PyCharm vs Veracode comparison

Read 201 Veracode reviews

4,205 Views
568 Comparison Views

90% willing to recommend

PyCharm

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 19, 2024

Veracode and PyCharm operate within the software development space. Veracode appears to have an advantage in terms of comprehensive security features, while PyCharm stands out for developer productivity features.

Features: Veracode includes static and dynamic analysis tools, API integration for seamless automation, and supports various programming languages and platforms. It is especially adept at identifying vulnerabilities and aligning with DevOps workflows. PyCharm excels as an IDE offering intelligent coding features like robust code completion, testing, and debugging facilities primarily for Python. It integrates well with version control systems and supports a multitude of plugins enhancing the development experience.

Room for Improvement: Veracode struggles with false positives and has a complex pricing model. It faces integration challenges with APIs and lacks flexibility and scanning speed for newer programming languages. PyCharm is known for its high resource usage, necessitating better support for numerous programming languages and additional integrations, such as data science notebooks.

Ease of Deployment and Customer Service: Veracode functions across multiple cloud environments and offers expert-level technical support, though response times can be slow. PyCharm typically operates on-premises or in public cloud settings and is known for an easy installation process, with generally agreeable support, albeit less so for resource-heavy scenarios.

Pricing and ROI: Veracode is perceived as expensive, offering value through enhanced security and compliance, with a quantifiable ROI attributed to decreased vulnerability instances. PyCharm provides a free Community edition and a paid Professional edition, which is deemed fairly priced given its feature set, potentially lowering costs through efficient coding and debugging support.

To learn more, read our detailed PyCharm vs. Veracode Report (Updated: June 2025).

PyCharm vs. Veracode

Download the complete report

Helped 859,957 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

PyCharm

Ranking in Static Code Analysis

8th

Average Rating

8.8

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Veracode

Ranking in Static Code Analysis

1st

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

201

Ranking in other categories

Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Application Security Posture Management (ASPM) (2nd)

Mindshare comparison

As of July 2025, in the Static Code Analysis category, the mindshare of PyCharm is 0.4%, up from 0.3% compared to the previous year. The mindshare of Veracode is 25.6%, down from 30.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Code Analysis

Featured Reviews

Shravan Revanna

Vice President at E-Cell Ramaiah

Gives access to documentation references when hovered over the code

We have integrated the tool with GitHub. PyCharm provides easy integration with GitHub, allowing us to push changes directly. Many plugins are available on PyCharm for GitHub integration, including GitHub Copilot for auto code completion and GitHub Copilot Chat for assistance with code-related queries. The solution has significantly improved my coding efficiency with its feature that shows documentation when I hover over code. This feature, which was recently introduced, is especially useful when using an inbuilt function from a Python package because it gives me immediate access to documentation and references, helping me understand how to use the function properly.

Read full review

Sajal Sharma

Test Analyst - Security at Net solutions India Pvt.

Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards

It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution has a great debugging feature."

"We have integrated the tool with GitHub. PyCharm provides easy integration with GitHub, allowing us to push changes directly. Many plugins are available on PyCharm for GitHub integration, including GitHub Copilot for auto code completion and GitHub Copilot Chat for assistance with code-related queries."

"The automated package installation is helpful. I like the code highlighting features. A huge library of plugins is available, including AI coding tools, though I don't use those myself. The debugging tools are good, showing errors and problem lines."

"The solution has a nice environment and extensions that make it easy to develop software."

"PyCharm is saving me time and money in general."

"The integrated code structure makes coding more organized and manageable compared to using Python alone."

"The best feature of PyCharm is that it gives you hints whenever it detects any issues while you are coding. This is important because it helps us code faster and without any errors."

"The recent AI-powered code completion is pretty cool."

More PyCharm pros

"We use Veracode static analysis during development to eliminate vulnerability issues"

"It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."

"In my experience, Veracode is one of the most powerful tools available in the market from a security perspective. It is a market leader in source code analysis."

"Allows us to track the remediation and handling of identified vulnerabilities."

"Using an automated tool brings cost reduction and more security."

"Veracode is a very good tool, especially from a compliance standpoint."

"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."

"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."

More Veracode pros

Cons

"The solution is heavy because running it on laptops consumes a lot of memory and power. Typically, a laptop battery might last about eight to nine hours, but with the tool running, it reduces to two hours or one and a half hours at most. It is designed to handle large projects and heavy tasks, making it resource-intensive. For smaller projects, use IDEs like Visual Studio Code."

"Notebooks in PyCharm is not as intuitive as it could be."

"Customizing the tool can make it complicated."

"There should be support for the RUST plugin in the Community edition for debugging."

"They should improve the product's interactiveness."

"The solution does not support some features of OpenCV even though it is part of a PyCharm package."

"One issue with JetBrains tools, including PyCharm, is their heavy resource usage. They can be slow to start, especially when beginning a new project, as it takes some time to index."

"The user interface and overall user experience could be more intuitive to make it easier for users to navigate and utilize the software effectively."

More PyCharm cons

"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."

"Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them."

"Improvements can be made to Veracode, particularly in terms of process. If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly."

"Veracode isn't important to the organization's shift-left security strategy itself. It's a tool."

"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."

"We use Ruby on Rails and we still don't have any support for that from Veracode."

"From what we have seen of Veracode's SCA offering, it is just average."

"A nice addition would be if it could be extended for scenarios with custom cleansers."

More Veracode cons

Pricing and Cost Advice

"They have a free Community edition, and they also have a licensed version. They definitely have an annual license. They probably also have a monthly license. Its pricing is good and reasonable. It is a little bit more expensive than the others, but it is well worth it. I would rate it a four out of five in terms of pricing."

"I use the free community version, so I'm saving money there."

"The community edition is free, which is good."

"I don't have much info on the pricing, but I would say it is somewhat competitive."

"The price is reasonable."

"The community edition is free and the professional edition has a licensing fee."

"Veracode's price is high. I would like them to better optimize their pricing."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. The cost of the license is small in comparison to the value it brings"

"It's worth the value"

"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."

"Pricing/licensing is complicated."

"The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."

"I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.

See recommendations

859,957 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

No data available

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PyCharm?

The integrated code structure makes coding more organized and manageable compared to using Python alone.

What needs improvement with PyCharm?

One issue with JetBrains tools, including PyCharm, is their heavy resource usage. They can be slow to start, especially when beginning a new project, as it takes some time to index.

What is your primary use case for PyCharm?

I have used PyCharm ( /products/pycharm-reviews ) to write quantitative libraries, data manipulation tools, Django back-end applications, and microservices.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

SonarQube Server (formerly SonarQube) vs Veracode

Comparisons

No data available

Compared 18% of the time

Checkmarx One vs Veracode

Compared 10% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 4% of the time

Snyk vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Static Code Analysis

Download PyCharm product report

Download Veracode product report

Also Known As

No data available

Crashtest Security , Veracode Detect

Overview

Be More Productive
Save time while PyCharm takes care of the routine. Focus on the bigger things and embrace the keyboard-centric approach to get the most of PyCharm's many productivity features.

JetBrains

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Information Not Available

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

PyCharm vs. Veracode