Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Veracode comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
12th
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
42
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
Veracode
Ranking in Application Security Tools
2nd
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.2
Number of Reviews
198
Ranking in other categories
Container Security (3rd), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of September 2024, in the Application Security Tools category, the mindshare of HCL AppScan is 2.7%, down from 2.8% compared to the previous year. The mindshare of Veracode is 10.6%, down from 11.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Jul 3, 2024
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
GG
Jan 19, 2017
The coverage it provides of the last vulnerabilities reported and of the programming languages is valuable.
* To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources. Compiled code means that the code written is stored in binaries for machine reading only. Veracode reads only those binaries (compiled code). The other way to have the code is “Source Code written only”, a process where you don’t compile and anyone is able to read line by line the code. This example might seem weird, but maybe will clear things out: Binary Code (Supported by Veracode): 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 11110 010 1111000101000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 010 11110001011000 0111 0001 01 110 00010 0101 Source Code: public class HelloWorld { public static void main(String[] args) { // Prints "Hello, World" to the terminal window. System.out.println("Hello, World"); } }

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The UI was very intuitive."
"The solution offers services in a few specific development languages."
"The most valuable feature of the solution is Postman."
"Compared to other tools only AppScan supports special language."
"The solution is easy to use."
"This solution saves us time due to the low number of false positives detected."
"The most valuable feature of HCL AppScan is scanning QR codes."
"It was easy to set up."
"Our development team use this solution for static code analysis and pen testing."
"Static analysis scanning engine is a key feature."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."
"The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy."
"Veracode is a valuable tool in our secure SDLC process."
 

Cons

"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"There is not a central management for static and dynamic."
"There is room for improvement in the pricing model."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"On-premise implementation is not available."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"Sometimes, the scans halt or drop for some reason, and we need to get help from Veracode to fix it."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Veracode needs to improve its integration with other tools."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects."
 

Pricing and Cost Advice

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The price is very expensive."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"The product has premium pricing and could be more competitive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The solution is cheap."
"From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
"As compared to others, it is a costly solution. It is overpriced, and many organizations with a limited budget cannot afford it. That is why they are going for other tools, but those tools are not that effective. Veracode is better in terms of quality. If you want good service, you have to pay for it."
"The pricing is really fair compared to a lot of other tools on the market."
"They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"If you're licensing, and you're looking at licensing models, you might want to ask Veracode about their microservice, depending on the company. If you are a microservice architecture, I would suggest asking them about their microservice pricing. I would suggest that you evaluate that with your code and their other licensing model, which is like a lump sum in size of artifacts, and just make sure that you price that out with them, because there might be some tradeoffs that can be made in price."
"To my knowledge, licensing for Veracode Static Analysis is paid yearly by my company."
"It's very expensive, especially when you are a very small organization. If you're using Veracode at an individual level, for example, you're a developer or you run agents, the pricing might not affect you, but if you're using it at a company level to troubleshoot security issues, the pricing is not quite favorable. It may affect ROI."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
801,314 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
15%
Manufacturing Company
10%
Government
10%
Financial Services Firm
18%
Computer Software Company
16%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
What is your primary use case for HCL AppScan?
We use AppScan primarily for security testing and performance monitoring across our systems.
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: September 2024.
801,314 professionals have used our research since 2012.