• Home
  • Apiiro vs. Veracode

Apiiro vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Apiiro Logo
Apiiro
Read 2 Apiiro reviews
321 views|184 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|16,984 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Apiiro vs. Veracode
March 2024
Executive Summary

We performed a comparison between Apiiro and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Apiiro vs. Veracode Report (Updated: March 2024).
Download the complete report
769,479 professionals have used our research since 2012.
Featured Review
Ryan-Murphy
A great secrets detection feature, good visibility, and integrates well
The biggest benefit of Apiiro for us was the visibility it gave us into our GitHub organization, which we didn't have much of before. The benefit... Read more →
Anonymous User
Prevents vulnerable code, offers end-to-end visibility, and saves our developers time
Veracode's ability to prevent vulnerable code from entering the production environment is good. Using Veracode's ASC team is easy. I can send them... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The workflow automation is likely the best aspect of the solution.""Apiiro's secrets detection feature has saved us several times, which we appreciate greatly."

More Apiiro Pros →

"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode.""Scanning of .war and .jar is key for us.""We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it.""It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that.""The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future.""Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence.""We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.""The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."

More Veracode Pros →

Cons
"User management is a little bit clunky.""I would like support for our self-hosted Git server, other than GitHub, just regular Git."

More Apiiro Cons →

"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side.""The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning.""We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process.""Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry.""It will be beneficial for developers if Veracode Greenlight includes Python.""Mitigation review isn't always super easy.""They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages.""The interface is basic and has room for improvement."

More Veracode Cons →

Pricing and Cost Advice
Information Not Available
  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    769,479 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Apiiro?
    Top Answer:Apiiro's secrets detection feature has saved us several times, which we appreciate greatly.
    Read all 2 answers   →
    What is your experience regarding pricing and costs for Apiiro?
    Top Answer:My understanding is the pricing is pretty competitive.
    What needs improvement with Apiiro?
    Top Answer:Apiiro recently integrated SaaS, and we would love to see them expand on that. They provide many integrations to different products, including SaaS products such as Snyk. Ideally, Apiiro would include… more »
    Read all 2 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    21st
    out of 67 in Application Security Testing (AST)
    Views
    321
    Comparisons
    184
    Reviews
    2
    Average Words per Review
    1,148
    Rating
    8.5
    2nd
    out of 67 in Application Security Testing (AST)
    Views
    25,312
    Comparisons
    16,984
    Reviews
    101
    Average Words per Review
    976
    Rating
    8.1
    Comparisons
    Snyk logo
    Snyk vs. Apiiro
    Compared 52% of the time.
    Cycode logo
    Cycode vs. Apiiro
    Compared 15% of the time.
    Ox Security logo
    Ox Security vs. Apiiro
    Compared 13% of the time.
    SonarQube logo
    SonarQube vs. Apiiro
    Compared 11% of the time.
    Checkmarx One logo
    Checkmarx One vs. Apiiro
    Compared 5% of the time.
    More Apiiro Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 27% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    OWASP Zap logo
    OWASP Zap vs. Veracode
    Compared 4% of the time.
    More Veracode Competitors   →
    Also Known As
    Apiiro Control Plane (ASOC), Apiiro API Security (SAST), Apiiro Open Source (SCA)
    Crashtest Security , Veracode Detect
    Learn More
    Apiiro
    Veracode
    Overview

    Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context.

    Companies like Morgan Stanley, SoFi, Rakuten, and Navan leverage Apiiro's ASPM to...

    Get complete application and risk visibility: Apiiro takes a deep, code-based approach to ASPM. Its Cloud Application Security Platform analyzes source code and pulls in runtime context to build a continuous, graph-based inventory of application and software supply chain components.

    Prioritize risks with code-to-runtime context: With its proprietary Risk Graph™️, Apiiro contextualizes security alerts from third-party tools and native security solutions based on the likelihood and impact of risk to uniquely minimize alert backlogs and triage time by 95%.

    Fix and prevent risks that matter—faster: By tying risks to code owners, providing LLM-enriched remediation guidance, and embedding risk-based guardrails directly into developer tools and workflows, Apiiro improves remediation times (MTTR) by up to 85%.

    Apiiro's native security solutions include API security testing in code, secrets detection and validation, software bill of materials (SBOM) generation, sensitive data exposure prevention, software composition analysis (SCA), and CI/CD and SCM security.



    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Morgan Stanley, Rakuten, Jack Henry, SoFi, Colgate, Navan
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company23%
    Comms Service Provider10%
    Outsourcing Company8%
    Financial Services Firm8%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business39%
    Midsize Enterprise21%
    Large Enterprise40%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Apiiro vs. Veracode
    March 2024
    Free Report: Apiiro vs. Veracode
    Find out what your peers are saying about Apiiro vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    769,479 professionals have used our research since 2012.

    Apiiro is ranked 21st in Application Security Testing (AST) with 2 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. Apiiro is rated 8.6, while Veracode is rated 8.2. The top reviewer of Apiiro writes "A great secrets detection feature, good visibility, and integrates well". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Apiiro is most compared with Snyk, Cycode, Ox Security, SonarQube and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Apiiro vs. Veracode report.

    See our list of best Application Security Testing (AST) vendors, best Software Composition Analysis (SCA) vendors, and best Application Security Posture Management (ASPM) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.