Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
3.2
HCL AppScan enhances architecture with fewer errors and improved security, achieving 50% return and 20% cost savings.
Sentiment score
6.9
Veracode improved code quality, security, and efficiency, leading to cost savings, faster releases, and enhanced operational benefits for organizations.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
 

Customer Service

Sentiment score
6.8
HCL AppScan's support is responsive with mixed reviews, facing regional challenges and lagging behind competitors like Veracode.
Sentiment score
7.4
Veracode provides effective, prompt support with knowledgeable staff, though response times and coordination occasionally need improvement.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
Access to the engineering team is crucial for faster feedback on the product fix process.
They are very responsive and quick to help with queries within our scope.
They respond very quickly since security is something critical.
 

Scalability Issues

Sentiment score
5.4
HCL AppScan is scalable yet varies by license, integration issues, infrastructure compatibility, and CI/CD pipeline design effectiveness.
Sentiment score
7.5
Veracode is scalable and effective for large user volumes, though some note potential scaling costs and manageable packaging challenges.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
 

Stability Issues

Sentiment score
5.0
HCL AppScan is stable and reliable, with minor hardware issues, improved by recent upgrades enhancing performance and stability.
Sentiment score
8.0
Users find Veracode stable and reliable, with occasional well-communicated maintenance and improved stability, despite some glitches and false positives.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
 

Room For Improvement

HCL AppScan requires improvements in vulnerability detection, usability, integration, performance, support, pricing, and language/codebase compatibility to stay competitive.
Veracode faces criticism for false positives, outdated UI, slow scans, high costs, and poor support for new technologies.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
 

Setup Cost

HCL AppScan is considered expensive but cost-effective, with varied pricing opinions influenced by its premium features and discounts.
Veracode's high pricing suits large enterprises but is challenging for smaller businesses, with negotiable terms for optimal value.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
 

Valuable Features

HCL AppScan detects vulnerabilities, integrates with agile processes, offers scalability, user-friendly features, and AI-enhanced rapid scanning for security.
Veracode integrates with CI/CD pipelines, offering fast scans, low false positives, and tools for efficient vulnerability management and compliance.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
15th
Ranking in Static Application Security Testing (SAST)
15th
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Dynamic Application Security Testing (DAST) (1st)
Veracode
Ranking in Application Security Tools
2nd
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
201
Ranking in other categories
Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of HCL AppScan is 2.7%, up from 2.7% compared to the previous year. The mindshare of Veracode is 9.2%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
David-Robertson - PeerSpot reviewer
Static scanning and software composition analysis are very helpful, but the usability needs improvement
Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
12%
Manufacturing Company
9%
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: June 2025.
856,873 professionals have used our research since 2012.