apiiro reportDownload Apiiro product report
Buyer's Guide
Veracode
May 2025
Veracode reportDownload Veracode product report
 

Also Known As

Apiiro Control Plane (ASOC), Apiiro API Security (SAST), Apiiro Open Source (SCA)
Crashtest Security , Veracode Detect
 

Overview

Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context.

Companies like Morgan Stanley, SoFi, Rakuten, and Navan leverage Apiiro's ASPM to...

Get complete application and risk visibility: Apiiro takes a deep, code-based approach to ASPM. Its Cloud Application Security Platform analyzes source code and pulls in runtime context to build a continuous, graph-based inventory of application and software supply chain components.

Prioritize risks with code-to-runtime context: With its proprietary Risk Graph™️, Apiiro contextualizes security alerts from third-party tools and native security solutions based on the likelihood and impact of risk to uniquely minimize alert backlogs and triage time by 95%.

Fix and prevent risks that matter—faster: By tying risks to code owners, providing LLM-enriched remediation guidance, and embedding risk-based guardrails directly into developer tools and workflows, Apiiro improves remediation times (MTTR) by up to 85%.

Apiiro's native security solutions include API security testing in code, secrets detection and validation, software bill of materials (SBOM) generation, sensitive data exposure prevention, software composition analysis (SCA), and CI/CD and SCM security.



Apiiro

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Morgan Stanley, Rakuten, Jack Henry, SoFi, Colgate, Navan
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Apiiro vs. Veracode
May 2025
Free Report: Apiiro vs. Veracode
Find out what your peers are saying about Apiiro vs. Veracode and other solutions. Updated: May 2025.
DOWNLOAD NOW
856,873 professionals have used our research since 2012.
See our Apiiro vs. Veracode report.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.