HCL AppScan vs Veracode comparison

You must select at least 2 products to compare!
HCL Logo
6,622 views|5,273 comparisons
Veracode Logo
28,835 views|19,575 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. Veracode Report (Updated: September 2023).
735,432 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The security and the dashboard are the most valuable features.""The product is useful, particularly in its sensitivity and scanning capabilities.""The most valuable feature of HCL AppScan is scanning QR codes.""The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance.""The solution is easy to use.""The most valuable feature of the solution is Postman.""The reporting part is the most valuable feature.""AppScan is stable."

More HCL AppScan Pros →

"The capability to identify vulnerable code is the most valuable feature of Veracode.""It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results.""I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc.""The Veracode technical support is very good. They are responsive and very knowledgeable.""It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it.""The CI/CD integration is the most valuable feature of Veracode.""I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well.""There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."

More Veracode Pros →

"The product has some technical limitations.""The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved.""The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.""They should have a better UI for dashboards.""The penetration testing feature should be included.""AppScan is too complicated and should be made more user-friendly.""The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.""The databases for HCL are small and have room for improvement."

More HCL AppScan Cons →

"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced.""Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings.""We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.""We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process.""The UI is not user-friendly and can be improved.""Veracode does not support scans for .NET Blazor server applications."

More Veracode Cons →

Pricing and Cost Advice
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • More HCL AppScan Pricing and Cost Advice →

  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    735,432 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The reporting part is the most valuable feature.
    Top Answer:The penetration testing feature should be included.
    Top Answer:The solution is used for the vulnerabilities scan on the network side.
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Average Words per Review
    Average Words per Review
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Learn more about HCL AppScan
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    Financial Services Firm11%
    Transportation Company11%
    Manufacturing Company11%
    Computer Software Company20%
    Financial Services Firm12%
    Manufacturing Company7%
    Financial Services Firm27%
    Computer Software Company18%
    Insurance Company9%
    Comms Service Provider5%
    Financial Services Firm18%
    Computer Software Company16%
    Manufacturing Company8%
    Company Size
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise67%
    Small Business18%
    Midsize Enterprise12%
    Large Enterprise71%
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    Buyer's Guide
    HCL AppScan vs. Veracode
    September 2023
    Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: September 2023.
    735,432 professionals have used our research since 2012.

    HCL AppScan is ranked 16th in Application Security Tools with 13 reviews while Veracode is ranked 2nd in Application Security Tools with 70 reviews. HCL AppScan is rated 6.8, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes "Improves application security, identifies gaps, and performs well". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". HCL AppScan is most compared with SonarQube, Checkmarx, Fortify WebInspect, OWASP Zap and Fortify on Demand, whereas Veracode is most compared with SonarQube, Checkmarx, Fortify on Demand, OWASP Zap and Coverity. See our HCL AppScan vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.