NowSecure vs Veracode comparison

Read 208 Veracode reviews

18,744 Views
12,184 Comparison Views

89% willing to recommend

NowSecure

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: January 2026).

Static Application Security Testing (SAST)

Download the complete report

Helped 881,176 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NowSecure

Ranking in Static Application Security Testing (SAST)

35th

Average Rating

7.0

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Mobile App Testing Tools (20th)

Veracode

Ranking in Static Application Security Testing (SAST)

2nd

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

208

Ranking in other categories

Application Security Tools (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of January 2026, in the Static Application Security Testing (SAST) category, the mindshare of NowSecure is 0.5%, up from 0.2% compared to the previous year. The mindshare of Veracode is 5.3%, down from 10.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
Veracode	5.3%
NowSecure	0.5%
Other	94.2%

Static Application Security Testing (SAST)

Featured Reviews

AnirudhNair

Quality Assurance and Analyst Intern at a university with 201-500 employees

Scalable and reliable, but dynamic analysis needs improvement

I would advise others when testing using NowSecure to do secondary tests with other tools. For example, set it up in the local environment and recheck what the results of the reports are. Since the dynamic results are less accurate, I would suggest using static analysis. I rate NowSecure a seven out of ten.

Read full review

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

Onboarding developers successfully while improving code security through IDE integration

Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."

"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."

"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."

"Ad-hoc scanning during the development cycle and reports for audits are valuable features."

"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."

"It gives feedback to developers on the effectiveness of their secure coding practices."

"The recommendations and frequent updates are the most valuable features of Veracode."

"It has an easy-to-use interface."

"Because it is a SaaS offering, I do not have to support the infrastructure."

More Veracode pros

Cons

"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"

"It will be beneficial for developers if Veracode Greenlight includes Python."

"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."

"The one thing I'd like to be able to do is schedule dynamic scans. Today we're kicking those off manually, but I believe that it's something have on their roadmap."

"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."

"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."

"It would help to have more training for developers to help them set it up."

"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."

"The scanning process could be more streamlined as it has certain limitations when performing manual scans. It has some checks when the content is in ZIP format or other formats, which takes two or three more steps than Fortify does."

More Veracode cons

Pricing and Cost Advice

Information not available

"No issues, the pricing seems reasonable."

"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."

"I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms."

"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."

"The pricing depends on the functionality each client desires."

"I have not examined Veracode's pricing in detail, but from an industry perspective, I see that there is a tendency toward Veracode, which suggests competitive pricing."

"The cost of Veracode is high."

"Its cost for what we needed it for was too high. It wasn't too high for other companies and it was competitively priced, but for us, it just didn't fit. We did plan to use it and increase the usage. In the end, it may have been abandoned because of the cost, but I'm not a hundred percent sure. So, even though we had planned on using it more and more, because of the cost and the business conditions of things, we didn't have the opportunity to really use it more."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

881,176 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Retailer

13%

Manufacturing Company

11%

Insurance Company

Financial Services Firm

17%

Computer Software Company

13%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	44
Large Enterprise	115

Questions from the Community

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

What do you like most about Veracode Static Analysis?

I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.

See all answers

What is your experience regarding pricing and costs for Veracode Static Analysis?

My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.

See all answers

Comparisons

Data Theorem API Secure vs NowSecure

Compared 22% of the time

CodeScan Static Code Analysis vs NowSecure

Compared 19% of the time

OpenText Core Application Security vs NowSecure

Compared 11% of the time

Checkmarx One vs NowSecure

Compared 11% of the time

GitLab vs NowSecure

Compared 11% of the time

More NowSecure Competitors

SonarQube vs Veracode

Compared 12% of the time

Checkmarx One vs Veracode

Compared 8% of the time

GitHub Advanced Security vs Veracode

Compared 5% of the time

Coverity Static vs Veracode

Compared 4% of the time

OWASP Zap vs Veracode

Compared 3% of the time

More Veracode Competitors

Product Reports

Mobile App Testing Tools

Download NowSecure product report

Download Veracode product report

Also Known As

No data available

Crashtest Security , Veracode Detect

Overview

NowSecure experts have conducted advanced pen testing for some of the world's most demanding organizations - including banks, insurance companies, government agencies, healthcare organizations, retail conglomerates, high-tech businesses, and more. Mobile apps are prone to sensitive data leakages and attacks, yet a manual test for just one app can take several weeks. To enable faster, more frequent testing, we built a test engine that successfully automates repeatable and time-consuming mobile appsec testing, remediation and reporting tasks. The result - the foundation of the NowSecure platform, which significantly reduces testing time and costs without compromising full depth of security coverage.

NowSecure

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Vaporstream, FIS, MEA Financial, Silent Circle, Capital One, Citi, EY, EMC, Emerson, Kaiser Permanente, The Home Depot, Humana, Shell, Kellogg's, TD Bank, VMware

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Static Application Security Testing (SAST)