We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The security and the dashboard are the most valuable features."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The solution is easy to use."
"The most valuable feature of the solution is Postman."
"The reporting part is the most valuable feature."
"AppScan is stable."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it."
"The CI/CD integration is the most valuable feature of Veracode."
"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."
"The product has some technical limitations."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"They should have a better UI for dashboards."
"The penetration testing feature should be included."
"AppScan is too complicated and should be made more user-friendly."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The databases for HCL are small and have room for improvement."
"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."
"The UI is not user-friendly and can be improved."
"Veracode does not support scans for .NET Blazor server applications."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
HCL AppScan is ranked 16th in Application Security Tools with 13 reviews while Veracode is ranked 2nd in Application Security Tools with 70 reviews. HCL AppScan is rated 6.8, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes "Improves application security, identifies gaps, and performs well". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". HCL AppScan is most compared with SonarQube, Checkmarx, Fortify WebInspect, OWASP Zap and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx, Fortify on Demand, OWASP Zap and Coverity. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
