Try our new research platform with insights from 80,000+ expert users

Rapid7 Penetration Testing Services vs Veracode comparison

The compared Rapid7 and Veracode solutions aren't in the same category. Rapid7 is ranked #9 in PTS , and holds a 1.9% mindshare in the category. Veracode is ranked #2 in AS , with an average rating of 8.0, and holds a 7.7% mindshare. Additionally, 100% of Rapid7 users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
Rapid7 Penetration Testing ...
Read 1 Rapid7 Penetration Testing Services review
  • 358 Views
  • 301 Comparison Views
100% willing to recommend
Veracode
Read 204 Veracode reviews
  • 19,095 Views
  • 12,221 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Rapid7 Penetration Testing Services and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about HackerOne, Pentera, Bugcrowd and others in Penetration Testing Services.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Penetration Testing Services Report (Updated: October 2025).
Buyer's Guide
Penetration Testing Services
October 2025
Download the complete report
Helped 869,771 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Rapid7 Penetration Testing ...
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
1
Ranking in other categories
Penetration Testing Services (9th)
Veracode
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

Rapid7 Penetration Testing Services and Veracode aren’t in the same category and serve different purposes. Rapid7 Penetration Testing Services is designed for Penetration Testing Services and holds a mindshare of 1.9%, down 2.3% compared to last year.
Veracode, on the other hand, focuses on Application Security Tools, holds 7.7% mindshare, down 10.3% since last year.
Penetration Testing Services Market Share Distribution
ProductMarket Share (%)
Rapid7 Penetration Testing Services1.9%
HackerOne21.2%
Bugcrowd18.1%
Other58.8%
Penetration Testing Services
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Veracode7.7%
SonarQube Server (formerly SonarQube)20.4%
Checkmarx One10.4%
Other61.5%
Application Security Tools
 

Featured Reviews

Gabriel Woolverton - PeerSpot reviewer
Wide range of coverage and free
A useful improvement would be to have white papers for specific vulnerabilities readily available. It seems like they are not always linked when you are looking for a vulnerability identifier in the database. It would be useful to ensure that that information is readily available. That way, if you need to dive deeper into a vulnerability, you would have the capability to do so basically right there on the website.
Read full review
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The initial setup is very straightforward. This is not a tool that you have to set up yourself. All you have to do is just access their web-based vulnerability database application, which is open source and available to pretty much anyone."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"All three of Veracode's offerings are valuable: SCA, SAST, and DAST. It helps identify security loopholes right in the development phase, allowing developers to get feedback around what kind of vulnerabilities exist as soon as they check in the code or even before that in their IDE."
"Veracode has impacted our overall security posture because we are from a security background. Every week, we review the dashboards of open findings."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
More Veracode pros
 

Cons

"A useful improvement would be to have white papers for specific vulnerabilities readily available. It seems like they are not always linked when you are looking for a vulnerability identifier in the database."
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
"There should be more APIs, especially in SCA, to get some results or automate some things."
"They need to have a plug-in, a better integration with the development environment."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"On-premise implementation is not available."
"Maybe the boards could be made easier to understand or easier to customize."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
More Veracode cons
 

Pricing and Cost Advice

Information not available
"Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
"Negotiate some, but their prices are reasonable."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it."
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"I recommend going for a one-year licensing with CA, because currently they are the leaders in this field with more features and a much better turn around time with a cheaper position, but there are a lot of new companies coming up in the market and they are building up their platforms."
"Veracode has been fair. We use their SaaS solution and it's just an annual subscription."
"I believe the price is fair according to market standards."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Penetration Testing Services solutions are best for your needs.
See recommendations
869,771 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
University
12%
Financial Services Firm
12%
Computer Software Company
10%
Educational Organization
9%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities.
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
When considering pricing, Veracode stands out due to its lower cost per service and more scalable options. It offers nearly five security testing features within its own service, making it a compet...
See all answers
 

Comparisons

The NodeZero Platform vs Rapid7 Penetration Testing Services Logo
The NodeZero Platform vs Rapid7 Penetration Testing Services
Compared 100% of the time
More Rapid7 Penetration Testing Services Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 15% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 9% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 4% of the time
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
Penetration Testing Services
October 2025
Rapid7 Penetration Testing Services reportDownload Rapid7 Penetration Testing Services product report
Buyer's Guide
Veracode
September 2025
Veracode reportDownload Veracode product report
 

Also Known As

No data available
Crashtest Security , Veracode Detect
 

Overview

In security as in life, the hardest weaknesses to pinpoint are your own. Fortunately, we have no problem thoroughly documenting all of your flaws. In fact, it’s kind of our job. And that’s a good thing: Knowing your vulnerabilities—and the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program. With that in mind, Rapid7’s Penetration Testing Services team will simulate a real-world attack on your networks, applications, devices, and/or people to demonstrate the security level of your key systems and infrastructure and show you what it will take to strengthen it. Much like your mom, we don't highlight your failings because it bothers you—we do it because we care.

Rapid7

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Motorola, Liberty wines, Kaman Corporation
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Penetration Testing Services
October 2025
Download Free Report
Find out what your peers are saying about HackerOne, Pentera, Bugcrowd and others in Penetration Testing Services. Updated: October 2025.
DOWNLOAD NOW
869,771 professionals have used our research since 2012.

We monitor all Penetration Testing Services reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.