We performed a comparison between Checkmarx Software Composition Analysis and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The tool's visual scan analysis shows me all the libraries' vulnerabilities and license types. It helps identify the most complex issues with licenses. It provides good visibility. SCA shows me all libraries that are vulnerable and the extent of their vulnerability."
"Checkmarx unifies all the features in its service."
"What's most valuable in Checkmarx Software Composition Analysis is that it provides security from the start. In the traditional approach, an enterprise or company validates the solution before launching to a production environment, but in the modern approach, security must be checked and provided from the beginning and from the design, and this is where Checkmarx Software Composition Analysis comes in. The solution helps you make sure that every open-source application that you use is secure, and that there's no vulnerability inside that open-source application."
"The integration part is easy...It's a stable solution right now."
"The product is stable and scalable."
"The most valuable feature of Checkmarx Software Composition Analysis is the comprehensive security scan."
"The customer service and support were good."
"One of the strong points of this solution is that it allows you to incorporate it into a CICB pipeline. It has the ability to do incremental scans. If you scan a very large application, it might take two hours to do the initial scan. The subsequent scans, as people are making changes to the app, scan the Delta and are very fast. That's a really nice implementation. The way they have incorporated the functionality of the incremental scans is something to be aware of. It is quite good. It has been very solid. We haven't really had any issues, and it does what it advertises to do very nicely."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"The article scanning is excellent."
"Because it is a SaaS offering, I do not have to support the infrastructure."
"The coverage of the last vulnerabilities reported."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are helpful to the developers to help them track and manage their flaws."
"Veracode does not require any maintenance."
"Veracode is easy to use even if you're not a security professional. I like the dynamic analysis feature, which offers a lot of cost savings when used in production."
"Some of the recommendations provided by the product are generic. Even if the recommendations provided by the product are of low level, the appropriate ones can help users deal with vulnerabilities."
"Checkmarx Software Composition Analysis should improve dynamic analysis."
"API security is an area with shortcomings that needs improvement."
"The quality of technical support has decreased over time, and it is not as good as it used to be."
"Parts of the implementation process could improve by making it more user-friendly."
"Its pricing can be improved. It is a little bit high priced. It would be better if it was a little less expensive. It is a good tool, and we're still figuring out how to fully leverage it. There are some questions regarding whether it can scan the MuleSoft code. We don't know if this is a gap in the tool or something else. This is one thing that we're just working through right now, and I am not ready to conclude that there is a weakness there. MuleSoft is kind of its own beast, and we're trying to see how we get it to work with Checkmarx."
"I would rate the scalability a seven out of ten."
"Instant updates for end users to identify vulnerabilities as soon as possible will make Checkmarx Software Composition Analysis better. The UI of the solution could also be improved."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"Straightforward to set up, but the configuration of the rules engine is difficult and complicated."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"When Veracode updates the pool of tests and security checks, it could be a little more transparent about what it is releasing. It's not clear what it's adding. They do thousands of checks, and when they add more, there aren't many details about what the new tests are doing."
"When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
"From what we have seen of Veracode's SCA offering, it is just average."
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
More Checkmarx Software Composition Analysis Pricing and Cost Advice →
Checkmarx Software Composition Analysis is ranked 8th in Software Composition Analysis (SCA) with 12 reviews while Veracode is ranked 3rd in Software Composition Analysis (SCA) with 194 reviews. Checkmarx Software Composition Analysis is rated 9.2, while Veracode is rated 8.2. The top reviewer of Checkmarx Software Composition Analysis writes "Comprehensive security scan, helpful support, and high availability". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Checkmarx Software Composition Analysis is most compared with Black Duck, JFrog Xray, Semgrep Supply Chain, Fortify Static Code Analyzer and FOSSA, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Checkmarx Software Composition Analysis vs. Veracode report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
