CAST Highlight vs Veracode comparison

Cancel
You must select at least 2 products to compare!
CAST Logo
444 views|322 comparisons
100% willing to recommend
Veracode Logo
6,588 views|4,444 comparisons
90% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CAST Highlight and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed CAST Highlight vs. Veracode Report (Updated: May 2024).
772,127 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"CAST Highlight is easy to use and has a good dashboard.""The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with.""It offers good performance.""The most valuable features of CAST Highlight are automation and speed.""The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."

More CAST Highlight Pros →

"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer.""Being able to scan our applications and identify all codes and defects is an extremely valuable feature.""Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing.""Veracode is a valuable tool in our secure SDLC process.""Veracode offers various security features.""The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.""The source composition analysis had very good reporting.""I like Veracode's integration with our CI/CD. It automatically scans our code when we do the build. It can also detect any security flaws in our third-party libraries. Veracode is good at pinpointing the sections of code that have vulnerabilities."

More Veracode Pros →

Cons
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves.""Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time.""There's a bit of a learning curve at the outset.""The ease of configuration and customization could be improved in CAST Highlight.""The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."

More CAST Highlight Cons →

"They could improve how they fix vulnerabilities. They could have more support in place to help the developers.""The interface is too complex.""The zip file scanning has room for improvement.""When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us.""We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it.""There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved.""Veracode Static Analysis could improve the terminology. For example, I do not know what the sandbox scan does. The terminology and the way they have used it are quite confusing. They should have a process of capturing problems that users are having on their end.""It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."

More Veracode Cons →

Pricing and Cost Advice
  • "CAST Highlight is an expensive solution. However, CAST Highlight is less expensive than the CAST AIP, but it remains too expensive and the professional services from CAST are also too expensive. The high price is part of the problem with the CAST solutions."
  • "It is a pretty costly tool. A lot of customers are resistant to using it."
  • "Basic support is included with the standard licensing feed but it can be upgraded for an additional cost."
  • "CAST Highlight is an expensive solution."
  • More CAST Highlight Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."
  • More Veracode Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    772,127 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The most valuable features of CAST Highlight are automation and speed.
    Top Answer:CAST Highlight is an expensive solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight or nine out of ten.
    Top Answer:The ease of configuration and customization could be improved in CAST Highlight.
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Ranking
    Views
    444
    Comparisons
    322
    Reviews
    5
    Average Words per Review
    567
    Rating
    7.8
    Views
    6,588
    Comparisons
    4,444
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    SonarQube logo
    Compared 74% of the time.
    Snyk logo
    Compared 5% of the time.
    Checkmarx One logo
    Compared 5% of the time.
    Black Duck logo
    Compared 5% of the time.
    GitLab logo
    Compared 3% of the time.
    SonarQube logo
    Compared 26% of the time.
    Checkmarx One logo
    Compared 14% of the time.
    Fortify on Demand logo
    Compared 7% of the time.
    Snyk logo
    Compared 6% of the time.
    OWASP Zap logo
    Compared 4% of the time.
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    Overview

    CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It automatically analyzes source code of hundreds of applications in a week for Cloud Readiness, Software Composition Analysis (Open Source risks), Resiliency, and Technical Debt. Objective software insights from automated source code analysis combined with built-in qualitative surveys for business context enable more informed decision-making about application portfolios.

    CAST is the software intelligence category leader. CAST technology can see inside custom applications with MRI-like precision, automatically generating intelligence about their inner workings - composition, architecture, transaction flows, cloud readiness, structural flaws, legal and security risks. It’s becoming essential for faster modernization for cloud, raising the speed and efficiency of Software Engineering, better open source risk control, and accurate technical due diligence. CAST operates globally with offices in North America, Europe, India, China. Visit www.castsoftware.com.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Wells Fargo, Bank of NY Mellon, Northern Trust, Microsoft, Amazon, IBM, BMW, AT&T, US Army, US Air Force, US Navy, John Hancock, Marsh & McLennan, Ernst & Young, PwC, Volkswagen, Boston Consulting Group, London Stock Exchange, Telefonica, Saur France, Total Energies France, SNCF
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company16%
    Insurance Company10%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise15%
    Large Enterprise74%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise69%
    Buyer's Guide
    CAST Highlight vs. Veracode
    May 2024
    Find out what your peers are saying about CAST Highlight vs. Veracode and other solutions. Updated: May 2024.
    772,127 professionals have used our research since 2012.

    CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. CAST Highlight is rated 7.8, while Veracode is rated 8.2. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Highlight is most compared with SonarQube, Snyk, Checkmarx One, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our CAST Highlight vs. Veracode report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.