Try our new research platform with insights from 80,000+ expert users

Rapid7 AppSpider vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
32nd
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Rapid7 AppSpider is 0.5%, up from 0.4% compared to the previous year. The mindshare of Veracode is 7.1%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Veracode7.1%
Rapid7 AppSpider0.5%
Other92.4%
Static Application Security Testing (SAST)
 

Featured Reviews

Rizwan-Alam - PeerSpot reviewer
Easy automated web app scanning, but gives many false positives and isn't always stable
One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions. This is the main aspect that I hope to see Rapid7 improve on. Beyond reducing false positives, I would also like to see them implement better reporting features, particularly in the executive summary type of reports which need to be user-friendly and easily understood by non-technical people. The recommendations and solutions on these reports could always be improved to make them more relevant, too. Lastly, the stability isn't that great, and sometimes it becomes non-responsive. I feel like the stability of the application is very average and currently needs more work.
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"The most valuable feature is the reporting, which is compliant with international standards."
"The setup is usually straightforward."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"It is really accurate and the rate of false positives is very low."
"The most valuable feature of Veracode Static Analysis is the scanning."
"Veracode provides visibility into application status at every phase of development through static analysis."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"The coverage of the last vulnerabilities reported."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"The static analysis gives you deep insights into problems."
 

Cons

"This price of this solution is a little bit expensive."
"The tech support is responsive but issues remain unresolved."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users."
"Support response times are slow and can be improved."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The enterprise interface is too simple. It should be more customizable."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"There should be more APIs, especially in SCA, to get some results or automate some things."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"It would help to have more training for developers to help them set it up."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
"If you schedule two parallel scans under the same project, one of them will be a failure."
"The runtime code analysis could be improved so that we can see every element in one place."
 

Pricing and Cost Advice

"AppSpider is closed-source software and you need to acquire a license in order to use it."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The licensing cost depends on the number of users."
"The price is pretty fair."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"Aside from the standard licensing fees, we also have to pay for a competent Success Manager."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"Veracode's price is reasonable."
"The pricing depends on the functionality each client desires."
"The price of Veracode Static Analysis is on the higher side."
"We pay based on the number of developers working on a particular project."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
867,341 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
12%
Manufacturing Company
8%
Healthcare Company
7%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Also Known As

AppSpider
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Microsoft
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about Rapid7 AppSpider vs. Veracode and other solutions. Updated: September 2025.
867,341 professionals have used our research since 2012.