CAST Highlight vs Onapsis comparison

The compared CAST and Onapsis solutions aren't in the same category. CAST is ranked #16 in SCA , with an average rating of 7.5, and holds a 1.2% mindshare in the category. Onapsis is ranked #33 in AS , and holds a 0.7% mindshare. Additionally, 85% of CAST users are willing to recommend the solution, compared to 100% of Onapsis users who would recommend it.

CAST Highlight

Read 7 CAST Highlight reviews

1,670 Views
651 Comparison Views

85% willing to recommend

Onapsis

Read 1 Onapsis review

877 Views
807 Comparison Views

100% willing to recommend

CAST Highlight

Onapsis

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between CAST Highlight and Onapsis based on real PeerSpot user reviews.

Find out what your peers are saying about Snyk, Black Duck, Veracode and others in Software Composition Analysis (SCA).

To learn more, read our detailed Software Composition Analysis (SCA) Report (Updated: March 2026).

Buyer's Guide

Software Composition Analysis (SCA)

March 2026

Download the complete report

Helped 885,264 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

CAST Highlight

Average Rating

7.8

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Software Composition Analysis (SCA) (16th)

Onapsis

Average Rating

8.0

Number of Reviews

Ranking in other categories

Application Security Tools (33rd)

Mindshare comparison

CAST Highlight and Onapsis aren’t in the same category and serve different purposes. CAST Highlight is designed for Software Composition Analysis (SCA) and holds a mindshare of 1.2%, up 0.9% compared to last year.
Onapsis, on the other hand, focuses on Application Security Tools, holds 0.7% mindshare, up 0.1% since last year.

Software Composition Analysis (SCA) Mindshare Distribution
Product	Mindshare (%)
CAST Highlight	1.2%
Black Duck SCA	11.7%
Snyk	10.5%
Other	76.6%

Software Composition Analysis (SCA)

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
Onapsis	0.7%
SonarQube	16.3%
Checkmarx One	9.9%
Other	73.1%

Application Security Tools

Featured Reviews

Jayanti Rode

Technical Associate Manager at Accenture

Identifies migration blockers and boosters while facing challenges with platform-specific roadblocks

The solution provides agnostic blockers for platforms as well as for containerization. Within that containerization, it offers generic blockers. However, my project might require it to provide Windows-specific blockers or Linux-specific blockers, as I often work with only one platform at a time. If I received categorization in containerization blockers, it would save time. Understanding only the OS-specific blockers means I would avoid resolving irrelevant issues, thus saving time. Initially, I receive a response from support, however, if there is involvement from R&D or other teams, it may take longer than expected. The support team is challenging when sharing source code. As this is a static code analysis tool, it sometimes requires source code for R&D. However, CAST clients may be restricted from sharing due to business logic and nondisclosure agreements. This creates a challenge, and I may have to share pseudo code or seek client approval, risking escalation.

Read full review

it_user19113

SAP Security Consulting Engineer at a computer software company with 10,001+ employees

It checks for and reports vulnerabilities on all SAP systems at the OS, DB and SAP levels.

I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background jobs and additional work to get them published. It was difficult to get interactive reports to the different levels of the business. I would have to download them and send them out, or save them on my SharePoint site and send out a weekly link. In the version of the product I was usingת I had to log into the X1 system directly to get to the reports. Reporting would be used by several different areas of the organizationת many of whom would be at the director and executive levels. It would not make sense to have them log directly into the tool to look at these reports. Add to this that there was only one ID that could be used to log in and view the reports. To solve this problemת I had to run all of the different reports; executive summary down to detailed analysis and then export them out to my security team SharePoint site. To automate this processת a batch script was created to run after the X1 analyzed the systems. The script would pull the reports and place them in the SharePoint site automatically, but it was a bit of a hassle to get set up.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution provides agnostic blockers for platforms as well as for containerization."

"We've been using it for two years and found that it is really profitable to have the product in our arsenal."

"It offers good performance."

"CAST Highlight is easy to use and has a good dashboard."

"In cloud migration, I use CAST highlight to identify blockers, which are the negative road patterns, and also the boosters, which are positive code patterns."

"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable, and it works seamlessly with most languages."

"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."

"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."

More CAST Highlight pros

"It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape."

Cons

"If I received categorization in containerization blockers, it would save time."

"The ease of configuration and customization could be improved in CAST Highlight."

"There's a bit of a learning curve at the outset."

"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."

"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."

"There could be potential improvements or additional features added to CAST Highlight to make it better."

"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive."

"It is a pretty costly tool. A lot of customers are resistant to using it."

More CAST Highlight cons

"Reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience."

Pricing and Cost Advice

"CAST Highlight is an expensive solution."

"It is a pretty costly tool. A lot of customers are resistant to using it."

"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."

"Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.

See recommendations

885,264 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Computer Software Company

Government

Outsourcing Company

Energy/Utilities Company

19%

University

13%

Retailer

Non Tech Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	5

No data available

Questions from the Community

What is your experience regarding pricing and costs for CAST Highlight?

The pricing of CAST Highlight was not considered expensive or cheap, and no specific comment was made about the setup cost.

See all answers

What needs improvement with CAST Highlight?

See all answers

What is your primary use case for CAST Highlight?

For CAST, I use it in cloud migration roadmap and in open source safety issues. These are my two main use cases.

See all answers

Ask a question

Earn 20 points

Comparisons

SonarQube vs CAST Highlight

Compared 14% of the time

Snyk vs CAST Highlight

Compared 13% of the time

Veracode vs CAST Highlight

Compared 12% of the time

Black Duck SCA vs CAST Highlight

Compared 12% of the time

More CAST Highlight Competitors

ERPScan SMART Cybersecurity Platform vs Onapsis

Compared 16% of the time

SonarQube vs Onapsis

Compared 13% of the time

Nullify vs Onapsis

Compared 11% of the time

Qualys Web Application Scanning vs Onapsis

Compared 8% of the time

More Onapsis Competitors

Product Reports

Buyer's Guide

CAST Highlight

March 2026

Download CAST Highlight product report

Buyer's Guide

Application Security Tools

February 2026

Download Onapsis product report

Overview

CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It automatically analyzes source code of hundreds of applications in a week for Cloud Readiness, Software Composition Analysis (Open Source risks), Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.

CAST is the software intelligence category leader. CAST technology can see inside custom applications with MRI-like precision, automatically generating intelligence about their inner workings - composition, architecture, transaction flows, cloud readiness, structural flaws, legal and security risks. It’s becoming essential for faster modernization for cloud, raising the speed and efficiency of Software Engineering, better open source risk control, and accurate technical due diligence. CAST operates globally with offices in North America, Europe, India, China. Visit www.castsoftware.com.

CAST

Through continuous monitoring, the Onapsis Security Platform (OSP) delivers a near real-time preventative, detective and corrective approach for securing SAP systems and applications whether deployed on-premise, or in a private, public or hybrid cloud environment.

Onapsis

Sample Customers

Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF

Sony, US Army, Westinghouse, AXA. Galicia, Daimler, Roche, Levi's, Siemens, ABB, KPMG, Mercardo Libre, Verizon, Bacardi, Adgas, Sicpa, Whirlpool, Leaseplan

Buyer's Guide

Software Composition Analysis (SCA)

March 2026

Download Free Report

Find out what your peers are saying about Snyk, Black Duck, Veracode and others in Software Composition Analysis (SCA). Updated: March 2026.

DOWNLOAD NOW

885,264 professionals have used our research since 2012.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.