CAST Highlight vs Onapsis comparison

The compared CAST and Onapsis solutions aren't in the same category. CAST is ranked #18 in SCA , with an average rating of 7.5, and holds a 1.3% mindshare in the category. Onapsis is ranked #36 in AS , and holds a 0.9% mindshare. Additionally, 85% of CAST users are willing to recommend the solution, compared to 100% of Onapsis users who would recommend it.

CAST Highlight

Read 7 CAST Highlight reviews

2,130 Views
980 Comparison Views

85% willing to recommend

Onapsis

Read 1 Onapsis review

1,269 Views
1,180 Comparison Views

100% willing to recommend

CAST Highlight

Onapsis

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CAST Highlight and Onapsis based on real PeerSpot user reviews.

Find out what your peers are saying about Black Duck, Veracode, Snyk and others in Software Composition Analysis (SCA).

To learn more, read our detailed Software Composition Analysis (SCA) Report (Updated: April 2026).

Buyer's Guide

Software Composition Analysis (SCA)

April 2026

Download the complete report

Helped 893,438 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

CAST Highlight

Average Rating

7.8

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Software Composition Analysis (SCA) (18th)

Onapsis

Average Rating

8.0

Number of Reviews

Ranking in other categories

Application Security Tools (36th)

Mindshare comparison

CAST Highlight and Onapsis aren’t in the same category and serve different purposes. CAST Highlight is designed for Software Composition Analysis (SCA) and holds a mindshare of 1.3%, up 0.9% compared to last year.
Onapsis, on the other hand, focuses on Application Security Tools, holds 0.9% mindshare, up 0.2% since last year.

Software Composition Analysis (SCA) Mindshare Distribution
Product	Mindshare (%)
CAST Highlight	1.3%
Snyk	10.9%
Black Duck SCA	9.9%
Other	77.9%

Software Composition Analysis (SCA)

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Onapsis	0.9%
SonarQube	13.6%
Checkmarx One	8.8%
Other	76.7%

Application Security Tools

Featured Reviews

Jayanti Rode

Technical Associate Manager at Accenture

Identifies migration blockers and boosters while facing challenges with platform-specific roadblocks

The solution provides agnostic blockers for platforms as well as for containerization. Within that containerization, it offers generic blockers. However, my project might require it to provide Windows-specific blockers or Linux-specific blockers, as I often work with only one platform at a time. If I received categorization in containerization blockers, it would save time. Understanding only the OS-specific blockers means I would avoid resolving irrelevant issues, thus saving time. Initially, I receive a response from support, however, if there is involvement from R&D or other teams, it may take longer than expected. The support team is challenging when sharing source code. As this is a static code analysis tool, it sometimes requires source code for R&D. However, CAST clients may be restricted from sharing due to business logic and nondisclosure agreements. This creates a challenge, and I may have to share pseudo code or seek client approval, risking escalation.

Read full review

it_user19113

SAP Security Consulting Engineer at a computer software company with 10,001+ employees

It checks for and reports vulnerabilities on all SAP systems at the OS, DB and SAP levels.

I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background jobs and additional work to get them published. It was difficult to get interactive reports to the different levels of the business. I would have to download them and send them out, or save them on my SharePoint site and send out a weekly link. In the version of the product I was usingת I had to log into the X1 system directly to get to the reports. Reporting would be used by several different areas of the organizationת many of whom would be at the director and executive levels. It would not make sense to have them log directly into the tool to look at these reports. Add to this that there was only one ID that could be used to log in and view the reports. To solve this problemת I had to run all of the different reports; executive summary down to detailed analysis and then export them out to my security team SharePoint site. To automate this processת a batch script was created to run after the X1 analyzed the systems. The script would pull the reports and place them in the SharePoint site automatically, but it was a bit of a hassle to get set up.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable, and it works seamlessly with most languages."

"The most valuable features of CAST Highlight are automation and speed."

"CAST Highlight provides a clear overview of the role portfolio and allows users to assess the overall quality of the environment. Users can see where improvements are needed and follow up on trends of the application."

"We've been using it for two years and found that it is really profitable to have the product in our arsenal."

"The solution provides agnostic blockers for platforms as well as for containerization."

"CAST Highlight is easy to use and has a good dashboard."

"It offers good performance."

"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."

More CAST Highlight pros

"It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape."

Cons

"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive."

"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."

"If I received categorization in containerization blockers, it would save time."

"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."

"Technical support could be better."

"There's a bit of a learning curve at the outset."

"The ease of configuration and customization could be improved in CAST Highlight."

"It is a pretty costly tool. A lot of customers are resistant to using it."

More CAST Highlight cons

"Reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience."

Pricing and Cost Advice

"CAST Highlight is an expensive solution."

"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."

"Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."

"It is a pretty costly tool. A lot of customers are resistant to using it."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

893,438 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

Government

Outsourcing Company

Energy/Utilities Company

16%

University

13%

Construction Company

11%

Outsourcing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	5

No data available

Questions from the Community

What is your experience regarding pricing and costs for CAST Highlight?

