Try our new research platform with insights from 80,000+ expert users

Harness vs Veracode comparison

Harness and Veracode are both solutions in the Static Application Security Testing (SAST) category. Harness is ranked #18 with an average rating of 8.0, while Veracode is ranked #2 with an average rating of 8.0. Harness holds a 0.4% mindshare in SAST, compared to Veracode’s 6.9% mindshare. Additionally, 100% of Harness users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
Harness
Read 5 Harness reviews
  • 2,388 Views
  • 334 Comparison Views
100% willing to recommend
Veracode
Read 204 Veracode reviews
  • 19,095 Views
  • 12,985 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Harness and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Harness vs. Veracode Report (Updated: September 2025).
Buyer's Guide
Harness vs. Veracode
September 2025
Download the complete report
Helped 869,566 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Harness
Ranking in Static Application Security Testing (SAST)
18th
Average Rating
8.0
Reviews Sentiment
7.8
Number of Reviews
5
Ranking in other categories
Build Automation (7th), Cloud Cost Management (8th)
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of October 2025, in the Static Application Security Testing (SAST) category, the mindshare of Harness is 0.4%, up from 0.1% compared to the previous year. The mindshare of Veracode is 6.9%, down from 10.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Veracode6.9%
Harness0.4%
Other92.7%
Static Application Security Testing (SAST)
 

Featured Reviews

Linwei Yuan - PeerSpot reviewer
Streamline microservices deployment with integrated execution pipelines and comprehensive monitoring
Harness integrates all functions like execution pipelines, environment checks, and log monitoring in one place. It is very convenient since we have many microservices, so having one platform for all of them is beneficial. The dashboard allows me to monitor all core services' deployment status in one place, making it easier to find bugs and check logs.
Read full review
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Everything in Harness is configured and runs smoothly."
"Harness integrates all functions like execution pipelines, environment checks, and log monitoring in one place, making it convenient."
"It's a highly customizable DevOps tool."
"Harness integrates all functions like execution pipelines, environment checks, and log monitoring in one place."
"Harness starts integrating with organizations, making everything automated without the need for manual interruption."
"The features of Harness are valuable, supporting rolling deployments, basic deployments, and blue-green deployments with zero downtime."
"Scanning of .war and .jar is key for us."
"Veracode offers various security features."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"It does software composition analysis, discovering open source software weaknesses."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."
"The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place."
More Veracode pros
 

Cons

"When integrating Harness with more than twenty applications in one place, it becomes less stable, causing improvements to be necessary."
"Harness setup and configurations could be made easier to configure, which would be helpful."
"I prefer the previous less compact UI version of Harness, which showed more details on the screen."
"There's also room for improvement in debugging pipeline issues, which can sometimes become complex."
"Even with automation, there's a requirement for manual change requests for approvals."
"When deploying multiple components to multiple environments, like production and BCP, failures sometimes occur. Improvements are needed when deploying one component to one environment."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of stuff; more hand-holding in the sense of understanding our environment."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
"The training lab is not very user-friendly and takes a long time to set up."
"All areas of the solution could use some improvement."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"Maybe the boards could be made easier to understand or easier to customize."
More Veracode cons
 

Pricing and Cost Advice

Information not available
"Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money."
"If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price."
"It's worth the value"
"Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
"If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
"Veracode is a very expensive product."
"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
"Aside from the standard licensing fees, we also have to pay for a competent Success Manager."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
869,566 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
30%
Computer Software Company
11%
Manufacturing Company
7%
Government
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What do you like most about Harness?
It's a highly customizable DevOps tool.
See all answers
What needs improvement with Harness?
Harness setup and configurations could be made easier to configure, which would be helpful.
See all answers
What is your primary use case for Harness?
In Harness, we are basically using Canary type deployments. We have applications, web applications, and web servers. Whenever we get the WAR file with 50 servers in a load balancer, Harness will de...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
When considering pricing, Veracode stands out due to its lower cost per service and more scalable options. It offers nearly five security testing features within its own service, making it a compet...
See all answers
 

Comparisons

GitHub Actions vs Harness Logo
GitHub Actions vs Harness
Compared 19% of the time
Jenkins vs Harness Logo
Jenkins vs Harness
Compared 15% of the time
TeamCity vs Harness Logo
TeamCity vs Harness
Compared 10% of the time
GitLab vs Harness Logo
GitLab vs Harness
Compared 9% of the time
Tekton vs Harness Logo
Tekton vs Harness
Compared 9% of the time
More Harness Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 15% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 9% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 4% of the time
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Build Automation
September 2025
Harness reportDownload Harness product report
Buyer's Guide
Veracode
September 2025
Veracode reportDownload Veracode product report
 

Also Known As

Armory
Crashtest Security , Veracode Detect
 

Overview

Harness offers a comprehensive toolset for automating deployment processes and enhancing software update efficiency. It's lauded for its CI/CD capabilities, feature flagging, and real-time deployment monitoring. Key features include an intuitive UI, secret management, and robust rollback functionalities, all contributing to improved productivity and reduced errors in DevOps environments.

Harness

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Linedata, Openbank, Home Depot, Advanced
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Harness vs. Veracode
September 2025
Free Report: Harness vs. Veracode
Find out what your peers are saying about Harness vs. Veracode and other solutions. Updated: September 2025.
DOWNLOAD NOW
869,566 professionals have used our research since 2012.
See our Harness vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.