We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It was easy to set up."
"There's extensive functionality with custom rules and a custom knowledge base."
"The static scans are good, and the SaaS as well."
"This solution saves us time due to the low number of false positives detected."
"We use it as a security testing application."
"The most valuable feature of the solution is Postman."
"The solution offers services in a few specific development languages."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"Developer Sandboxes help move scanning earlier within the SDLC."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"The pricing has room for improvement."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"The product has some technical limitations."
"There is not a central management for static and dynamic."
"The databases for HCL are small and have room for improvement."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"The pricing for qualified startups such as Neo4j could be improved."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced."
"The technical support service has room for improvement."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Veracode is ranked 2nd in Application Security Tools with 186 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Fortify WebInspect, whereas Veracode is most compared with SonarQube, Checkmarx, Snyk, Fortify on Demand and GitLab. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.