We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CAST Highlight is easy to use and has a good dashboard."
"It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The most valuable features of CAST Highlight are automation and speed."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"The most valuable feature is the dynamic application security testing."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"Veracode offers various security features."
"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."
"The most valuable feature is the static scan that checks for security issues."
"There's a bit of a learning curve at the outset."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The ease of configuration and customization could be improved in CAST Highlight."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"Security can always be improved."
"If you schedule two parallel scans under the same project, one of them will be a failure."
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Checkmarx One, Snyk, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.