NowSecure vs Veracode comparison

Read 208 Veracode reviews

18,975 Views
11,954 Comparison Views

89% willing to recommend

NowSecure

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about SonarSource Sàrl, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: January 2026).

Static Application Security Testing (SAST)

Download the complete report

Helped 881,565 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NowSecure

Ranking in Static Application Security Testing (SAST)

39th

Average Rating

7.0

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Mobile App Testing Tools (20th)

Veracode

Ranking in Static Application Security Testing (SAST)

2nd

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

208

Ranking in other categories

Application Security Tools (3rd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of February 2026, in the Static Application Security Testing (SAST) category, the mindshare of NowSecure is 0.5%, up from 0.2% compared to the previous year. The mindshare of Veracode is 5.0%, down from 10.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
Veracode	5.0%
NowSecure	0.5%
Other	94.5%

Static Application Security Testing (SAST)

Featured Reviews

AnirudhNair

Quality Assurance and Analyst Intern at a university with 201-500 employees

Scalable and reliable, but dynamic analysis needs improvement

I would advise others when testing using NowSecure to do secondary tests with other tools. For example, set it up in the local environment and recheck what the results of the reports are. Since the dynamic results are less accurate, I would suggest using static analysis. I rate NowSecure a seven out of ten.

Read full review

reviewer2703864

Head of Security Architecture at a healthcare company with 5,001-10,000 employees

Onboarding developers successfully while improving code security through IDE integration

Regarding room for improvement, we have some problems when onboarding new projects because the build process has to be done in a certain way, as Veracode analyzes the binaries and not the code by itself alone. If the process is not configured correctly, it doesn't work. That's one of the things that we are discussing with Veracode. Something positive that we've been able to do is submit formal feature requests to them, and they are working on them; they've already solved some of them. This encourages us to propose new ideas and improvements. Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team. For example, we want them to propose using another library, and that's something we already asked Veracode, and they are working on it. We want to specify when you see this kind of vulnerability, you can only propose these two options.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."

"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."

"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."

"Veracode Fix has affected our time to remediate security flaws in cases where we've been able to use it correctly because the proposals were on point, and it's been great."

"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."

"Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention."

"Ad-hoc scanning during the development cycle and reports for audits are valuable features."

"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."

"Using an automated tool brings cost reduction and more security."

More Veracode pros

Cons

"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"

"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."

"If you schedule two parallel scans under the same project, one of them will be a failure."

"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."

"In some cases we use their APIs; they're not as rich as I would like."

"Sometimes we get a lot of false positives even after configuring our policies, so that could be improved."

"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."

"I noticed there is no integration with Bamboo."

"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."

More Veracode cons

Pricing and Cost Advice

Information not available

"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."

"I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."

"Users in some forums mentioned that pricing for this solution can be quite high."

"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."

"The price of Veracode Static Analysis could improve."

"Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."

"The licensing is fair, it is time-limited (e.g. one year) but there is a size cap for every app. If your applications are big (due third-party libraries, for example) you should discuss this beforehand and explore suitable agreements."

"Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

881,565 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

15%

Retailer

13%

Manufacturing Company

11%

Insurance Company

Financial Services Firm

17%

Computer Software Company

13%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	44
Large Enterprise	115

Questions from the Community

Ask a question

Earn 20 points

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

See all answers

What do you like most about Veracode Static Analysis?

I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.

See all answers

What is your experience regarding pricing and costs for Veracode Static Analysis?

My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.

See all answers

Comparisons

Data Theorem API Secure vs NowSecure

Compared 20% of the time

CodeScan Static Code Analysis vs NowSecure

Compared 17% of the time

OpenText Core Application Security vs NowSecure

Compared 11% of the time

Checkmarx One vs NowSecure

Compared 10% of the time

ImmuniWeb vs NowSecure

Compared 10% of the time

More NowSecure Competitors

SonarQube vs Veracode

Compared 11% of the time

Checkmarx One vs Veracode

Compared 8% of the time

GitHub Advanced Security vs Veracode

Compared 5% of the time

OWASP Zap vs Veracode

Compared 3% of the time

Coverity Static vs Veracode

Compared 3% of the time

More Veracode Competitors

Product Reports

Mobile App Testing Tools

Download NowSecure product report

Download Veracode product report

Also Known As

No data available

Crashtest Security , Veracode Detect

Overview

NowSecure experts have conducted advanced pen testing for some of the world's most demanding organizations - including banks, insurance companies, government agencies, healthcare organizations, retail conglomerates, high-tech businesses, and more. Mobile apps are prone to sensitive data leakages and attacks, yet a manual test for just one app can take several weeks. To enable faster, more frequent testing, we built a test engine that successfully automates repeatable and time-consuming mobile appsec testing, remediation and reporting tasks. The result - the foundation of the NowSecure platform, which significantly reduces testing time and costs without compromising full depth of security coverage.

NowSecure

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Vaporstream, FIS, MEA Financial, Silent Circle, Capital One, Citi, EY, EMC, Emerson, Kaiser Permanente, The Home Depot, Humana, Shell, Kellogg's, TD Bank, VMware

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Static Application Security Testing (SAST)