No more typing reviews! Try our Samantha, our new voice AI agent.

Nucleus Security vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 23, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Nucleus Security
Ranking in Application Security Tools
28th
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
2
Ranking in other categories
Vulnerability Management (40th), Risk-Based Vulnerability Management (14th), Continuous Threat Exposure Management (CTEM) (13th)
Veracode
Ranking in Application Security Tools
3rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Nucleus Security is 0.7%, up from 0.4% compared to the previous year. The mindshare of Veracode is 4.3%, down from 9.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Veracode4.3%
Nucleus Security0.7%
Other95.0%
Application Security Tools
 

Featured Reviews

VK
manager at a computer software company with 201-500 employees
Unified vulnerability workflows have transformed how our teams prioritize and resolve critical risks
While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep. When first setting up complex, multi-layered automation rules and asset groupings, the interface can feel a little overwhelming. Having more intuitive step-by-step visualized wizards or guided templates for building complex triage workflows would make the onboarding process much smoother for new team members. Dashboard customization and reporting would definitely be on my wish list. While the default dashboards are great for a general overview, it can take a bit of manual tweaking when building highly tailored workspace views for different engineering groups. Having a more flexible drag-and-drop widget system where individual teams can prioritize exactly what metrics they see first on their layout would be a huge quality of life update. On the reporting side, the data it generates is solid, but I would like to see more granular control over formatting within the platform itself. Sometimes leadership wants data tailored in very specific ways, and currently, we occasionally have to export the data and clean it up externally to meet those exact visual preferences.
reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Nucleus Security has fundamentally changed how we manage our vulnerability lifecycle and made our entire incident response process much more proactive, organized, and reliable."
"The best features that Nucleus Security offers in my experience are the unified integrations with all of the different vulnerability management platforms."
"With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers."
"Veracode helped with policy compliance."
"This is a great tool for learning about potential vulnerabilities in code."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"All the top vulnerabilities are detected, which makes sure all our applications are up-to-date on market threats, and it gives a good workaround process for the developers to secure their code and ensure all our applications are secure."
"The product provides guidance to develop secure software."
 

Cons

"While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep."
"Nucleus Security needs a better view into exposure management, as exposure management and attack path management are missing."
"Reporting. Some of the reporting features of Veracode do need improvement."
"My advice for anybody who is interested in implementing this solution is to ensure that your technology is actually supported because the coverage is quite patchy."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources."
"I don't have the on-platform flexibility to sort and filter inspection data, and that's not good."
"The UI is not user-friendly and can be improved."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"The only issue that we have is uploading the code, the process of actually uploading and getting our results back; all of that is a little cumbersome."
 

Pricing and Cost Advice

Information not available
"The pricing is pretty high."
"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."
"Pricing/licensing is complicated."
"No issues, the pricing seems reasonable."
"They have just streamlined the licensing and they have a number of flexible options available, so overall it is quite good, albeit pricey."
"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"Veracode's pricing is on the higher end, but it is acceptable."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
13%
Construction Company
8%
Manufacturing Company
7%
Financial Services Firm
15%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What is your experience regarding pricing and costs for Nucleus Security?
I have a good experience with that, so we don't have much problem dealing with pricing, setup, and licensing.
What needs improvement with Nucleus Security?
Nucleus Security needs a better view into exposure management, as exposure management and attack path management are missing. It also needs better and easier self-service integrations, as the integ...
What is your primary use case for Nucleus Security?
My main use case for Nucleus Security is unifying the vulnerability management landscape, providing a single source of truth for vulnerabilities.
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
 

Comparisons

 

Also Known As

No data available
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Information Not Available
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
903,933 professionals have used our research since 2012.