Try our new research platform with insights from 80,000+ expert users

Rapid7 AppSpider vs Veracode comparison

Rapid7 and Veracode are both solutions in the Static Application Security Testing (SAST) category. Rapid7 is ranked #32, while Veracode is ranked #2 with an average rating of 8.0. Rapid7 holds a 0.5% mindshare in SAST, compared to Veracode’s 7.1% mindshare. Additionally, 100% of Rapid7 users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
Rapid7 AppSpider
Read 14 Rapid7 AppSpider reviews
  • 1,416 Views
  • 765 Comparison Views
100% willing to recommend
Veracode
Read 204 Veracode reviews
  • 19,783 Views
  • 13,650 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Veracode and Rapid7 AppSpider are leading competitors in the application security testing category. Rapid7 AppSpider has the upper hand due to extensive features and vulnerabilities coverage, making it a preferred choice for advanced users despite its higher costs.

Features: Veracode is known for its extensive reporting capabilities, seamless integration with development tools, and user-friendly setup. Rapid7 AppSpider is favored for its broad vulnerability coverage, ease of automation, and superior scanning depth.

Room for Improvement: Veracode users suggest enhancements in the dashboard, streamlined onboarding process, and operational efficiency. Rapid7 AppSpider users call for improved speed, reduced false positives, and accuracy of results.

Ease of Deployment and Customer Service: Veracode offers straightforward deployment and attentive customer service, which benefits new users. Rapid7 AppSpider provides a robust, customizable deployment model, offering flexibility for customers seeking advanced solutions.

Pricing and ROI: Veracode offers lower initial setup costs, making it attractive for budget-conscious buyers, with promises of a quick ROI. Rapid7 AppSpider, while more expensive upfront, provides long-term value through extensive features and capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Rapid7 AppSpider vs. Veracode Report (Updated: September 2025).
Buyer's Guide
Rapid7 AppSpider vs. Veracode
September 2025
Download the complete report
Helped 867,445 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 AppSpider
Ranking in Static Application Security Testing (SAST)
32nd
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
Veracode
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Rapid7 AppSpider is 0.5%, up from 0.4% compared to the previous year. The mindshare of Veracode is 7.1%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Veracode7.1%
Rapid7 AppSpider0.5%
Other92.4%
Static Application Security Testing (SAST)
 

Featured Reviews

Rizwan-Alam - PeerSpot reviewer
Easy automated web app scanning, but gives many false positives and isn't always stable
One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions. This is the main aspect that I hope to see Rapid7 improve on. Beyond reducing false positives, I would also like to see them implement better reporting features, particularly in the executive summary type of reports which need to be user-friendly and easily understood by non-technical people. The recommendations and solutions on these reports could always be improved to make them more relevant, too. Lastly, the stability isn't that great, and sometimes it becomes non-responsive. I feel like the stability of the application is very average and currently needs more work.
Read full review
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is highly stable, rated at ten out of ten."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"One of the most valuable features of AppSpider is its broad range of authentication identification, which is a key reason for its utilization."
"It is really accurate and the rate of false positives is very low."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
More Rapid7 AppSpider pros
"Good static analysis and dynamic analysis."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"The most valuable feature is detecting security vulnerabilities in the project."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities."
"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
More Veracode pros
 

Cons

"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Integration could be better."
"AppSpider has some problems with the RAM needed while scanning."
"For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users."
More Rapid7 AppSpider cons
"We have encountered occasional issues with scalability."
"The language version support could be improved."
"The only notable problem we have had is that when new versions of Swift have come out, we have found Veracode tends to be a bit behind in updates to support the new language changes."
"Veracode is a little costly. It's cost-effective for a large enterprise, but it may be too expensive for small businesses."
"The Greenlight product that integrates into the IDE is not available for PHP, which is our primary language."
"Static scanning takes a long time, so you need to patiently wait for the scan to achieve. I also think the software could be more accurate. It isn't 100 percent, so you shouldn't completely rely on Veracode. You need to manually verify its findings."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"Veracode is costly, and there is potential for improvement in its pricing."
More Veracode cons
 

Pricing and Cost Advice

"AppSpider is closed-source software and you need to acquire a license in order to use it."
"The price is pretty fair."
"It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
"The licensing cost depends on the number of users."
"The price of Rapid7 AppSpider cost 9,000 annually but there is limited usage. Large companies are able to negotiate a better price or a better deal for the usage with the vendor."
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."
"It's very expensive, especially when you are a very small organization. If you're using Veracode at an individual level, for example, you're a developer or you run agents, the pricing might not affect you, but if you're using it at a company level to troubleshoot security issues, the pricing is not quite favorable. It may affect ROI."
"I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. The cost of the license is small in comparison to the value it brings"
"It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
"For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization."
"The pricing of the product depends upon the number of codes or the number of applications."
"Costs are reasonable. No special infrastructure is required and the license model is good."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
867,445 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
8%
Healthcare Company
7%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What is your experience regarding pricing and costs for Rapid7 AppSpider?
The price is not high, but for Japanese customers, localization may incur additional costs.
See all answers
What needs improvement with Rapid7 AppSpider?
For Japanese customers, localization is needed. The product should offer a GUI in Japanese and provide Japanese reports for end-users.
See all answers
What is your primary use case for Rapid7 AppSpider?
Our clients use AppSpider to address security concerns for their websites. It is particularly used by customers who require security assessments.
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

Rapid7 InsightAppSec vs Rapid7 AppSpider Logo
Rapid7 InsightAppSec vs Rapid7 AppSpider
Compared 35% of the time
Acunetix vs Rapid7 AppSpider Logo
Acunetix vs Rapid7 AppSpider
Compared 10% of the time
SonarQube Server (formerly SonarQube) vs Rapid7 AppSpider Logo
SonarQube Server (formerly SonarQube) vs Rapid7 AppSpider
Compared 10% of the time
PortSwigger Burp Suite Professional vs Rapid7 AppSpider Logo
PortSwigger Burp Suite Professional vs Rapid7 AppSpider
Compared 8% of the time
OWASP Zap vs Rapid7 AppSpider Logo
OWASP Zap vs Rapid7 AppSpider
Compared 7% of the time
More Rapid7 AppSpider Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 16% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 9% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
Compared 4% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Rapid7 AppSpider
August 2025
Rapid7 AppSpider reportDownload Rapid7 AppSpider product report
Buyer's Guide
Veracode
August 2025
Veracode reportDownload Veracode product report
 

Also Known As

AppSpider
Crashtest Security , Veracode Detect
 

Overview

SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

Rapid7

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Microsoft
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Rapid7 AppSpider vs. Veracode
September 2025
Free Report: Rapid7 AppSpider vs. Veracode
Find out what your peers are saying about Rapid7 AppSpider vs. Veracode and other solutions. Updated: September 2025.
DOWNLOAD NOW
867,445 professionals have used our research since 2012.
See our Rapid7 AppSpider vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.