The pricing of CAST Highlight was not considered expensive or cheap, and no specific comment was made about the setup cost.

See all answers

What needs improvement with CAST Highlight?

See all answers

What is your primary use case for CAST Highlight?

For CAST, I use it in cloud migration roadmap and in open source safety issues. These are my two main use cases.

See all answers

Ask a question

Earn 20 points

Comparisons

Snyk vs CAST Highlight

Compared 15% of the time

Veracode vs CAST Highlight

Compared 14% of the time

SonarQube vs CAST Highlight

Compared 11% of the time

Black Duck SCA vs CAST Highlight

Compared 10% of the time

Checkmarx One vs CAST Highlight

Compared 7% of the time

More CAST Highlight Competitors

SonarQube vs Onapsis

Compared 15% of the time

ERPScan SMART Cybersecurity Platform vs Onapsis

Compared 13% of the time

Nullify vs Onapsis

Compared 12% of the time

Qualys Web Application Scanning vs Onapsis

Compared 8% of the time

Klocwork vs Onapsis

Compared 6% of the time

More Onapsis Competitors

Product Reports

Buyer's Guide

CAST Highlight

May 2026

Download CAST Highlight product report

Buyer's Guide

Application Security Tools

May 2026

Download Onapsis product report

Overview

CAST Highlight is a comprehensive platform that integrates with Azure DevOps, offering remote functionalities without direct codebase access. It quickly identifies cloud migration blockers and supports most programming languages with an easy setup.

CAST Highlight stands out with its user-friendly interface and dashboard, enabling efficient scanning for environment quality. Its automation and speed are particularly valued, making it distinct in the software analysis domain. While users encounter challenges with language-specific insights and expensive licensing, they benefit from its capability to assess code base states during mergers, acquisitions, and cloud migration planning. Technical support poses issues, and some users face hurdles with configuration customization and issue reporting clarity. Despite these challenges, CAST Highlight demonstrates effectiveness in identifying application service quality and ensuring legal, security, and IP compliance.

What features define CAST Highlight?

Seamless Integration: Works with Azure DevOps for enhanced functionality.
Remote Functionality: Operates without direct codebase access, offering flexibility.
Cloud Migration Assistance: Identifies blockers and boosters for cloud strategies.
Programming Language Support: Compatible with a wide range of languages.
Easy Setup: Simplifies the process for quick implementation.

What are the benefits of using CAST Highlight?

Speed and Automation: Delivers quick scans and automated processes for efficiency.
Application Quality Insights: Provides detailed assessments for application portfolios.
Enhanced Communication: Simple notations improve team communication.
Legal and Security Compliance: Ensures compliance insights are accessible.

CAST Highlight is adopted across industries for tasks such as assessing code during mergers, managing application portfolios, and planning cloud migrations. It facilitates open source safety checks and replatforming architectures, serving roles in firewall and storage management. Users rely on it for service quality verification and distinguishing applications from competitors.

CAST

Onapsis provides cybersecurity and compliance solutions for critical business applications. It focuses on enhancing security by detecting vulnerabilities and ensuring compliance with industry regulations.

Organizations increasingly rely on Onapsis to protect their business applications from potential threats. Designed to detect and mitigate threats in real-time, it ensures business continuity by integrating with existing security frameworks. Its platform offers robust insights into vulnerabilities, enabling proactive response and management of security policies tailored to enterprise needs.

What are the key features of Onapsis?

Vulnerability Management: Identifies and reports critical risks within business applications.
Compliance Automation: Ensures adherence to regulatory standards.
Real-time Threat Monitoring: Provides continuous surveillance for immediate response.
Integration Capabilities: Seamlessly works with existing IT infrastructure.

What benefits and ROI should you expect?

Improved Security Posture: Enhanced protection for critical assets reduces risks.
Operational Efficiency: Streamlined processes lead to better resource allocation.
Risk Mitigation: Proactive threat identification prevents potential breaches.
Regulatory Compliance: Automated compliance reduces audit preparation time and costs.

Onapsis is implemented across industries like finance, healthcare, and manufacturing to secure ERP systems. Its role in protecting core business applications aligns with the industry-specific needs of securing sensitive data and maintaining compliance with sector regulations.

Onapsis

Sample Customers

Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF

Sony, US Army, Westinghouse, AXA. Galicia, Daimler, Roche, Levi's, Siemens, ABB, KPMG, Mercardo Libre, Verizon, Bacardi, Adgas, Sicpa, Whirlpool, Leaseplan

Buyer's Guide

Software Composition Analysis (SCA)

April 2026

Download Free Report

Find out what your peers are saying about Black Duck, Veracode, Snyk and others in Software Composition Analysis (SCA). Updated: April 2026.

DOWNLOAD NOW

893,438 professionals have used our research since 2012.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.