CAST Highlight vs Veracode comparison

CAST Highlight
Read 5 CAST Highlight reviews
  • 424 Views
  • 306 Comparison Views
100% willing to recommend
Veracode
Read 196 Veracode reviews
  • 6,136 Views
  • 4,262 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed CAST Highlight vs. Veracode Report (Updated: July 2024).
Buyer's Guide
CAST Highlight vs. Veracode
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

CAST Highlight
Ranking in Software Composition Analysis (SCA)
13th
Average Rating
7.8
Number of Reviews
5
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Software Composition Analysis (SCA)
3rd
Average Rating
8.2
Number of Reviews
196
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (4th), Penetration Testing Services (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of July 2024, in the Software Composition Analysis (SCA) category, the mindshare of CAST Highlight is 1.4%, up from 0.9% compared to the previous year. The mindshare of Veracode is 12.7%, up from 12.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Software Composition Analysis (SCA)
Unique Categories:
No other categories found
Application Security Tools
10.2%
Static Application Security Testing (SAST)
9.2%
 

Featured Reviews

VG
Nov 15, 2022
Excellent support, works seamlessly with most languages, and useful for knowing about the readiness of the codebase for cloud migration
Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. Both are licensed separately. As per CAST, Highlight is for RAPID prototyping and AIP is for in depth detailed analysis. But then there are areas which Highlights covers (Cloud Adoption) which AIP does not. Our experience in using AIP is that it also does not look at entire tech stack and does not provide the list of all technologies present in your application and then flag what is supported and what is not so that customer has clear view. Highlight probably does that. They need to simplify it for customers. I would expect CAST Highlight to have lighter version of the Health dashboard and the Engineering dashboards . These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time.
Read full review
David-Robertson - PeerSpot reviewer
Jun 17, 2024
Static scanning and software composition analysis are very helpful, but the usability needs improvement
Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It offers good performance."
"CAST Highlight is easy to use and has a good dashboard."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of CAST Highlight are automation and speed."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"The solution can scan old databases and old code written 20 years back."
"Veracode provides faster scans compared to other static analysis security testing tools."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"The Veracode support team is excellent."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used.​"
More Veracode pros
 

Cons

"The ease of configuration and customization could be improved in CAST Highlight."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"There's a bit of a learning curve at the outset."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"An area for improvement I found in Veracode is the connectivity because currently, my company uses a plugin for the dev-ops cloud-based connectivity. A pretty helpful feature would be if Veracode gives a direct code for connecting to the Oracle server directly and authenticating it via a unique server."
"The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity."
"Veracode is a little costly. It's cost-effective for a large enterprise, but it may be too expensive for small businesses."
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
More Veracode cons
 

Pricing and Cost Advice

"CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."
"It is a pretty costly tool. A lot of customers are resistant to using it."
"CAST Highlight is an expensive solution."
"Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."
"They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"The Veracode price model is based on application profiles, which is how you package your components for scanning."
"The price of Veracode Static Analysis could improve."
"The pricing is really fair compared to a lot of other tools on the market."
"Veracode's pricing is on the higher end, but it is acceptable."
"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."
"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
17%
Insurance Company
10%
Manufacturing Company
10%
Financial Services Firm
18%
Computer Software Company
16%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about CAST Highlight?
The most valuable features of CAST Highlight are automation and speed.
See all answers
What is your experience regarding pricing and costs for CAST Highlight?
CAST Highlight is an expensive solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight or nine out of ten.
See all answers
What needs improvement with CAST Highlight?
The ease of configuration and customization could be improved in CAST Highlight.
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

SonarQube vs CAST Highlight Logo
SonarQube vs CAST Highlight
Compared 71% of the time
Black Duck vs CAST Highlight Logo
Black Duck vs CAST Highlight
Compared 5% of the time
Snyk vs CAST Highlight Logo
Snyk vs CAST Highlight
Compared 5% of the time
Checkmarx One vs CAST Highlight Logo
Checkmarx One vs CAST Highlight
Compared 4% of the time
GitLab vs CAST Highlight Logo
GitLab vs CAST Highlight
Compared 3% of the time
More CAST Highlight Competitors
SonarQube vs Veracode Logo
SonarQube vs Veracode
Compared 26% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 13% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 7% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 6% of the time
Fortify Static Code Analyzer vs Veracode Logo
Fortify Static Code Analyzer vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
CAST Highlight
July 2024
CAST Highlight reportDownload CAST Highlight product report
Buyer's Guide
Veracode
June 2024
Veracode reportDownload Veracode product report
 

Also Known As

No data available
Crashtest Security , Veracode Detect
 

Learn More

CAST
Veracode
 

Overview

CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It automatically analyzes source code of hundreds of applications in a week for Cloud Readiness, Software Composition Analysis (Open Source risks), Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.

CAST is the software intelligence category leader. CAST technology can see inside custom applications with MRI-like precision, automatically generating intelligence about their inner workings - composition, architecture, transaction flows, cloud readiness, structural flaws, legal and security risks. It’s becoming essential for faster modernization for cloud, raising the speed and efficiency of Software Engineering, better open source risk control, and accurate technical due diligence. CAST operates globally with offices in North America, Europe, India, China. Visit www.castsoftware.com.

Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

 

Sample Customers

Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
CAST Highlight vs. Veracode
July 2024
Free Report: CAST Highlight vs. Veracode
Find out what your peers are saying about CAST Highlight vs. Veracode and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our CAST Highlight vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.