Veracode and Fortify Static Code Analyzer are competitors in the static code analysis market. Veracode appears to have an edge due to its cloud-based nature and dynamic application security testing capabilities.
Features: Veracode offers robust API integrations, effective false positive management, and developer-centric features. It's appreciated for its ease of integration into DevOps and training resources. Fortify provides extensive language support, powerful vulnerability detection, and remediation guidance. However, Veracode's cloud-based nature provides a modern alternative.
Room for Improvement: Users of both solutions request a reduction in false positives. Veracode faces criticism for its complex pricing model and occasional language support limitations. Fortify is criticized for high resource consumption and a steep learning curve.
Ease of Deployment and Customer Service: Veracode is flexible with its cloud-based deployment, allowing quick scalability, and offers commendable technical support. Fortify, mainly on-premises, supports controlled environments with room for customer service improvement.
Pricing and ROI: Veracode’s pricing is higher, challenging for small businesses, but valued for reducing long-term security costs. Fortify’s competitive pricing appeals to larger enterprises. Both solutions offer ROI through vulnerability management and compliance facilitation.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
The responsiveness and quality of documentation from Veracode are notable compared to other tools we are currently using.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
Fortify Static Code Analyzer integrates well and is scalable.
It has a good capacity to scale effectively.
Cloud solutions are easier to scale than on-premise solutions.
The stability of Fortify Static Code Analyzer is generally good.
If the Veracode server is down, we experience many issues during the scan.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
Veracode can improve the licensing model as it is a bit confusing.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
If there are any security flaws or vulnerabilities identified, they are able to provide sufficient justification or details about the security flaws.
Fortify Static Code Analyzer (SCA) utilizes numerous algorithms in addition to a dynamic intelligence base of secure coding protocols to investigate an application’s source code for any potential risk of malicious or dangerous threats. Additionally, the solution will prioritize the most critical concerns and give direction on how users can repair those concerns. This solution researches each and every potential route that workflow and data can travel to discover and repair all possible vulnerabilities. Fortify SCA allows users to create safe and secure software quickly. Users are able to discover potential security gaps more quickly with precise outcomes and repair them immediately.
Fortify Static Code Analyzer Benefits
Fortify Static Code Analyzer Features
Results from Real Users
“Fortify Static Code Analyzer tells us if there are any security leaks or not. If there are, then it's notifying us and does not allow us to pass the DevOps pipeline. If it finds everything's perfect, as per our given guidelines, then it is allowing us to go ahead and start it, and we are able to deploy it.” - Arun D., Senior Architect at a healthcare company.
“Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between.” - Tom H., Director of Security at Merito
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.